I remember my cryptography instructor saying that in math, we can use logic to find out what we can prove and what we can't prove. Assuming this, how would we use logic to find out if a given problem has a ZKP or if it does not? On a similar note, is there a ZKP to show that a file (that one wants for someone else to download) is not malicious? Not sure if that applies to ZKP's well, though. Still curious on what you guys have to say about it. Thanks.
Asked
Active
Viewed 265 times
1
-
To answer the first part of the question: the notion of zero-knowledgeness is closely-tied to the computational complexity of the problem. You can read more about that on this thread. The second part of the question seems hard to formalise. – ckamath May 12 '20 at 22:41
-
Maybe useful to note that the inverse is possible: it is possible to show that a file contains a bug, and it can even be pretty efficient. – Ruben De Smet May 14 '20 at 17:04
1 Answers
3
Assuming this, how would we use logic to find out if a given problem has a ZKP or if it does not?
From a theoretical standpoint, this has a rather simple answer: If the language you are trying to prove lies in IP or PSPACE then there is an (efficient) ZKP for it.
So, from a formal standpoint, a ZKP looks as follows: There's a prover and a verifier. The prover is (in principle) computationally unbounded, the verifier is a probabilistic polynomial-time Turing-Machine. Now both sides know the specification of the language and the potential element (the "word") of the language. An interactive proof is now that the prover tries to convince the verifier that the word is in the language and has at least a 2/3 chance to succeed if it is (this is called "completeness"). On the other hand if the word is not in the language, any prover should at most have a 1/3 chance to succeed to convince the verifier that the word is in the language (this is called "soundness").
Every such interactive proof can be turned into a zero-knowledge proof.
Additionally if a language is in PSPACE there is an interactive proof for it (which can be turned into a zero knowledge proof).
Though one may want to note that neither construction is "efficient" in a practical sense.
A zero-knowledge proof has the same completeness and soundness properties as an interactive proof but additionally for each verifier there must be a simulator that when given an input word must be able to output a communication transcript that is indistinguishable from that that the given verifier would have with a real prover for every word in the language. That means that one could also have come up witht the transcript on their own and thus it doesn't leak anything only the prover could know.
Note for our local pedants: The above talks about computational zero-knowledge proofs.
On a similar note, is there a ZKP to show that a file (that one wants for someone else to download) is not malicious?
Well, if you can come up with a protocol that would prove that to said person, you could convert it into a zero-knowledge proof. But I suppose the tricky part here is defining what "not malicious" means in a formal sense that satisfies soundness (i.e. a prover shouldn't be able to convince somebody that a file is "not malicious" even though it is).
SEJPM
- 45,967
- 7
- 99
- 205