Abstract
We show that any concurrent zero-knowledge protocol for a nontrivial language (i.e., for a language outside BPP), whose security is proven via black-box simulation, must use at least Ω̃(log n) rounds of interaction. This result achieves a substantial improvement over previous lower bounds and is the first bound to rule out the possibility of constant-round concurrent zero-knowledge when proven via black-box simulation. Furthermore, the bound is polynomially related to the number of rounds in the best known concurrent zero-knowledge protocol for languages in NP (which is established via black-box simulation).
Original language | English |
---|---|
Pages (from-to) | 1-47 |
Number of pages | 47 |
Journal | SIAM Journal on Computing |
Volume | 32 |
Issue number | 1 |
DOIs | |
State | Published - Jan 2003 |
Externally published | Yes |
Keywords
- Concurrent zero knowledge
- Cryptography
- Interactive protocols
- Lower bounds
- Round complexity
- Zero knowledge