DEFINITIONS AND PROPERTIES OF
ZERO KNOWLEDGE PROOF SYSTEMS
Oded Goldreich
Yair Oren
Department Of Computer Science
Technion Haifa Israel
Abstract
In this pap er we investigate some prop erties of zero knowledge pro ofs a notion
introduced by Goldwasser Micali and Racko We introduce and classify two de ni
tions of zero knowledge auxil iar y input zero knowledge and bl ack box simul ation
zero knowledge We explain why auxiliary input zero knowledge is a de nition more
suitable for cryptographic applications than the original GMR de nition In partic
ular we show that any proto col solely comp osed of subproto cols which are auxiliary
input zero knowledge is itself auxiliary input zero knowledge We show that blackbox
simulation zero knowledge implies auxiliary input zero knowledge which in turn implies
the GMR de nition We argue that all known zero knowledge pro ofs are in fact
blackbox simulation zero knowledge i e were proved zero knowledge using blackbox
simulation of the veri er As a result all known zero knowledge pro of systems are
shown to b e auxiliary input zero knowledge and can b e used for cryptographic appli
cations such as those in GMW We demonstrate the triviality of certain classes of
zero knowledge pro of systems in the sense that only languages in BPP have zero
knowledge pro ofs of these classes In particular we show that any language having
a Las Vegas zero knowledge pro of system necessarily b elongs to RP We show that
randomness of b oth the veri er and the prover and non triviality of the interaction are
essential prop erties of non trivial auxiliary input zero knowledge pro ofs
Preliminary versions of this work have app eared in O O
WARNING The current text was automatio cally translated from old tro les Such
translations may introduce errors Furthermore I m not sure whether the source tro les
I ve found are actually the onesw corresp onding to the nal version Errors may b e due to
this fact to o The nal version has app eared in Journal of Cryptology Vol No