A Study of Statistical ZeroKnowledge Proofs
Salil Pravin Vadhan
Abstract
Zeroknowledge interactive proofs, introduced by Goldwasser, Micali, and
Rackoff, are fascinating constructs which enable one party (the "prover")
to convince another party (the "verifier") of an assertion, with the property
that the verifier learns nothing other than the fact that the assertion
being proven is true. In addition to being powerful tools for constructing
secure cryptographic protocols, zeroknowledge proofs yield rich classes
of computational problems that are of both complexitytheoretic and cryptographic
interest. This thesis is a detailed investigation of statistical
zeroknowledge proofs, which are zeroknowledge proofs in which the condition
that the verifier "learns nothing" is interpreted in a strong statistical
sense. We begin by showing that the class SZK of problems possessing
such proofs has two natural complete problems. These problems essentially
amount to approximating the statistical difference or the difference in
entropies between two "efficiently samplable" distributions. Thus, they
give a new characterization of SZK which makes no reference to interaction
or zero knowledge. They also simplify the study of statistical zero knowledge,
as questions about the entire class SZK can be reduced to examining
these two particular complete problems. Using these complete problems as
tools, we proceed to answer a number of fundamental questions about zeroknowledge
proofs, including:

Transforming any statistical zeroknowledge proof against an honest verifier
(i.e., a verifier that follows the specified protocol) into one which is
zero knowledge even against cheating verifiers that deviate arbitrarily
from the specified protocol. This transformation applies to publiccoin
computational zeroknowledge proofs as well.
 Constructing statistical zeroknowledge proofs for complex assertions built
out of simpler assertions already shown to be in SZK. Via the complete
problems, these closure properties translate to new methods for manipulating
"efficiently samplable" distributions, which may be of independent interest.
 Obtaining simpler proofs of most previously known results about statistical
zero knowledge, such as: Okamoto's result that SZK is closed under
complement; the Fortnow and AielloHåstad upper bounds on the complexity
of SZK; and Okamoto's result that every statistical zeroknowledge
proof can be transformed into a publiccoin one.
Thesis Supervisor: Shafi Goldwasser, RSA Professor of Computer Science
Versions
[
back to Salil Vadhan's research interests ]
Last
modified: Wed Sep 20 19:25:40 EDT 2000