Cryptology ePrint Archive: Report 2015/1046

From Private Simultaneous Messages to Zero-Information Arthur-Merlin Protocols and Back

Benny Applebaum and Pavel Raykov

Abstract: G\"o\"os, Pitassi and Watson (ITCS, 2015) have recently introduced the notion of \emph{Zero-Information Arthur-Merlin Protocols} (ZAM). In this model, which can be viewed as a private version of the standard Arthur-Merlin communication complexity game, Alice and Bob are holding a pair of inputs $x$ and $y$ respectively, and Merlin, the prover, attempts to convince them that some public function $f$ evaluates to 1 on $(x,y)$. In addition to standard completeness and soundness, G\"o\"os et al., require an additional ``zero-knowledge'' property which asserts that on each yes-input, the distribution of Merlin's proof leaks no information about the inputs $(x,y)$ to an external observer.

In this paper, we relate this new notion to the well-studied model of \emph{Private Simultaneous Messages} (PSM) that was originally suggested by Feige, Naor and Kilian (STOC, 1994). Roughly speaking, we show that the randomness complexity of ZAM essentially corresponds to the communication complexity of PSM, and that the communication complexity of ZAM essentially corresponds to the randomness complexity of PSM. This relation works in both directions where different variants of PSM are being used. Consequently, we derive better upper-bounds on the communication-complexity of ZAM for arbitrary functions. As a secondary contribution, we reveal new connections between different variants of PSM protocols which we believe to be of independent interest.

Category / Keywords: information-theoretic security, Private Simultaneous Messages, Zero-Information Arthur-Merlin, Secure Computation

Original Publication (with major differences): IACR-TCC-2016

Date: received 28 Oct 2015, last revised 13 Jul 2016

Contact author: raykov pavel at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20160713:071859 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]