Abstract
Statistical Zero-knowledge proofs (Goldwasser et al. in SICOMP: SIAM J Comput, 1989) allow a computationally unbounded server to convince a computationally limited client that an input x is in a language \({\Pi}\) without revealing any additional information about x that the client cannot compute by herself. Randomized encoding (RE) of functions (Ishai & Kushilevitz in FOCS 2000) allows a computationally limited client to publish a single (randomized) message, \({{\rm Enc}(x)}\), from which the server learns whether x is in \({\Pi}\) and nothing else.
It is known that \({\mathcal{SRE}}\), the class of problems that admit statistically private randomized encoding with polynomial-time client and computationally unbounded server, is contained in the class \({\mathcal{SZK}}\) of problems that have statistical zero-knowledge proof. However, the exact relation between these two classes, and, in particular, the possibility of equivalence was left as an open problem.
In this paper, we explore the relationship between \({\mathcal{SRE}}\) and \({\mathcal{SZK}}\), and derive the following results:
-
○
In a non-uniform setting, statistical randomized encoding with one-side privacy (\({\mathcal{1RE}}\)) is equivalent to non-interactive statistical zero-knowledge (\({\mathcal{NISZK}}\)). These variants were studied in the past as natural relaxation/strengthening of the original notions. Our theorem shows that proving \(\mathcal{SRE}=\mathcal{SZK}\)is equivalent to showing that \({\mathcal{1RE} = \mathcal{SRE}}\) and \({\mathcal{SZK} = \mathcal{NISZK}}\). The latter is a well-known open problem (Goldreich et al. in CCC 1999).
-
○
If \({\mathcal{SRE}}\) is non-trivial (not in \({\mathcal{BPP}}\)), then infinitely often one-way functions exist. The analog hypothesis for \({\mathcal{SZK}}\) yields only auxiliary-input one-way functions (Ostrovsky in Sixth Annual Structure in Complexity Theory Conference 1991), which is believed to be a significantly weaker notion.
-
○
If there exists an average-case hard language with perfect randomized encoding, then collision-resistance hash functions (CRH) exist. Again, a similar assumption for \({\mathcal{SZK}}\) implies only constant-round statistically hiding commitments, a primitive which seems weaker than CRH.
We believe that our results sharpen the relationship between \({\mathcal{SRE}}\) and \({\mathcal{SZK}}\) and illuminates the core differences between these two classes.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Shweta Agrawal, Yuval Ishai, Dakshita Khurana & Anat Paskin-Cherniavsky (2015). Statistical Randomized Encodings: A Complexity Theoretic View. In Automata, Languages, and Programming—42nd International Colloquium, ICALP 2015, Kyoto, Japan, July 6–10, 2015, Proceedings, Part I, Magnús M. Halldórsson, Kazuo Iwama, Naoki Kobayashi & Bettina Speckmann, editors, volume 9134 of Lecture Notes in Computer Science, 1–13. Springer. ISBN 978-3-662-47671-0. http://dx.doi.org/10.1007/978-3-662-47672-7_1
William Aiello & Johan Håstad (1987). Perfect Zero-Knowledge Languages Can Be Recognized in Two Rounds. In 28th Annual Symposium on Foundations of Computer Science, Los Angeles, California, USA, 27–29 October 1987, 439–448. IEEE Computer Society. ISBN 0-8186-0807-2. http://dx.doi.org/10.1109/SFCS.1987.47
Applebaum, Benny: Cryptography in Constant Parallel Time. Springer, Information Security and Cryptography (2014). ISBN 978-3-642-17366-0. http://dx.doi.org/10.1007/978-3-642-17367-7
Benny Applebaum (2017). Garbled Circuits as Randomized Encodings of Functions: a Primer. In Tutorials on the Foundations of Cryptography., Yehuda Lindell, editor, 1–44. Springer International Publishing. ISBN 978-3-319-57047-1. https://doi.org/10.1007/978-3-319-57048-8_1
