**Zero Knowledge and Soundness are Symmetric**

*Shien Jin Ong and Salil Vadhan*

**Abstract: **We give a complexity-theoretic characterization of the class of problems in NP having zero-knowledge argument systems. This characterization is symmetric in its treatment of the zero knowledge and the soundness conditions, and thus we deduce that the class of problems in NP intersect coNP having zero-knowledge arguments is closed under complement. Furthermore, we show that a problem in NP has a *statistical* zero-knowledge argument system if and only if its complement has a computational zero-knowledge *proof* system. What is novel about these results is that they are *unconditional*, i.e., do not rely on unproven complexity assumptions such as the existence of one-way functions.

Our characterization of zero-knowledge arguments also enables us to prove a variety of other unconditional results about the class of problems in NP having zero-knowledge arguments, such as equivalences between honest-verifier and malicious-verifier zero knowledge, private coins and public coins, inefficient provers and efficient provers, and non-black-box simulation and black-box simulation. Previously, such results were only known unconditionally for zero-knowledge *proof systems*, or under the assumption that one-way functions exist for zero-knowledge argument systems.

**Category / Keywords: **foundations / zero knowledge

**Publication Info: **Extended abstract in EUROCRYPT 2007

**Date: **received 13 Nov 2006, last revised 23 Mar 2007

**Contact author: **shienjin at eecs harvard edu

**Available format(s): **Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

**Note: **An error in the statement and use of Lemma 4.8 in the previous version of our paper is now corrected in this version (in Proposition 3.11). We are grateful to Lilach Bien, Tel Aviv University, for pointing this out.

**Version: **20070323:234536 (All versions of this report)

**Short URL: **ia.cr/2006/414

**Discussion forum: **Show discussion | Start new discussion

[ Cryptology ePrint archive ]