Abstract
In this paper we investigate some properties of zero-knowledge proofs, a notion introduced by Goldwasser, Micali, and Rackoff. We introduce and classify two definitions of zero-knowledge: auxiliary-input zero-knowledge and blackbox-simulation zero-knowledge. We explain why auxiliary-input zero-knowledge is a definition more suitable for cryptographic applications than the original [GMR1] definition. In particular, we show that any protocol solely composed of subprotocols which are auxiliary-input zero-knowledge is itself auxiliary-input zero-knowledge. We show that blackbox-simulation zero-knowledge implies auxiliary-input zero-knowledge (which in turn implies the [GMR1] definition). We argue that all known zero-knowledge proofs are in fact blackbox-simulation zero-knowledge (i.e., we proved zero-knowledge using blackbox-simulation of the verifier). As a result, all known zero-knowledge proof systems are shown to be auxiliary-input zero-knowledge and can be used for cryptographic applications such as those in [GMW2].
We demonstrate the triviality of certain classes of zero-knowledge proof systems, in the sense that only languages in BPP have zero-knowledge proofs of these classes. In particular, we show that any language having a Las Vegas zero-knowledge proof system necessarily belongs to RP. We show that randomness of both the verifier and the prover, and nontriviality of the interaction are essential properties of (nontrivial) auxiliary-input zero-knowledge proofs.
Article PDF
Similar content being viewed by others
References
Aiello, W., and J. Hastad, Perfect Zero-Knowledge Languages Can Be Recognized in Two Rounds, Proc. 28th FOCS, 1987, pp. 439–448.
Aiello, W., and J. Hastad, Relativized Perfect Zero-Knowledge Is Not BPP, Inform. and Comput., Vol. 93, 1992, pp. 223–240.
Babai, L., Trading Group Theory for Randomness, Proc. 17th STOC, 1985, pp. 421–429.
Brassard, G., D. Chaum, and C. Crepeau, Minimum Disclosure Proofs of Knowledge, J. Comput. System Sci., Vol. 37, No. 2, Oct. 1988, pp. 156–189.
Feige, U., and A. Shamir, Personal communication.
Fortnow, L., The Complexity of Perfect Zero-Knowledge, Proc. 19th STOC, 1987, pp. 204–209.
Goldreich, O., S. Goldwasser, and S. Micali, How To Construct Random Functions, J. Assoc. Comput. Mach., Vol. 33, No. 4, 1986, pp. 792–807.
Goldreich, O., and H. Krawczyk, On the Composition of Zero-Knowledge Proof Systems, Proc. 17th ICALP, Lecture Notes in Computer Science, Vol. 443, Springer-Verlag, Berlin, 1990, pp. 268–282.
Goldreich, O., Y. Mansour, and M. Sipser, Interactive Proof Systems: Provers that Never Fail and Random Selection, Proc 28th FOCS, 1987, pp. 449–461.
Goldreich, O., S. Micali, and A. Wigderson, Proofs that Yield Nothing but their Validity and a Methodology of Cryptographic Protocol Design, Proc. 27th FOCS, 1986, pp. 174–187.
Goldreich, O., S. Micali, and A. Wigderson, How to Play any Mental Game or a Completeness Theorem for Protocols with Honest Majority, Proc. 19th STOC, 1987, pp. 218–229.
Goldwasser, S., and S. Micali, Probabilistic Encryption, J. Comput. System Sci., Vol. 28, No. 2, 1984, pp. 270–299.
Goldwasser, S., S. Micali, and C. Rackoff, Knowledge Complexity of Interactive Proofs, Proc. 17th STOC, 1985, pp. 291–304.
Goldwasser, S., S. Micali, and C. Rackoff, The Knowledge Complexity of Interactive Proof Systems, SIAM J. Comput., Vol. 18, No. 1, 1989, pp. 186–208.
Goldwasser, S., and M. Sipser, Arthur Merlin Games Versus Interactive Proof Systems, Proc. 18th STOC, 1986, pp. 59–68.
Impagliazzo, R., and Yung, M., Direct Minimum-Knowledge Computations, Advances in Cryptology—Crypto 87 (proceedings), Lecture Notes in Computer Science, Vol. 293, Springer-Verlag, Berlin, 1987, pp. 40–51.
Oren, Y., Properties of Zero-Knowledge Proofs, M.Sc. Thesis, Computer Science Department, Technion, Haifa, Nov. 1987 (in Hebrew).
Oren, Y., On the Cunning Power of Cheating Verifiers: Some Observations about Zero-Knowledge Proofs, Proc. 28th FOCS, 1987, pp. 462–471.
A. Shamir, IP = PSPACE, Proc. 31st FOCS, 1990, pp. 11–15.
Tompa, M., and H. Woll, Random Self-Reducibility and Zero-Knowledge Interactive Proofs of Possession of Information, Proc. 28th FOCS, 1987, pp. 472–482.
Yao, A. C., Theory and Applications of Trapdoor Functions, Proc. 23rd FOCS, 1982, pp. 80–91.
Author information
Authors and Affiliations
Additional information
Communicated by Shafi Goldwasser
This research was partially supported by the Fund for Basic Research Administered by the Israeli Academy of Sciences and Humanities. Preliminary versions of this work have appeared in [O1] and [O2].
Rights and permissions
About this article
Cite this article
Goldreich, O., Oren, Y. Definitions and properties of zero-knowledge proof systems. J. Cryptology 7, 1–32 (1994). https://doi.org/10.1007/BF00195207
Received:
Revised:
Issue Date:
DOI: https://doi.org/10.1007/BF00195207