# The knowledge complexity of interactive proof-systems

@inproceedings{Goldwasser1985TheKC, title={The knowledge complexity of interactive proof-systems}, author={Shafi Goldwasser and Silvio Micali and Charles Rackoff}, booktitle={Symposium on the Theory of Computing}, year={1985} }

Usually, a proof of a theorem contains more knowledge than the mere fact that the theorem is true. For instance, to prove that a graph is Hamiltonian it suffices to exhibit a Hamiltonian tour in it; however, this seems to contain more knowledge than the single bit Hamiltonian/non-Hamiltonian.In this paper a computational complexity theory of the “knowledge” contained in a proof is developed. Zero-knowledge proofs are defined as those proofs that convey no additional knowledge other than the…

## 3,975 Citations

### Proving a Theorem in Zero-Knowledge

- Mathematics, Computer Science
- 2004

It is shown that a zero-knowledge proof demonstrating knowledge of a proof is no easier than actually determining a proof of a theorem from scratch.

### Proofs of membership vs. proofs of knowledge

- Mathematics, Computer ScienceProceedings. Thirteenth Annual IEEE Conference on Computational Complexity (Formerly: Structure in Complexity Theory Conference) (Cat. No.98CB36247)
- 1998

A notion of tight relations is defined, referring to relations that capture the computational advantage communicated by a prover to a poly-time verifier in an interactive protocol.

### Complexity-Theoretic Aspects of Interactive Proof Systems

- Computer Science, Mathematics
- 1989

This thesis will show that for any language that has a perfect zero-knowledge proof system, its complement has a short interactive protocol, which implies that there are not any perfectzero-knowledge protocols for NP-complete languages unless the polynomial-time hierarchy collapses.

### A knowledge-based analysis of zero knowledge

- Computer Science, MathematicsSTOC '88
- 1988

This paper shows how interactive proof systems motivate a new notion of practical knowledge, and it formally capture and prove the intuition that the prover does not leak any knowledge of any fact (other than the fact being proven) during a zero knowledge proof.

### You Can Prove So Many Things in Zero-Knowledge

- Mathematics, Computer ScienceCISC
- 2005

A new notion is introduced, an extension of proofs of knowledge, called Proofs of Non-Zero Knowledge, as they allow a prover to convince a verifier that he knows a secret satisfying some relation, without revealing any new information about the secret or even the relation that the secret satifies with the common input.

### A Logic-style Version of Interactive Proofs

- Mathematics, Computer Science
- 1996

It is shown that if a language L belongs to PSPACE then membership in L has polynomially long proofs in the authors' system, and this result, together with the well-known equality IP =PSPACE, shows equivalence in power between interactive proofs and polynOMially long proof in the extension of arithmetic.

### Probabilistic Verification of Proofs

- Mathematics, Computer Science
- 1998

This article describes some methods used to construct probabilistic verifiers for proofs of mathematical assertions that looks at a proof in only a constant number of bit positions and satisfies the following properties.

### On the Composition of Zero-Knowledge Proof Systems

- Mathematics, Computer ScienceICALP
- 1990

It is proved that three-round interactive proofs and constant-round Arthur--Merlin proofs that are black-box simulation zero-knowledge exist only for languages in BPP, and it follows that the "parallel versions" of the first interactive proofs systems presented for quadratic residuosity, graph isomorphism, and any language in NP, are not black- box simulationzero-knowledge, unless the corresponding languages are in B PP.

### On the Concrete Complexity of Zero-Knowledge Proofs

- Computer Science, MathematicsCRYPTO
- 1989

It is established that circuit-based methods have the potential of producing proofs which can be used in practice, and several techniques are introduced which greatly reduce the concrete complexity of the known general methods for constructing zero-knowledge proofs.

### Interactive and zero-knowledge proofs

- Mathematics, Computer Science
- 1999

This thesis contains a theoretical overview of interactive and zero-knowledge proofs and describes experiments with implementations of some of them, plus a test of the implementation derived from game theory.

## References

SHOWING 1-10 OF 48 REFERENCES

### Random self-reducibility and zero knowledge interactive proofs of possession of information

- Mathematics, Computer Science28th Annual Symposium on Foundations of Computer Science (sfcs 1987)
- 1987

It is shown that any "random self-reducible" problem has a zero knowledge interactive proof of this sort, and new zeroknowledge interactive proofs are exhibited for "knowledge" of the factorization of an integer, nonmembership in cyclic subgroups of Zp*, and determining whether an element generates Zp*.

### Perfect zero-knowledge languages can be recognized in two rounds

- Computer Science, Mathematics28th Annual Symposium on Foundations of Computer Science (sfcs 1987)
- 1987

It is proved that if L admits a zeroknowledge proof then L can also be recognized by a two round interactive proof, and study complexity theoretic implications of a language having this property.

### Interactive proof systems: Provers that never fail and random selection

- Computer Science, Mathematics28th Annual Symposium on Foundations of Computer Science (sfcs 1987)
- 1987

It is shown that any language having a bounded interactive proof has one with perfect completeness and only languages in NP have interactive proofs with perfect soundness, and a new protocol for proving approximately lower bounds and "random selection" is presented.

### Non-transitive transfer of confidence: A perfect zero-knowledge interactive protocol for SAT and beyond

- Computer Science, Mathematics27th Annual Symposium on Foundations of Computer Science (sfcs 1986)
- 1986

A perfect zero-knowledge interactive proof is a protocol by which Alice can convince Bob of the truth of some theorem in a way that yields no information as to how the proof might proceed (in the…

### A Model-Theoretic Analysis of Knowledge: Preliminary Report

- Computer ScienceFOCS
- 1984

Understanding knowledge is a fundamental issue in many disciplines. In computer science, knowledge arises not only in the obvious contexts (such as knowledge-based systems), but also in distributed…

### Private coins versus public coins in interactive proof systems

- Computer ScienceSTOC '86
- 1986

The probabilistic, nondeterministic, polynomial time Turing machine is defined and shown to be equivalent in power to the interactive proof system and to BPP much as BPP is the Probabilistic analog to P.

### Proofs that yield nothing but their validity and a methodology of cryptographic protocol design

- Computer Science, Mathematics27th Annual Symposium on Foundations of Computer Science (sfcs 1986)
- 1986

This paper demonstrates the generality and wide applicability of zero-knowledge proofs, a notion introduced by Goldwasser, Micali and Rackoff that efficiently demonstrate membership in the language without conveying any additional knowledge.

### On the cunning power of cheating verifiers: Some observations about zero knowledge proofs

- Computer Science, Mathematics28th Annual Symposium on Foundations of Computer Science (sfcs 1987)
- 1987

It is shown that randomness of both the verifier and the prover, and nontriviality of the interaction are essential properties of non-trivial auxiliary-input zero-knowledge proofs.

### Communication complexity

- LinguisticsSTOC '82
- 1982

It is shown that for any function f(n)-&-lt; n, there are languages recognizable with communication F(n) but not with communication f (n), as miniscule increments in communication add to the languages that can be recognized.

### How to play ANY mental game

- Computer Science, MathematicsSTOC
- 1987

We present a polynomial-time algorithm that, given as a input the description of a game with incomplete information and any number of players, produces a protocol for playing the game that leaks no…