International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: Black-Box Concurrent Zero-Knowledge Requires $\tilde\Omega(\log n)$ Rounds

Ran Canetti
Joe Kilian
Erez Petrank
Alon Rosen
Search ePrint
Search Google
Abstract: We show that any concurrent zero-knowledge protocol for a non-trivial language (i.e., for a language outside $\BPP$), whose security is proven via black-box simulation, must use at least $\tilde\Omega(\log n)$ rounds of interaction. This result achieves a substantial improvement over previous lower bounds, and is the first bound to rule out the possibility of constant-round concurrent zero-knowledge when proven via black-box simulation. Furthermore, the bound is polynomially related to the number of rounds in the best known concurrent zero-knowledge protocol for languages in $\NP$.
  title={Black-Box Concurrent Zero-Knowledge Requires $\tilde\Omega(\log n)$ Rounds},
  booktitle={IACR Eprint archive},
  keywords={cryptographic protocols / zero-knowledge},
  note={An extended abstract to appear in STOC01 11497 received 24 Jun 2001},
  author={Ran Canetti and Joe Kilian and Erez Petrank and Alon Rosen},