Honest Verifier vs Dishonest Verifier in Public Coin Zero-Knowledge Proofs [chapter]

Ivan Damgård, Oded Goldreich, Tatsuaki Okamoto, Avi Wigderson
1995 Lecture Notes in Computer Science  
This paper presents two transformations of public-coin/Arthur-Merlin proof systems which are zero-knowledge with respect to the honest verifier into (public-coin/Arthur-Merlin) proof systems which are zero-knowledge with tt3peCt to any verifier. The first transformation applies only to constant-round proof systems. It builds on Damgird's transformation (see Crypto93), using ordinary hashing functions instead of the interactive hashing protocol (of Naor, Ostrovsky, Venkatesan and Yungsee
more » ... ) which was used by Damgbd. Consequently, the protocols resulting from our transformation have much lower round-complexity than those derived by Damgird's transformation. As in Damgbd's transformation, our transformation preserves statistical/perfect zero-knowledge and does not rely on any computational assumptions. However, unlike Damgird's transformation, the new transformation is not applicable to argument systems or to proofs of knowledge. The second transformation can be applied to proof systems of arbitrary number of rounds, but it only preserves statistical zero-knowledge. It assumes the existence of secure commitment schemes and transforms any public-coin proof which is statistical zero-knowledge with respect to the honest into one which is statistical zero-knowledge (in general). It follows, by a result of Ostrovsky and Wigderson (1993), that any language which is "hard on the average" and has a public-coin proof system which is statistical zero-knowledge with respect to the honest verifier, has a proof system which is statistical zero-knowledge (with respect to any verifier).
doi:10.1007/3-540-44750-4_26 fatcat:im4kbasevffihmd27w7geb42jm