Black-Box Concurrent Zero-Knowledge Requires ~Omega(log
n) Rounds
Ran Canetti, Joe Kilian, Erez Petrank and Alon Rosen
Abstract:
We show that any concurrent zero-knowledge protocol for a non-trivial language
(i.e., for a language outside BPP), whose security is proven via black-box
simulation, must use at least ~Omega(log n) rounds of interaction. This
result achieves a substantial improvement over previous lower bounds, and
is the first bound to rule out the possibility of constant-round concurrent
zero-knowledge when proven via black-box simulation. Furthermore, the bound
is polynomially related to the number of rounds in the best known concurrent
zero-knowledge protocol for languages in NP.
Postscript,
gzipped
Postscript.
Back Home