TY - GEN
T1 - Rate-1 Zero-Knowledge Proofs from One-Way Functions
AU - Athamnah, Noor
AU - Florentz – Konopnicki, Eden
AU - Rothblum, Ron D.
N1 - Publisher Copyright:
© International Association for Cryptologic Research 2025.
PY - 2025
Y1 - 2025
N2 - We show that every NP relation that can be verified by a bounded-depth polynomial-sized circuit, or a bounded-space polynomial-time algorithm, has a computational zero-knowledge proof (with statistical soundness) with communication that is only additively larger than the witness length. Our construction relies only on the minimal assumption that one-way functions exist. In more detail, assuming one-way functions, we show that every NP relation that can be verified in NC has a zero-knowledge proof with communication |w|+poly(λ,log(|x|)) and relations that can be verified in SC have a zero-knowledge proof with communication |w|+|x|ε·poly(λ). Here ε>0 is an arbitrarily small constant and λ denotes the security parameter. As an immediate corollary, we also get that anyNP relation, with a size S verification circuit (using unbounded fan-in XOR, AND and OR gates), has a zero-knowledge proof with communication S+poly(λ,log(S)). Our result improves on a recent result of Nassar and Rothblum (Crypto, 2022), which achieves length (1+ε)·|w|+|x|ε·poly(λ) for bounded-space computations, and is also considerably simpler. Building on a work of Hazay et al. (TCC 2023), we also give a more complicated version of our result in which the parties only make a black-box use of the one-way function, but in this case we achieve only an inverse polynomial soundness error.
AB - We show that every NP relation that can be verified by a bounded-depth polynomial-sized circuit, or a bounded-space polynomial-time algorithm, has a computational zero-knowledge proof (with statistical soundness) with communication that is only additively larger than the witness length. Our construction relies only on the minimal assumption that one-way functions exist. In more detail, assuming one-way functions, we show that every NP relation that can be verified in NC has a zero-knowledge proof with communication |w|+poly(λ,log(|x|)) and relations that can be verified in SC have a zero-knowledge proof with communication |w|+|x|ε·poly(λ). Here ε>0 is an arbitrarily small constant and λ denotes the security parameter. As an immediate corollary, we also get that anyNP relation, with a size S verification circuit (using unbounded fan-in XOR, AND and OR gates), has a zero-knowledge proof with communication S+poly(λ,log(S)). Our result improves on a recent result of Nassar and Rothblum (Crypto, 2022), which achieves length (1+ε)·|w|+|x|ε·poly(λ) for bounded-space computations, and is also considerably simpler. Building on a work of Hazay et al. (TCC 2023), we also give a more complicated version of our result in which the parties only make a black-box use of the one-way function, but in this case we achieve only an inverse polynomial soundness error.
UR - https://www.scopus.com/pages/publications/85211897106
U2 - 10.1007/978-3-031-78011-0_11
DO - 10.1007/978-3-031-78011-0_11
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:85211897106
SN - 9783031780103
T3 - Lecture Notes in Computer Science
SP - 319
EP - 350
BT - Theory of Cryptography - 22nd International Conference, TCC 2024, Proceedings
A2 - Boyle, Elette
A2 - Boyle, Elette
A2 - Mahmoody, Mohammad
T2 - 22nd Theory of Cryptography Conference, TCC 2024
Y2 - 2 December 2024 through 6 December 2024
ER -