Usually, a proof of a theorem contains more knowledge than the mere fact that the theorem is true. For instance, to prove that a graph is Hamiltonian it suffices to exhibit a Hamiltonian tour in it; however, this seems to contain more knowledge than the single bit Hamiltonian/non-Hamiltonian.

In this paper a computational complexity theory of the “knowledge” contained in a proof is developed. Zero-knowledge proofs are defined as those proofs that convey no additional knowledge other than the correctness of the proposition in question. Examples of zero-knowledge proof systems are given for the languages of quadratic residuosity and 'quadratic nonresiduosity. These are the first examples of zero-knowledge proofs for languages not known to be efficiently recognizable.

  • [AGH]  B. Aiello, S. Goldwasser and , J. Hastad, On the power of interaction, Proc. 27th Annual IEEE Symposium on Foundations of Computer Science, 1986, 368–379 Google Scholar

  • [AH]  B. Aiello and , J. Hastad, Perfect zero-knowledge languages can be recognized in two rounds, Proc. 28th Annual IEEE Symposium on Foundations of Computer Science, 1987, 439–448 Google Scholar

  • [BGGHKRM]  M. Ben-Or, O. Golureich, S. Goldwasser, J. Hastad, J. Kilian, P. Rogaway and , S. Micali, Everything provable is provable in zero-knowledge, in Proc. Crypto88, to appear Google Scholar

  • [BL]  M. Blum, Coin flipping by telephone, IEEE COMPCON, (1982), 133–137 Google Scholar

  • [BHZ]  R. Boppana, J. Hastad and , S. Zachos, Does co-NP have short interactive proofs?, Inform. Process. Lett., 25 (1987), 127–132 10.1016/0020-0190(87)90232-8 88g:68031 0653.68037 CrossrefISIGoogle Scholar

  • [BA]  L. Babai, Trading group theory for randomness, Proc.17th ACM Annual Symposium on Theory of Computation, 1975, 421–429 Google Scholar

  • [BM]  L. Babai and , S. Moran, Arthur-Merlin games: A randomized proof system, and a hierarchy of complexity classes, Proc. 17th Annual ACM Symposium on Theory of Computing, 1985, 421–429, J. Comput. Sci. Systems; a previous version was entitled Trading group theory for randomness Google Scholar

  • [BS]  L. Babai and , E. Szemeredi, On the complexity of matrix group problems, Proc. 25th Annual IEEE Symposium on Foundations of Computer Science, 229–240 Google Scholar

  • [BC]  G. Brassard and , C. Crepau, Non-transitive transfer of confidence: A perfect zero-knowledge interactive protocol for SAT and beyond, Proc. 27th Annual IEEE Symposium on Foundations of Computer Science, 1986, October Google Scholar

  • [CH]  D. Chaum, Demonstrating the public predicate can be satisfied without revealing any information how, in Proc. Crypto86 Google Scholar

  • [CO]  J. Cohen (Benaloh), Cryptographic capsules, in Proc. Crypto86 Google Scholar

  • [CKS]  A. Chandra, D. Kozen and , L. Stockmeyer, Alternation, J. Assoc. Comput. Mach., 28 (1981), 114–133 10.1145/322234.322243 83g:68059 0473.68043 CrossrefISIGoogle Scholar

  • [C]  S. Cook, The complexity of theorem-proving procedures, Proc. 3rd Annual ACM Symposium of Theory of Computation, 1971, 151–158 0253.68020 Google Scholar

  • [CR]  S. Cook and , R. Reckhow, The relative efficiency of propositional proof systems, J. Symbolic Logic, 44 (1979), 36–50 80e:03007 0408.03044 CrossrefISIGoogle Scholar

  • [F]  P. Feldman, private communication Google Scholar

  • [FMRW]  M. Fischer, S. Micali and , C. Rackoff, A secure protocol for the oblivious transfer (extended abstract), J. Cryptology, 9 (1996), 191–195 10.1007/s001459900011 1 403 497 0861.94015 CrossrefISIGoogle Scholar

  • [FFS]  U. Feige, A. Fiat and , A. Shamir, Zero knowledge proofs of identity, Proc. 19th Annual ACM Symposium on Theory of Computing, 1987, 210–217 Google Scholar

