Nir Bitansky, Dakshita Khurana, Omer Paneth

Research output: Contribution to journalArticlepeer-review


The round complexity of zero-knowledge protocols is a long-standing open question and is yet to be settled under standard assumptions. So far, the question has appeared equally challenging for relaxations such as weak zero-knowledge and witness hiding. Like full-fledged zero-knowledge, protocols satisfying these relaxed notions under standard assumptions have at least four messages. The difficulty in improving round complexity stems from a fundamental barrier: none of these notions can be achieved in three messages via reductions (or simulators) that treat the verifier as a black box. We introduce a new non-black-box technique and use it to obtain the first protocols that cross this barrier under standard assumptions. Our main results are (1) weak zero-knowledge for NP in two messages, assuming quasi-polynomially secure fully homomorphic encryption and other standard primitives (known from quasi-polynomial hardness of learning with errors) as well as subexponentially secure one-way functions; and (2) weak zero-knowledge for NP in three messages under standard polynomial assumptions (following, for example, from fully homomorphic encryption and factoring). We also give, under polynomial assumptions, a two-message witness-hiding protocol for any language L in NP that has a witness encryption scheme. This protocol is also publicly verifiable. Our technique is based on a new homomorphic trapdoor paradigm, which can be seen as a non-black-box analogue of the classic Feige-Lapidot-Shamir trapdoor paradigm.

Original languageEnglish
Pages (from-to)156-199
Number of pages44
JournalSIAM Journal on Computing
Issue number2
StatePublished - Apr 2023


FundersFunder number
Alon Young Faculty Fellowship
National Science FoundationCNS-1350619, CNS-1414119
Army Research OfficeW911NF-15-C-0236, W911NF-15-C-0226
Defense Advanced Research Projects Agency
Blavatnik Family Foundation
Israel Science Foundation18/484, 1789/19
Tel Aviv University


    • cryptographic protocols
    • round complexity
    • witness hiding
    • zero-knowledge


    Dive into the research topics of 'WEAK ZERO-KNOWLEDGE BEYOND THE BLACK-BOX BARRIER'. Together they form a unique fingerprint.

    Cite this