Unconditional relationships within zero knowledge

Zero-knowledge protocols enable one party, called the prover, to convince another party, called the verifier, the validity of a mathematical statement such that the verifier learns nothing other than the fact that the proven statement is true. The different ways of formulating the terms "convince" and "learns nothing" give rise to four classes of languages having zero-knowledge protocols, which are: statistical zero-knowledge proof systems, computational zero-knowledge proof systems, statistical zero-knowledge argument systems, and computational zero-knowledge argument systems. We establish complexity-theoretic characterizations of these four zero-knowledge complexity classes, of which our characterizations for argument systems are novel. Using these characterizations, we show that for languages in NP, the following hold. (1) Instance-dependent commitment schemes are necessary and sufficient for zero-knowledge protocols. Instance-dependent commitment schemes for a given language are commitment schemes that can depend on the instance of the language, and where the hiding and binding properties are required to hold only on the YES and NO instances of the language, respectively. (2) Computational zero knowledge and computational soundness (a property held by argument systems) are symmetric properties. Namely, we show that the class of languages in NP ∩ co-NP having zero-knowledge arguments is closed under complement, and that a language in NP has a statistical zero-knowledge argument system if and only if its complement has a computational zero-knowledge proof system. (3) Any zero-knowledge argument system that is only guaranteed to be secure against the honest verifier that follows the prescribed protocol can be transformed into one that is secure against malicious verifiers that can deviate from the protocol. In addition, our transformation gives us zero-knowledge argument systems with desirable properties like public coins, perfect completeness, a black-box simulator, and an efficient prover. The novelty of our results above is that they are unconditional, meaning that they do not rely on any unproven complexity assumptions such as the existence of one-way functions. Moreover, in establishing our complexity-theoretic characterizations, we give the first construction of statistical zero-knowledge argument systems for all of NP based on any one-way function.