  • [FO]  L. Fortnow, The complexity of perfect zero-knowledge, Proc. 19th Annual ACM Symposium on Theory of Computing, 1987, 204–209 Google Scholar

  • [FH]  R. Fagin and , J. Halpern, Belief, awareness, and limited reasoning, Proc. 9th International Joint Conference on Artificial Intelligence, 1985, 491–501 Google Scholar

  • [FHV]  R. Fagin, J. Halpern and , M. Vardi, A model theoretic analysis of knowledge, Proc. 25th Annual IEEE Symposium on Foundations of Computer Science, 1984, 268–278 Google Scholar

  • [GM]  Shafi Goldwasser and , Silvio Micali, Probabilistic encryption, J. Comput. System Sci., 28 (1984), 270–299 10.1016/0022-0000(84)90070-9 86j:94047 0563.94013 CrossrefISIGoogle Scholar

  • [GM1]  S. Goldwasser and , S. Micali, Proofs with untrusted oracles, 1984, unpublished manuscript (submitted to STOC). Revised version: The information content of proof systems, unpublished manuscript (submitted to STOC, 1984) Google Scholar

  • [GMS]  O. Goldreich, Y. Mansour and , M. Sipser, Interactive proof systems: Provers that never fail and random selection, Proc. 28th Annual IEEE Symposium on Foundations of Computer Science, 1987, 449–460 Google Scholar

  • [GMR]  S. Goldwasser, S. Micali and , C. Rackoff, The knowledge complexity of interactive proof systems, 1985, in Proc. 27th Annual Symposium on Foundations of Computer Science, pp. 291-304. Earlier version: Knowledge complexity, unpublished manuscript, (submitted to FOCS, 1984) Google Scholar

  • [GS]  S. Goldwasser and , M. Sipser, Private coins versus public coins in interactive proof systems, Proc. 18th Annual Symposium on Theory of Computing, 1986, 59–68 Google Scholar

  • [GHY]  Z. Galil, S. Haber and , M. Yung, A private interactive test of a Boolean predicate and minimum-knowledge public-key cryptosystems, Proc. 26th Annual IEEE Symposium on Foundations of Computer Science, 1985, 360–371 Google Scholar

  • [GMW]  O. Goldreich, S. Micali and , A. Wigderson, Proofs that yield nothing but their validity and a methodology of cryptographic protocol design, Proc. 27th Annual IEEE Symposium on Foundations of Computer Science, 1986, 174–187 Google Scholar

  • [GMW2]  O. Goldreich, S. Micali and , A. Wigderson, How to play any mental game, Proc. 19th Annual ACM Symposium on Theory of Computing, 1987, 218–229 Google Scholar

  • [HM]  J. Halpern and , Y. Moses, Knowledge and common knowledge in a distributed environment, Proc. 3rd Principles of Distributed Computing Conference, 1984, 50–61 Google Scholar

  • [LMR]  M. Luby, S. Micali and , C. Rackoff, How to simultaneously exchange a secret bit by flipping a symmetrically-biased coin, Proc. 24th Annual IEEE Symposium on Foundations of Computer Science, 1983, 11–22 Google Scholar

  • [O]  Y. Oren, On the cunning power of cheating verifiers: some observations of zero-knowledge proofs, Proc. 28th Annual IEEE Symposium on Foundations of Computer Science, 1987, 462–471 Google Scholar

  • [P]  C. Papadimitriou, Games against nature, Proc. 24th Annual IEEE Symposium on Foundations of Computer Science, 1983, 446–450 Google Scholar

  • [TW]  M. Tompa and , H. Woll, Random self reducibility and zero knowledge interactive proofs of possession of information, Proc. 28th Annual IEEE Symposium on Foundations of Computer Science, 1987, 472–482 Google Scholar

  • [ZF]  S. Zachos and , M. Furer, Probabilistic quantifiers vs. distrustful adversaries, Proc. Structure of Complexity Classes Conference, 1986 Google Scholar

  • [Y]  A. Yao, Theory and applications of trapdoor functions23rd annual symposium on foundations of computer science (Chicago, Ill., 1982), IEEE, New York, 1982, 80–91, November 780 384 CrossrefGoogle Scholar