TY - GEN
T1 - Query-Reusable Proof Systems
AU - Ishai, Yuval
AU - Kushilevitz, Eyal
AU - Narayanan, Varun
AU - Ostrovsky, Rafail
AU - Shah, Akash
N1 - Publisher Copyright:
© International Association for Cryptologic Research 2025.
PY - 2025
Y1 - 2025
N2 - Probabilistic proof systems such as PCPs and their zero-knowledge variants (ZK-PCPs) are central building blocks in crypto-graphic applications. In this work, we study query-reusable proof systems where the verifier can sample its queries once and use them to verify any polynomial number of proofs. In this reusable setting, sound-ness should still hold even if the prover can learn the verifier’s decision (accept or reject) on many badly formed proofs. Our study is motivated by attractive features of designated-verifier NIZK systems that combine a query-reusable (honest-verifier) ZK-PCP with symmetric encryption. The reusability of ZK-PCP was studied by Chase et al. (Crypto 2019), who obtained a limited negative result for ZK-PCP with a special simulator. This left the question open for unrestricted ZK-PCP. We essentially settle this question by showing a negative result for statistical ZK-PCP (alternatively, PCP with sublinear query complexity) under standard complexity theoretic assumptions. We complement this with a positive result, showing that if either soundness or ZK are computational, queryreusable ZK-PCPs that do not meet the special simulation requirement of Chase et al. follow from standard cryptographic assumptions. Finally, we study the relaxed notion of bounded query reusability, where the prover is allowed to interact with the verifier over a bounded number of epochs by issuing a batch of polynomially many proofs in each epoch and learning the verifier’s decisions. We obtain a nearly tight characterization of the number of queries required for r-epoch reusability.
AB - Probabilistic proof systems such as PCPs and their zero-knowledge variants (ZK-PCPs) are central building blocks in crypto-graphic applications. In this work, we study query-reusable proof systems where the verifier can sample its queries once and use them to verify any polynomial number of proofs. In this reusable setting, sound-ness should still hold even if the prover can learn the verifier’s decision (accept or reject) on many badly formed proofs. Our study is motivated by attractive features of designated-verifier NIZK systems that combine a query-reusable (honest-verifier) ZK-PCP with symmetric encryption. The reusability of ZK-PCP was studied by Chase et al. (Crypto 2019), who obtained a limited negative result for ZK-PCP with a special simulator. This left the question open for unrestricted ZK-PCP. We essentially settle this question by showing a negative result for statistical ZK-PCP (alternatively, PCP with sublinear query complexity) under standard complexity theoretic assumptions. We complement this with a positive result, showing that if either soundness or ZK are computational, queryreusable ZK-PCPs that do not meet the special simulation requirement of Chase et al. follow from standard cryptographic assumptions. Finally, we study the relaxed notion of bounded query reusability, where the prover is allowed to interact with the verifier over a bounded number of epochs by issuing a batch of polynomially many proofs in each epoch and learning the verifier’s decisions. We obtain a nearly tight characterization of the number of queries required for r-epoch reusability.
UR - https://www.scopus.com/pages/publications/105010292179
U2 - 10.1007/978-3-031-91134-7_12
DO - 10.1007/978-3-031-91134-7_12
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:105010292179
SN - 9783031911330
T3 - Lecture Notes in Computer Science
SP - 333
EP - 362
BT - Advances in Cryptology – EUROCRYPT 2025 - 44th Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2025, Proceedings
A2 - Fehr, Serge
A2 - Fouque, Pierre-Alain
T2 - 44th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2025
Y2 - 4 May 2025 through 8 May 2025
ER -