Abstract
Zero-Knowledge PCPs (ZK-PCPs; Kilian, Petrank, and Tardos, STOC ‘97) are PCPs with the additional zero-knowledge guarantee that the view of any (possibly malicious) verifier making a bounded number of queries to the proof can be efficiently simulated up to a small statistical distance. Similarly, ZK-PCPs of Proximity (ZK-PCPPs; Ishai and Weiss, TCC ‘14) are PCPPs in which the view of an adversarial verifier can be efficiently simulated with few queries to the input. Previous ZK-PCP constructions obtained an exponential gap between the query complexity q of the honest verifier, and the bound q∗ on the queries of a malicious verifier (i.e., q= polylog (q∗)), but required either exponential-time simulation, or adaptive honest verification. This should be contrasted with standard PCPs, that can be verified non-adaptively (i.e., with a single round of queries to the proof). The problem of constructing such ZK-PCPs, even whenq∗= q, has remained open since they were first introduced more than 2 decades ago. This question is also open for ZK-PCPPs, for which no construction with non-adaptive honest verification is known (not even with exponential-time simulation). We resolve this question by constructing the first ZK-PCPs and ZK-PCPPs which simultaneously achieve efficient zero-knowledge simulation and non-adaptive honest verification. Our schemes have a square-root query gap, namely q∗/q=O(n), where n is the input length. Our constructions combine the “MPC-in-the-head” technique (Ishai et al., STOC ‘07) with leakage-resilient secret sharing. Specifically, we use the MPC-in-the-head technique to construct a ZK-PCP variant over a large alphabet, then employ leakage-resilient secret sharing to design a new alphabet reduction for ZK-PCPs which preserves zero-knowledge.
Original language | English |
---|---|
Article number | 23 |
Journal | Journal of Cryptology |
Volume | 35 |
Issue number | 4 |
DOIs | |
State | Published - Oct 2022 |
Bibliographical note
Publisher Copyright:© 2022, International Association for Cryptologic Research.
Funding
We thank the anonymous ITC‘21 reviewers for their helpful comments, in particular for pointing out the connection to RPEs and noting that the ZK code of [, Theorem 2.2] is equivocal. The first and third authors are supported by the BIU Center for Research in Applied Cryptography and Cyber Security in conjunction with the Israel National Cyber Bureau in the Prime Minister’s Office. The first author is supported by ISF grant No. 1316/18. The first and second authors are supported by DARPA under Contract No. HR001120C0087. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the United States Government or DARPA.
Funders | Funder number |
---|---|
Defense Advanced Research Projects Agency | HR001120C0087 |
Israel Science Foundation | 1316/18 |
Keywords
- Leakage resilience
- Probabilistically checkable proofs
- Probabilistically checkable proofs of proximity
- Secret sharing
- Secure multi-party computation
- Zero knowledge