The knowledge complexity of interactive proof-systems

  title={The knowledge complexity of interactive proof-systems},
  author={Shafi Goldwasser and Silvio Micali and Charles Rackoff},
  booktitle={Symposium on the Theory of Computing},
Usually, a proof of a theorem contains more knowledge than the mere fact that the theorem is true. For instance, to prove that a graph is Hamiltonian it suffices to exhibit a Hamiltonian tour in it; however, this seems to contain more knowledge than the single bit Hamiltonian/non-Hamiltonian.In this paper a computational complexity theory of the “knowledge” contained in a proof is developed. Zero-knowledge proofs are defined as those proofs that convey no additional knowledge other than the… 

Figures from this paper

Proving a Theorem in Zero-Knowledge

  • J. Pope
  • Mathematics, Computer Science
  • 2004
It is shown that a zero-knowledge proof demonstrating knowledge of a proof is no easier than actually determining a proof of a theorem from scratch.

Proofs of membership vs. proofs of knowledge

  • G. D. CrescenzoR. Impagliazzo
  • Mathematics, Computer Science
    Proceedings. Thirteenth Annual IEEE Conference on Computational Complexity (Formerly: Structure in Complexity Theory Conference) (Cat. No.98CB36247)
  • 1998
A notion of tight relations is defined, referring to relations that capture the computational advantage communicated by a prover to a poly-time verifier in an interactive protocol.

Complexity-Theoretic Aspects of Interactive Proof Systems

This thesis will show that for any language that has a perfect zero-knowledge proof system, its complement has a short interactive protocol, which implies that there are not any perfectzero-knowledge protocols for NP-complete languages unless the polynomial-time hierarchy collapses.

A knowledge-based analysis of zero knowledge

This paper shows how interactive proof systems motivate a new notion of practical knowledge, and it formally capture and prove the intuition that the prover does not leak any knowledge of any fact (other than the fact being proven) during a zero knowledge proof.

You Can Prove So Many Things in Zero-Knowledge

A new notion is introduced, an extension of proofs of knowledge, called Proofs of Non-Zero Knowledge, as they allow a prover to convince a verifier that he knows a secret satisfying some relation, without revealing any new information about the secret or even the relation that the secret satifies with the common input.

A Logic-style Version of Interactive Proofs

It is shown that if a language L belongs to PSPACE then membership in L has polynomially long proofs in the authors' system, and this result, together with the well-known equality IP =PSPACE, shows equivalence in power between interactive proofs and polynOMially long proof in the extension of arithmetic.

Probabilistic Verification of Proofs

  • M. Sudan
  • Mathematics, Computer Science
  • 1998
This article describes some methods used to construct probabilistic verifiers for proofs of mathematical assertions that looks at a proof in only a constant number of bit positions and satisfies the following properties.

On the Composition of Zero-Knowledge Proof Systems

It is proved that three-round interactive proofs and constant-round Arthur--Merlin proofs that are black-box simulation zero-knowledge exist only for languages in BPP, and it follows that the "parallel versions" of the first interactive proofs systems presented for quadratic residuosity, graph isomorphism, and any language in NP, are not black- box simulationzero-knowledge, unless the corresponding languages are in B PP.

On the Concrete Complexity of Zero-Knowledge Proofs

It is established that circuit-based methods have the potential of producing proofs which can be used in practice, and several techniques are introduced which greatly reduce the concrete complexity of the known general methods for constructing zero-knowledge proofs.

Interactive and zero-knowledge proofs

This thesis contains a theoretical overview of interactive and zero-knowledge proofs and describes experiments with implementations of some of them, plus a test of the implementation derived from game theory.



Random self-reducibility and zero knowledge interactive proofs of possession of information

  • M. TompaH. Woll
  • Mathematics, Computer Science
    28th Annual Symposium on Foundations of Computer Science (sfcs 1987)
  • 1987
It is shown that any "random self-reducible" problem has a zero knowledge interactive proof of this sort, and new zeroknowledge interactive proofs are exhibited for "knowledge" of the factorization of an integer, nonmembership in cyclic subgroups of Zp*, and determining whether an element generates Zp*.

Perfect zero-knowledge languages can be recognized in two rounds

  • W. AielloJ. Håstad
  • Computer Science, Mathematics
    28th Annual Symposium on Foundations of Computer Science (sfcs 1987)
  • 1987
It is proved that if L admits a zeroknowledge proof then L can also be recognized by a two round interactive proof, and study complexity theoretic implications of a language having this property.

Interactive proof systems: Provers that never fail and random selection

It is shown that any language having a bounded interactive proof has one with perfect completeness and only languages in NP have interactive proofs with perfect soundness, and a new protocol for proving approximately lower bounds and "random selection" is presented.

Non-transitive transfer of confidence: A perfect zero-knowledge interactive protocol for SAT and beyond

  • G. BrassardC. Crépeau
  • Computer Science, Mathematics
    27th Annual Symposium on Foundations of Computer Science (sfcs 1986)
  • 1986
A perfect zero-knowledge interactive proof is a protocol by which Alice can convince Bob of the truth of some theorem in a way that yields no information as to how the proof might proceed (in the

A Model-Theoretic Analysis of Knowledge: Preliminary Report

Understanding knowledge is a fundamental issue in many disciplines. In computer science, knowledge arises not only in the obvious contexts (such as knowledge-based systems), but also in distributed

Private coins versus public coins in interactive proof systems

The probabilistic, nondeterministic, polynomial time Turing machine is defined and shown to be equivalent in power to the interactive proof system and to BPP much as BPP is the Probabilistic analog to P.

Proofs that yield nothing but their validity and a methodology of cryptographic protocol design

This paper demonstrates the generality and wide applicability of zero-knowledge proofs, a notion introduced by Goldwasser, Micali and Rackoff that efficiently demonstrate membership in the language without conveying any additional knowledge.

On the cunning power of cheating verifiers: Some observations about zero knowledge proofs

  • Yair Oren
  • Computer Science, Mathematics
    28th Annual Symposium on Foundations of Computer Science (sfcs 1987)
  • 1987
It is shown that randomness of both the verifier and the prover, and nontriviality of the interaction are essential properties of non-trivial auxiliary-input zero-knowledge proofs.

Communication complexity

It is shown that for any function f(n)-&-lt; n, there are languages recognizable with communication F(n) but not with communication f (n), as miniscule increments in communication add to the languages that can be recognized.

How to play ANY mental game

We present a polynomial-time algorithm that, given as a input the description of a game with incomplete information and any number of players, produces a protocol for playing the game that leaks no