Abstract
The model of zero-knowledge multi-prover interactive proofs was introduced by Ben-Or, Goldwasser, Kilian and Wigderson in [4]. A major open problem associated with this model is whether NP problems can be proven by one-round, two-prover, zero-knowledge protocols with exponentially small error probability (e.g. via parallel executions). A positive answer was claimed by Fortnow, Rompel and Sipser in [12], but its proof was later shown to be flawed by Fortnow who demonstrated that the probability of cheating inn independent parallel rounds can be much higher than the probability of cheating inn independent sequential rounds (with exponential ratio between them). In this paper we solve this problem: We show a new one-round two-prover interactive proof for Graph Hamiltonicity, we prove that it is complete, sound and perfect zeroknowledge, and thus every problem in NP has a one-round two-prover interactive proof which is perfectly zero knowledge under no cryptographic assumptions. The main difficulty is in proving the soundness of our parallel protocol namely, proving that the probability of cheating in this one-round protocol is upper bounded by some exponentially low threshold. We prove that this probability is at most 1/2n/9 (wheren is the number of parallel rounds), by translating the soundness problem into some extremal combinatorial problem, and then solving this new problem.
Similar content being viewed by others
References
N. Alon: Private communication, 1990.
G. Brassard, C. Crepeau, M. Yung:Everything in NP can be argued in perfect zero knowledge in a bounded number of rounds, Proc. of 16th International Colloquium on Automata, Languages and Programming (ICALP) 1989.
M. Bellare, andO. Goldreich:On Defining Proofs of Knowledge, Proc. of Crypto, 390–420, 1992.
M. Ben-Or, S. Goldwasser, J. Kilian, andA. Wigderson:Multi-Prover Interactive Proofs: How to Remove Intractability Assumptions, Proc. 20th ACM Symposium on Theory of Computing, 113–131, 1988.
R. Boppana, J. Hastad andS. Zachos: Does co-NP Have Short Interactive Proofs?,Inform. Process. Lett.,25 (1987), 127–132.
M. Bellare, S. Micali andR. Ostrovsky:Perfect Zero-Knowledge in Constant rounds, Proc. of 22nd ACM Symposium on Theory of Computing, 482–493, (1990).
J. Cai, A. Condon, andR. Lipton:Playing Games of Incomplete Information, Proc. of 7th Symposium on Theoretical Aspects of Computer Science, 58–69, 1990.
L. Fortnow:Ph. D. Thesis, M.I.T./LCS/TR-447
L. Fortnow:The Complexity of Perfect Zero-Knowledge, Proc. of 19th ACM Symposium on Theory of Computing, 204–209, 1987.
U. Feige:On the Success Probability of the Two Provers in One Round Proof Systems, Proc. of Structures in Complexity Theory Conf., 1991.
U. Feige, A. Fiat, andA. Shamir:Zero Knowledge Proofs of Identity, Proc of 19th ACM Symposium on Theory of Computing, 210–217, 1987.
L. Fortnow, J. Rompel, andM. Sipser:On the power of Multi-Prover Interactive Protocols, Proc. of Structures in Complexity Theory Conf., 156–161, 1988.
U. Feige, andA. Shamir:Witness Indistinguishable and Witness Hiding Protocols, Proc. of 22nd ACM Symposium on Theory of Computing, 416–426, 1990.
O. Goldreich, andA. Kahan: Private communication, 1989.
S. Goldwasser, S. Micali, andC. Rackoff: The Knowledge Complexity of Interactive Proof Systems,SIAM Journal of computing,1 (1989), 186–208.
O. Goldreich, S. Micali, andA. Wigderson:Proofs that Yield Nothing But Their Validity and a Methodology of Cryptographic Protocol Design, Proc. of 27th Symposium on Foundations of Computer Science, 174–187, 1986.
D. Lapidot, andA. Shamir:Fully Parallelized Multi Prover Protocols for NEXP-time, Proc. of 32'nd Symposium on Foundations of Computer Science, 13–18 1991.
D. Peleg: Private communication, 1990.