Paper 2018/437

Zero-Knowledge Protocols for Search Problems

Ben Berger and Zvika Brakerski


We consider natural ways to extend the notion of Zero-Knowledge (ZK) Proofs beyond decision problems. Specifically, we consider search problems, and define zero-knowledge proofs in this context as interactive protocols in which the prover can establish the correctness of a solution to a given instance without the verifier learning anything beyond the intended solution, even if it deviates from the protocol. The goal of this work is to initiate a study of Search Zero-Knowledge (search-ZK), the class of search problems for which such systems exist. This class trivially contains search problems where the validity of a solution can be efficiently verified (using a single message proof containing only the solution). A slightly less obvious, but still straightforward, way to obtain zero-knowledge proofs for search problems is to let the prover send a solution and prove in zero-knowledge that the instance-solution pair is valid. However, there may be other ways to obtain such zero-knowledge proofs, and they may be more advantageous. In fact, we prove that there are search problems for which the aforementioned approach fails, but still search zero-knowledge protocols exist. On the other hand, we show sufficient conditions for search problems under which some form of zero-knowledge can be obtained using the straightforward way.

Available format(s)
Publication info
Published elsewhere. Minor revision. ICALP
Zero knowledgesearch problems
Contact author(s)
bnberger @ gmail com
2018-05-14: received
Short URL
Creative Commons Attribution


      author = {Ben Berger and Zvika Brakerski},
      title = {Zero-Knowledge Protocols for Search Problems},
      howpublished = {Cryptology ePrint Archive, Paper 2018/437},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.