TY - GEN
T1 - On efficient zero-knowledge PCPs
AU - Ishai, Yuval
AU - Mahmoody, Mohammad
AU - Sahai, Amit
PY - 2012
Y1 - 2012
N2 - We revisit the question of Zero-Knowledge PCPs, studied by Kilian, Petrank, and Tardos (STOC '97). A ZK-PCP is defined similarly to a standard PCP, except that the view of any (possibly malicious) verifier can be efficiently simulated up to a small statistical distance. Kilian et al.obtained a ZK-PCP for NEXP in which the proof oracle is in EXPNP. They also obtained a ZK-PCP for NP in which the proof oracle is computable in polynomial-time, but this ZK-PCP is only zero-knowledge against bounded-query verifiers who make at most an a priori fixed polynomial number of queries. The existence of ZK-PCPs for NP with efficient oracles and arbitrary polynomial-time malicious verifiers was left open. This question is motivated by the recent line of work on cryptography using tamper-proof hardware tokens: an efficient ZK-PCP (for any language) is equivalent to a statistical zero-knowledge proof using only a single stateless token sent to the verifier. We obtain the following results regarding efficient ZK-PCPs: Negative Result on Efficient ZK-PCPs. Assuming that the polynomial time hierarchy does not collapse, we settle the above question in the negative for ZK-PCPs in which the verifier is nonadaptive (i.e. the queries only depend on the input and secret randomness but not on the PCP answers). Simplifying Bounded-Query ZK-PCPs. The bounded-query zero-knowledge PCP of Kilian et al. starts from a weakly-sound bounded-query ZK-PCP of Dwork et al. (CRYPTO '92) and amplifies its soundness by introducing and constructing a new primitive called locking scheme - an unconditional oracle-based analogue of a commitment scheme. We simplify the ZK-PCP of Kilian et al. by presenting an elementary new construction of locking schemes. Our locking scheme is purely combinatorial. Black-Box Sublinear ZK Arguments via ZK-PCPs. Kilian used PCPs to construct sublinear-communication zero-knowledge arguments for NP which make a non-black-box use of collision-resistant hash functions (STOC '92). We show that ZK-PCPs can be used to get black-box variants of this result with improved round complexity, as well as an unconditional zero-knowledge variant of Micali's non-interactive CS Proofs (FOCS '94) in the Random Oracle Model.
AB - We revisit the question of Zero-Knowledge PCPs, studied by Kilian, Petrank, and Tardos (STOC '97). A ZK-PCP is defined similarly to a standard PCP, except that the view of any (possibly malicious) verifier can be efficiently simulated up to a small statistical distance. Kilian et al.obtained a ZK-PCP for NEXP in which the proof oracle is in EXPNP. They also obtained a ZK-PCP for NP in which the proof oracle is computable in polynomial-time, but this ZK-PCP is only zero-knowledge against bounded-query verifiers who make at most an a priori fixed polynomial number of queries. The existence of ZK-PCPs for NP with efficient oracles and arbitrary polynomial-time malicious verifiers was left open. This question is motivated by the recent line of work on cryptography using tamper-proof hardware tokens: an efficient ZK-PCP (for any language) is equivalent to a statistical zero-knowledge proof using only a single stateless token sent to the verifier. We obtain the following results regarding efficient ZK-PCPs: Negative Result on Efficient ZK-PCPs. Assuming that the polynomial time hierarchy does not collapse, we settle the above question in the negative for ZK-PCPs in which the verifier is nonadaptive (i.e. the queries only depend on the input and secret randomness but not on the PCP answers). Simplifying Bounded-Query ZK-PCPs. The bounded-query zero-knowledge PCP of Kilian et al. starts from a weakly-sound bounded-query ZK-PCP of Dwork et al. (CRYPTO '92) and amplifies its soundness by introducing and constructing a new primitive called locking scheme - an unconditional oracle-based analogue of a commitment scheme. We simplify the ZK-PCP of Kilian et al. by presenting an elementary new construction of locking schemes. Our locking scheme is purely combinatorial. Black-Box Sublinear ZK Arguments via ZK-PCPs. Kilian used PCPs to construct sublinear-communication zero-knowledge arguments for NP which make a non-black-box use of collision-resistant hash functions (STOC '92). We show that ZK-PCPs can be used to get black-box variants of this result with improved round complexity, as well as an unconditional zero-knowledge variant of Micali's non-interactive CS Proofs (FOCS '94) in the Random Oracle Model.
KW - Arthur Merlin Games
KW - Probabilistically Checkable Proofs
KW - Sublinear Arguments
KW - Tamper-Proof Tokens
KW - Zero-Knowledge
UR - http://www.scopus.com/inward/record.url?scp=84858315983&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-28914-9_9
DO - 10.1007/978-3-642-28914-9_9
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:84858315983
SN - 9783642289132
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 151
EP - 168
BT - Theory of Cryptography - 9th Theory of Cryptography Conference, TCC 2012, Proceedings
T2 - 9th Theory of Cryptography Conference, TCC 2012
Y2 - 19 March 2012 through 21 March 2012
ER -