Benny Applebaum, Yuval Ishai & Eyal Kushilevitz (2004). Cryptography in \(\text{NC}^{0}\). In 45th Symposium on Foundations of Computer Science (FOCS 2004), 17–19 October 2004, Rome, Italy, Proceedings, 166–175. IEEE Computer Society. ISBN 0-7695-2228-9. http://dx.doi.org/10.1109/FOCS.2004.20
Benny Applebaum, Yuval Ishai & Eyal Kushilevitz (2005). Computationally Private Randomizing Polynomials and Their Applications. In 20th Annual IEEE Conference on Computational Complexity (CCC 2005), 11–15 June 2005, San Jose, CA, USA, 260–274. IEEE Computer Society. ISBN 0-7695-2364-1. http://dx.doi.org/10.1109/CCC.2005.9
Benny Applebaum, Yuval Ishai & Eyal Kushilevitz (2018). Minimizing Locality of One-Way Functions via Semi-private Randomized Encodings. J. Cryptology 31(1), 1–22. https://doi.org/10.1007/s00145-016-9244-6
Benny Applebaum & Pavel Raykov (2016). On the Relationship Between Statistical Zero-Knowledge and Statistical Randomized Encodings. In Advances in Cryptology—CRYPTO 2016—36th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 14–18, 2016, Proceedings, Part III, Matthew Robshaw & Jonathan Katz, editors, volume 9816 of Lecture Notes in Computer Science, 449–477. Springer. ISBN 978-3-662-53014-6. https://doi.org/10.1007/978-3-662-53015-3_16
Benny Applebaum & Pavel Raykov (2017). From Private Simultaneous Messages to Zero-Information Arthur-Merlin Protocols and Back. J. Cryptology 30(4), 961–988. https://doi.org/10.1007/s00145-016-9239-3
Manuel Blum, Paul Feldman & Silvio Micali (1988). Non-Interactive Zero-Knowledge and Its Applications (Extended Abstract). In Proceedings of the 20th Annual ACM Symposium on Theory of Computing, May 2–4, 1988, Chicago, Illinois, USA, Janos Simon, editor, 103–112. ACM. ISBN 0-89791-264-0. http://doi.acm.org/10.1145/62212.62222
Manuel Blum, Alfredo De Santis, Silvio Micali & Giuseppe Persiano (1991). Noninteractive Zero-Knowledge. SIAM J. Comput. 20(6), 1084–1118. http://dx.doi.org/10.1137/0220068
Jørgen Brandt, Ivan Damgård, Peter Landrock & Torben P. Pedersen (1988). Zero-Knowledge Authentication Scheme with Secret Key Exchange (Extended Abstract). In Advances in Cryptology—CRYPTO '88, 8th Annual International Cryptology Conference, Santa Barbara, California, USA, August 21–25, 1988, Proceedings, Shafi Goldwasser, editor, volume 403 of Lecture Notes in Computer Science, 583–588. Springer. ISBN 3-540-97196-3. http://dx.doi.org/10.1007/0-387-34799-2_43
Larry Carter & Mark N. Wegman (1979). Universal classes of hash functions. Journal of Computer and System Sciences 18(2), 143–154. http://portal.acm.org/citation.cfm?doid=800105.803400. Preliminary version appeared in STOC '77
André Chailloux, Dragos Florin Ciocan, Iordanis Kerenidis & Salil P. Vadhan (2008). Interactive and Noninteractive Zero Knowledge are Equivalent in the Help Model. In Theory of Cryptography, Fifth Theory of Cryptography Conference, TCC 2008, New York, USA, March 19–21, 2008., Ran Canetti, editor, volume 4948 of Lecture Notes in Computer Science, 501–534. Springer. ISBN 978-3-540-78523-1. http://dx.doi.org/10.1007/978-3-540-78524-8_28
Richard Chang, Benny Chor, Oded Goldreich, Juris Hartmanis, Johan Håstad, Desh Ranjan & Pankaj Rohatgi (1994). The Random Oracle Hypothesis Is False. J. Comput. Syst. Sci. 49(1), 24–39. http://dx.doi.org/10.1016/S0022-0000(05)80084-4
Ivan Damgård (1987). Collision Free Hash Functions and Public Key Signature Schemes. In Advances in Cryptology—EUROCRYPT '87, Workshop on the Theory and Application of Cryptographic Techniques, Amsterdam, The Netherlands, April 13–15, 1987, Proceedings, David Chaum & Wyn L. Price, editors, volume 304 of Lecture Notes in Computer Science, 203–216. Springer. ISBN 3-540-19102-X. http://dx.doi.org/10.1007/3-540-39118-5_19
Ivan Damgård (2000). Efficient Concurrent Zero-Knowledge in the Auxiliary String Model. In Advances in Cryptology—EUROCRYPT 2000, International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14–18, 2000, Proceeding, Bart Preneel, editor, volume 1807 of Lecture Notes in Computer Science, 418–430. Springer. ISBN 3-540-67517-5. http://dx.doi.org/10.1007/3-540-45539-6_30
