Black-box concurrent zero-knowledge requires (almost) logarithmically many rounds

Ran Canetti, Joe Kilian, Erez Petrank, Alon Rosen

Research output: Contribution to journalArticlepeer-review


We show that any concurrent zero-knowledge protocol for a nontrivial language (i.e., for a language outside BPP), whose security is proven via black-box simulation, must use at least Ω̃(log n) rounds of interaction. This result achieves a substantial improvement over previous lower bounds and is the first bound to rule out the possibility of constant-round concurrent zero-knowledge when proven via black-box simulation. Furthermore, the bound is polynomially related to the number of rounds in the best known concurrent zero-knowledge protocol for languages in NP (which is established via black-box simulation).

Original languageEnglish
Pages (from-to)1-47
Number of pages47
JournalSIAM Journal on Computing
Issue number1
StatePublished - Jan 2003
Externally publishedYes


  • Concurrent zero knowledge
  • Cryptography
  • Interactive protocols
  • Lower bounds
  • Round complexity
  • Zero knowledge


Dive into the research topics of 'Black-box concurrent zero-knowledge requires (almost) logarithmically many rounds'. Together they form a unique fingerprint.

Cite this