TY - GEN
T1 - Multi-prover interactive proofs
T2 - 20th Annual ACM Symposium on Theory of Computing, STOC 1988
AU - Ben-Or, Michael
AU - Goldwasser, Shafi
AU - Kilian, Joe
AU - Wigderson, Avi
PY - 1988
Y1 - 1988
N2 - Quite complex cryptographic machinery has been developed based on the assumption that one-way functions exist, yet we know of only a few possible such candidates. It is important at this time to find alternative foundations to the design of secure cryptography. We introduce a new model of generalized interactive proofs as a step in this direction. We prove that all NP languages have perfect zero-knowledge proof-systems in this model, without making any intractability assumptions. The generalized interactive-proof model consists of two computationally unbounded and untrusted provers, rather than one, who jointly agree on a strategy to convince the verifier of the truth of an assertion and then engage in a polynomial number of message exchanges with the verifier in their attempt to do so. To believe the validity of the assertion, the verifier must make sure that the two provers can not communicate with each other during the course of the proof process. Thus, the complexity assumptions made in previous work, have been traded for a physical separation between the two provers. We call this new model the multi-prover interactive-proof model, and examine its properties and applicability to cryptography.
AB - Quite complex cryptographic machinery has been developed based on the assumption that one-way functions exist, yet we know of only a few possible such candidates. It is important at this time to find alternative foundations to the design of secure cryptography. We introduce a new model of generalized interactive proofs as a step in this direction. We prove that all NP languages have perfect zero-knowledge proof-systems in this model, without making any intractability assumptions. The generalized interactive-proof model consists of two computationally unbounded and untrusted provers, rather than one, who jointly agree on a strategy to convince the verifier of the truth of an assertion and then engage in a polynomial number of message exchanges with the verifier in their attempt to do so. To believe the validity of the assertion, the verifier must make sure that the two provers can not communicate with each other during the course of the proof process. Thus, the complexity assumptions made in previous work, have been traded for a physical separation between the two provers. We call this new model the multi-prover interactive-proof model, and examine its properties and applicability to cryptography.
UR - http://www.scopus.com/inward/record.url?scp=84898945449&partnerID=8YFLogxK
U2 - 10.1145/62212.62223
DO - 10.1145/62212.62223
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:84898945449
SN - 0897912640
SN - 9780897912648
T3 - Proceedings of the Annual ACM Symposium on Theory of Computing
SP - 113
EP - 131
BT - Proceedings of the 20th Annual ACM Symposium on Theory of Computing, STOC 1988
PB - Association for Computing Machinery
Y2 - 2 May 1988 through 4 May 1988
ER -