Cryptology ePrint Archive: Report 2018/437

Zero-Knowledge Protocols for Search Problems

Ben Berger and Zvika Brakerski

Abstract: We consider natural ways to extend the notion of Zero-Knowledge (ZK) Proofs beyond decision problems. Specifically, we consider search problems, and define zero-knowledge proofs in this context as interactive protocols in which the prover can establish the correctness of a solution to a given instance without the verifier learning anything beyond the intended solution, even if it deviates from the protocol. The goal of this work is to initiate a study of Search Zero-Knowledge (search-ZK), the class of search problems for which such systems exist. This class trivially contains search problems where the validity of a solution can be efficiently verified (using a single message proof containing only the solution). A slightly less obvious, but still straightforward, way to obtain zero-knowledge proofs for search problems is to let the prover send a solution and prove in zero-knowledge that the instance-solution pair is valid. However, there may be other ways to obtain such zero-knowledge proofs, and they may be more advantageous. In fact, we prove that there are search problems for which the aforementioned approach fails, but still search zero-knowledge protocols exist. On the other hand, we show sufficient conditions for search problems under which some form of zero-knowledge can be obtained using the straightforward way.

Category / Keywords: Zero knowledge, search problems

Original Publication (with minor differences): ICALP

Date: received 10 May 2018, last revised 14 May 2018

Contact author: bnberger at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20180514:141804 (All versions of this report)

Short URL: ia.cr/2018/437


[ Cryptology ePrint archive ]