Shimon Even, Alan L. Selman & Yacov Yacobi (1984). The Complexity of Promise Problems with Applications to Public-key Cryptography. Inf. Control 61(2), 159–173. ISSN 0019-9958. http://dx.doi.org/10.1016/S0019-9958(84)80056-X
Uriel Feige, Joe Kilian & Moni Naor (1994). A minimal model for secure computation (extended abstract). In Proceedings of the Twenty-Sixth Annual ACM Symposium on Theory of Computing, 23–25 May 1994, Montréal, Québec, Canada, Frank Thomson Leighton & Michael T. Goodrich, editors, 554–563. ACM. ISBN 0-89791-663-8. http://doi.acm.org/10.1145/195058.195408
Goldreich, Oded: The Foundations of Cryptography-Volume 1. Cambridge University Press, Basic Techniques (2001). ISBN 0-521-79172-3
Oded Goldreich (2006). On Promise Problems: A Survey. In Theoretical Computer Science, Essays in Memory of Shimon Even, Oded Goldreich, Arnold L. Rosenberg & Alan L. Selman, editors, volume 3895 of Lecture Notes in Computer Science, 254–290. Springer. ISBN 3-540-32880-7. http://dx.doi.org/10.1007/11685654_12
Oded Goldreich, Silvio Micali & Avi Wigderson (1991). Proofs that Yield Nothing But Their Validity for All Languages in NP Have Zero-Knowledge Proof Systems. J. ACM 38(3), 691–729. http://doi.acm.org/10.1145/116825.116852
Oded Goldreich, Amit Sahai & Salil P. Vadhan (1999). Can Statistical Zero Knowledge Be Made Non-interactive? or On the Relationship of SZK and NISZK. In Advances in Cryptology—CRYPTO '99, 19th Annual International Cryptology Conference, Santa Barbara, California, USA, August 15–19, 1999, Proceedings, Michael J. Wiener, editor, volume 1666 of Lecture Notes in Computer Science, 467–484. Springer. ISBN 3-540-66347-9. http://dx.doi.org/10.1007/3-540-48405-1_30
Oded Goldreich & Salil P. Vadhan (1999). Comparing Entropies in Statistical Zero Knowledge with Applications to the Structure of SZK. In Proceedings of the 14th Annual IEEE Conference on Computational Complexity, Atlanta, Georgia, USA, May 4–6, 1999, 54. IEEE Computer Society. ISBN 0-7695-0075-7. http://doi.ieeecomputersociety.org/10.1109/CCC.1999.766262
Goldwasser, Micali & Rackoff (1989). The Knowledge Complexity of Interactive Proof Systems. SICOMP: SIAM Journal on Computing 18
Shafi Goldwasser, Silvio Micali & Ronald L. Rivest (1988). A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks. SIAM J. Comput. 17(2), 281–308. http://dx.doi.org/10.1137/0217017
Mika Göös, Toniann Pitassi & Thomas Watson (2015). Zero-Information Protocols and Unambiguity in Arthur-Merlin Communication. In Proceedings of the 2015 Conference on Innovations in Theoretical Computer Science, ITCS 2015, Rehovot, Israel, January 11–13, 2015, Tim Roughgarden, editor, 113–122. ACM. ISBN 978-1-4503-3333-7. http://doi.acm.org/10.1145/2688073.2688074
Danny Gutfreund & Michael Ben-Or (2000). Increasing the Power of the Dealer in Non-interactive Zero-Knowledge Proof Systems. In Advances in Cryptology—ASIACRYPT 2000, 6th International Conference on the Theory and Application of Cryptology and Information Security, Kyoto, Japan, December 3–7, 2000, Proceedings, Tatsuaki Okamoto, editor, volume 1976 of Lecture Notes in Computer Science, 429–442. Springer. ISBN 3-540-41404-5. http://dx.doi.org/10.1007/3-540-44448-3_33
Iftach Haitner, Jonathan J. Hoch, Omer Reingold & Gil Segev (2015). Finding Collisions in Interactive Protocols—Tight Lower Bounds on the Round and Communication Complexities of Statistically Hiding Commitments. SIAM J. Comput. 44(1), 193–242. http://dx.doi.org/10.1137/130938438
Russell Impagliazzo, Leonid A. Levin & Michael Luby (1989). Pseudo-random Generation from one-way functions (Extended Abstracts). In Proceedings of the 21st Annual ACM Symposium on Theory of Computing, May 14–17, 1989, Seattle, Washigton, USA, David S. Johnson, editor, 12–24. ACM. ISBN 0-89791-307-8. http://doi.acm.org/10.1145/73007.73009
