Minimum-Knowledge Interactive Proofs for Decision Problems

Galil, Zvi; Haber, Stuart; Yung, Moti

Interactive communication of knowledge from the point of view of resource-bounded computational complexity is studied. Extending the work of Goldwasser, Micali, and Rackof [Proc. 17th Annual ACM Symposium on the Theory of Computing, 1985, pp. 291““304; .,18 (1989), pp. 186““208], the authors define a protocol transferring the result of any fixed computation to be minimum-knowledge if it communicates no additional knowledge to the recipient besides the intended computational result. It is proved that such protocols may be combined in a natural way so as to build more complex protocols. A protocol is introduced for two parties, a prover and a verifier, with the following properties:(1) Following the protocol, the prover gives to the verifier a proof of the value, 0 or 1, of a particular Boolean predicate, which is (assumed to be) hard for the verifier to compute. Such a deciding “interactive proof-system“ extends the interactive proof-systems of [op. cit.], which are used only to confirm that a certain predicate has value 1. (2) The protocol is minimum-knowledge. (3) The protocol is result-indistinguishable: an eavesdropper, overhearing an execution of the protocol, does not learn the value of the predicate that is proved. The value of the predicate is a cryptographically secure bit, shared by the two parties to the protocol. This security is achieved without the use of encryption functions, all messages being sent in the clear. These properties enable one to define a cryptosystem in which each user receives exactly the knowledge he is supposed to receive, and nothing more.



More About This Work

Academic Units
Computer Science
Department of Computer Science, Columbia University
Columbia University Computer Science Technical Reports, CUCS-328-88
Published Here
December 9, 2011