TY - GEN

T1 - Multi-prover interactive proofs

T2 - 20th Annual ACM Symposium on Theory of Computing, STOC 1988

AU - Ben-Or, Michael

AU - Goldwasser, Shafi

AU - Kilian, Joe

AU - Wigderson, Avi

PY - 1988

Y1 - 1988

N2 - Quite complex cryptographic machinery has been developed based on the assumption that one-way functions exist, yet we know of only a few possible such candidates. It is important at this time to find alternative foundations to the design of secure cryptography. We introduce a new model of generalized interactive proofs as a step in this direction. We prove that all NP languages have perfect zero-knowledge proof-systems in this model, without making any intractability assumptions. The generalized interactive-proof model consists of two computationally unbounded and untrusted provers, rather than one, who jointly agree on a strategy to convince the verifier of the truth of an assertion and then engage in a polynomial number of message exchanges with the verifier in their attempt to do so. To believe the validity of the assertion, the verifier must make sure that the two provers can not communicate with each other during the course of the proof process. Thus, the complexity assumptions made in previous work, have been traded for a physical separation between the two provers. We call this new model the multi-prover interactive-proof model, and examine its properties and applicability to cryptography.

AB - Quite complex cryptographic machinery has been developed based on the assumption that one-way functions exist, yet we know of only a few possible such candidates. It is important at this time to find alternative foundations to the design of secure cryptography. We introduce a new model of generalized interactive proofs as a step in this direction. We prove that all NP languages have perfect zero-knowledge proof-systems in this model, without making any intractability assumptions. The generalized interactive-proof model consists of two computationally unbounded and untrusted provers, rather than one, who jointly agree on a strategy to convince the verifier of the truth of an assertion and then engage in a polynomial number of message exchanges with the verifier in their attempt to do so. To believe the validity of the assertion, the verifier must make sure that the two provers can not communicate with each other during the course of the proof process. Thus, the complexity assumptions made in previous work, have been traded for a physical separation between the two provers. We call this new model the multi-prover interactive-proof model, and examine its properties and applicability to cryptography.

UR - http://www.scopus.com/inward/record.url?scp=84898945449&partnerID=8YFLogxK

U2 - 10.1145/62212.62223

DO - 10.1145/62212.62223

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:84898945449

SN - 0897912640

SN - 9780897912648

T3 - Proceedings of the Annual ACM Symposium on Theory of Computing

SP - 113

EP - 131

BT - Proceedings of the 20th Annual ACM Symposium on Theory of Computing, STOC 1988

PB - Association for Computing Machinery

Y2 - 2 May 1988 through 4 May 1988

ER -