Russell Impagliazzo & Michael Luby (1989). One-way Functions are Essential for Complexity Based Cryptography (Extended Abstract). In 30th Annual Symposium on Foundations of Computer Science, Research Triangle Park, North Carolina, USA, 30 October–1 November 1989, 230–235. IEEE Computer Society. ISBN 0-8186-1982-1. http://dx.doi.org/10.1109/SFCS.1989.63483
Yuval Ishai (2013). Randomization Techniques for Secure Computation. In Secure Multi-Party Computation, Manoj Prabhakaran & Amit Sahai, editors, volume 10 of Cryptology and Information Security Series, 222–248. IOS Press. ISBN 978-1-61499-168-7. http://dx.doi.org/10.3233/978-1-61499-169-4-222
Yuval Ishai & Eyal Kushilevitz (2000). Randomizing Polynomials: A New Representation with Applications to Round-Efficient Secure Computation. In 41st Annual Symposium on Foundations of Computer Science, FOCS 2000, 12–14 November 2000, Redondo Beach, California, USA, 294–304. IEEE Computer Society. ISBN 0-7695-0850-2. http://dx.doi.org/10.1109/SFCS.2000.892118
Tatsuaki Okamoto (2000). On Relationships between Statistical Zero-Knowledge Proofs. J. Comput. Syst. Sci. 60(1), 47–108. http://dx.doi.org/10.1006/jcss.1999.1664
Shien Jin Ong & Salil P. Vadhan (2008). An Equivalence Between Zero Knowledge and Commitments. In Theory of Cryptography, Fifth Theory of Cryptography Conference, TCC 2008, New York, USA, March 19–21, 2008., 482–500. http://dx.doi.org/10.1007/978-3-540-78524-8_27
Rafail Ostrovsky (1991). One-Way Functions, Hard on Average Problems, and Statistical Zero-Knowledge Proofs. In Proceedings of the Sixth Annual Structure in Complexity Theory Conference, Chicago, Illinois, USA, June 30–July 3, 1991, 133–138. IEEE Computer Society. ISBN 0-8186-2255-5. http://dx.doi.org/10.1109/SCT.1991.160253
Rafael Pass & Abhi Shelat (2005). Unconditional Characterizations of Non-interactive Zero-Knowledge. In Advances in Cryptology—CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14–18, 2005, Proceedings, Victor Shoup, editor, volume 3621 of Lecture Notes in Computer Science, 118–134. Springer. ISBN 3-540-28114-2. http://dx.doi.org/10.1007/11535218_8
Alexander Russell (1995). Necessary and Sufficient Conditions for Collision-Free Hashing. J. Cryptology 8(2), 87–100. http://dx.doi.org/10.1007/BF00190757
Amit Sahai & Salil P. Vadhan (2003). A complete problem for statistical zero knowledge. J. ACM 50(2), 196–249. http://doi.acm.org/10.1145/636865.636868
Alfredo De Santis, Giovanni Di Crescenzo, Giuseppe Persiano & Moti Yung (1998). Image Density is Complete for Non-Interactive-SZK (Extended Abstract). In Automata, Languages and Programming, 25th International Colloquium, ICALP'98, Aalborg, Denmark, July 13–17, 1998, Proceedings, Kim Guldstrand Larsen, Sven Skyum & Glynn Winskel, editors, volume 1443 of Lecture Notes in Computer Science, 784–795. Springer. ISBN 3-540-64781-3. http://dx.doi.org/10.1007/BFb0055102
Salil P. Vadhan (1999). A Study of Statistical Zero-Knowledge Proofs. Ph.D. thesis, MIT Department of Mathematics
Acknowledgements
Research supported by the European Union’s Horizon 2020 Programme (ERC-StG-2014-2020) under Grant Agreement No. 639813 ERC-CLC, ISF Grant 1155/11, and the Check Point Institute for Information Security.
A preliminary version of this paper has appeared in the 36th Annual International Cryptology Conference (CRYPTO 2016) Applebaum & Raykov (2016).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Applebaum, B., Raykov, P. On the Relationship Between Statistical Zero-Knowledge and Statistical Randomized Encodings. comput. complex. 28, 573–616 (2019). https://doi.org/10.1007/s00037-018-0170-x
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00037-018-0170-x