Batch Proofs Are Statistically Hiding

Nir Bitansky, Chethan Kamath, Omer Paneth, Ron D. Rothblum, Prashant Nalini Vasudevan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Batch proofs are proof systems that convince a verifier that x1,...,xt ∈ L, for some NP language L, with communication that is much shorter than sending the t witnesses. In the case of statistical soundness (where the cheating prover is unbounded but the honest prover is efficient given the witnesses), interactive batch proofs are known for UP, the class of unique-witness NP languages. In the case of computational soundness (where both honest and dishonest provers are efficient), non-interactive solutions are now known for all of NP, assuming standard lattice or group assumptions. We exhibit the first negative results regarding the existence of batch proofs and arguments: - Statistically sound batch proofs for L imply that L has a statistically witness indistinguishable (SWI) proof, with inverse polynomial SWI error, and a non-uniform honest prover. The implication is unconditional for obtaining honest-verifier SWI or for obtaining full-fledged SWI from public-coin protocols, whereas for private-coin protocols full-fledged SWI is obtained assuming one-way functions. This poses a barrier for achieving batch proofs beyond UP (where witness indistinguishability is trivial). In particular, assuming that NP does not have SWI proofs, batch proofs for all of NP do not exist. - Computationally sound batch proofs (a.k.a batch arguments or BARGs) for NP, together with one-way functions, imply statistical zero-knowledge (SZK) arguments for NP with roughly the same number of rounds, an inverse polynomial zero-knowledge error, and non-uniform honest prover. Thus, constant-round interactive BARGs from one-way functions would yield constant-round SZK arguments from one-way functions. This would be surprising as SZK arguments are currently only known assuming constant-round statistically-hiding commitments. We further prove new positive implications of non-interactive batch arguments to non-interactive zero knowledge arguments (with explicit uniform prover and verifier): - Non-interactive BARGs for NP, together with one-way functions, imply non-interactive computational zero-knowledge arguments for NP. Assuming also dual-mode commitments, the zero knowledge can be made statistical. Both our negative and positive results stem from a new framework showing how to transform a batch protocol for a language L into an SWI protocol for L.

Original languageEnglish (US)
Title of host publicationSTOC 2024 - Proceedings of the 56th Annual ACM Symposium on Theory of Computing
EditorsBojan Mohar, Igor Shinkar, Ryan O�Donnell
PublisherAssociation for Computing Machinery
Pages435-443
Number of pages9
ISBN (Electronic)9798400703836
DOIs
StatePublished - Jun 10 2024
Event56th Annual ACM Symposium on Theory of Computing, STOC 2024 - Vancouver, Canada
Duration: Jun 24 2024Jun 28 2024

Publication series

NameProceedings of the Annual ACM Symposium on Theory of Computing
ISSN (Print)0737-8017

Conference

Conference56th Annual ACM Symposium on Theory of Computing, STOC 2024
Country/TerritoryCanada
CityVancouver
Period6/24/246/28/24

Keywords

  • Batching
  • Interactive Proofs
  • Non-Interactive Zero-Knowledge
  • Witness Indistinguishability

ASJC Scopus subject areas

  • Software

Fingerprint

Dive into the research topics of 'Batch Proofs Are Statistically Hiding'. Together they form a unique fingerprint.

Cite this