Abstract
We show that only languages in BPP have public-coin black-box zero-knowledge protocols that are secure under an unbounded (polynomial) number of parallel repetitions. This result holds both in the plain model (without any setup) and in the bare public key model (where the prover and the verifier have registered public keys). We complement this result by constructing a public-coin black-box zero-knowledge proof based on one-way functions that remains secure under any a priori bounded number of concurrent executions. A key step (of independent interest) in the analysis of our lower bound shows that any public-coin protocol, when repeated sufficiently in parallel, satisfies a notion of "resettable soundness" if the verifier picks its random coins using a pseudorandom function.
| Original language | English |
|---|---|
| Pages (from-to) | 1529-1553 |
| Number of pages | 25 |
| Journal | SIAM Journal on Computing |
| Volume | 40 |
| Issue number | 6 |
| DOIs | |
| State | Published - 2011 |
| Externally published | Yes |
Keywords
- Parallel repetition
- Public-coin interactive protocols
- Zero-knowledge