Paper 2018/437
Zero-Knowledge Protocols for Search Problems
Ben Berger and Zvika Brakerski
Abstract
We consider natural ways to extend the notion of Zero-Knowledge (ZK) Proofs beyond decision problems. Specifically, we consider search problems, and define zero-knowledge proofs in this context as interactive protocols in which the prover can establish the correctness of a solution to a given instance without the verifier learning anything beyond the intended solution, even if it deviates from the protocol. The goal of this work is to initiate a study of Search Zero-Knowledge (search-ZK), the class of search problems for which such systems exist. This class trivially contains search problems where the validity of a solution can be efficiently verified (using a single message proof containing only the solution). A slightly less obvious, but still straightforward, way to obtain zero-knowledge proofs for search problems is to let the prover send a solution and prove in zero-knowledge that the instance-solution pair is valid. However, there may be other ways to obtain such zero-knowledge proofs, and they may be more advantageous. In fact, we prove that there are search problems for which the aforementioned approach fails, but still search zero-knowledge protocols exist. On the other hand, we show sufficient conditions for search problems under which some form of zero-knowledge can be obtained using the straightforward way.
Metadata
- Available format(s)
-
PDF
- Publication info
- Published elsewhere. Minor revision. ICALP
- Keywords
- Zero knowledgesearch problems
- Contact author(s)
- bnberger @ gmail com
- History
- 2018-05-14: received
- Short URL
- https://ia.cr/2018/437
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2018/437,
author = {Ben Berger and Zvika Brakerski},
title = {Zero-Knowledge Protocols for Search Problems},
howpublished = {Cryptology {ePrint} Archive, Paper 2018/437},
year = {2018},
url = {https://eprint.iacr.org/2018/437}
}
