## Abstract

Batch proofs are proof systems that convince a verifier that x_{1},...,x_{t} ∈ L, for some NP language L, with communication that is much shorter than sending the t witnesses. In the case of statistical soundness (where the cheating prover is unbounded but the honest prover is efficient given the witnesses), interactive batch proofs are known for UP, the class of unique-witness NP languages. In the case of computational soundness (where both honest and dishonest provers are efficient), non-interactive solutions are now known for all of NP, assuming standard lattice or group assumptions. We exhibit the first negative results regarding the existence of batch proofs and arguments: - Statistically sound batch proofs for L imply that L has a statistically witness indistinguishable (SWI) proof, with inverse polynomial SWI error, and a non-uniform honest prover. The implication is unconditional for obtaining honest-verifier SWI or for obtaining full-fledged SWI from public-coin protocols, whereas for private-coin protocols full-fledged SWI is obtained assuming one-way functions. This poses a barrier for achieving batch proofs beyond UP (where witness indistinguishability is trivial). In particular, assuming that NP does not have SWI proofs, batch proofs for all of NP do not exist. - Computationally sound batch proofs (a.k.a batch arguments or BARGs) for NP, together with one-way functions, imply statistical zero-knowledge (SZK) arguments for NP with roughly the same number of rounds, an inverse polynomial zero-knowledge error, and non-uniform honest prover. Thus, constant-round interactive BARGs from one-way functions would yield constant-round SZK arguments from one-way functions. This would be surprising as SZK arguments are currently only known assuming constant-round statistically-hiding commitments. We further prove new positive implications of non-interactive batch arguments to non-interactive zero knowledge arguments (with explicit uniform prover and verifier): - Non-interactive BARGs for NP, together with one-way functions, imply non-interactive computational zero-knowledge arguments for NP. Assuming also dual-mode commitments, the zero knowledge can be made statistical. Both our negative and positive results stem from a new framework showing how to transform a batch protocol for a language L into an SWI protocol for L.

Original language | English (US) |
---|---|

Title of host publication | STOC 2024 - Proceedings of the 56th Annual ACM Symposium on Theory of Computing |

Editors | Bojan Mohar, Igor Shinkar, Ryan O�Donnell |

Publisher | Association for Computing Machinery |

Pages | 435-443 |

Number of pages | 9 |

ISBN (Electronic) | 9798400703836 |

DOIs | |

State | Published - Jun 10 2024 |

Event | 56th Annual ACM Symposium on Theory of Computing, STOC 2024 - Vancouver, Canada Duration: Jun 24 2024 → Jun 28 2024 |

### Publication series

Name | Proceedings of the Annual ACM Symposium on Theory of Computing |
---|---|

ISSN (Print) | 0737-8017 |

### Conference

Conference | 56th Annual ACM Symposium on Theory of Computing, STOC 2024 |
---|---|

Country/Territory | Canada |

City | Vancouver |

Period | 6/24/24 → 6/28/24 |

## Keywords

- Batching
- Interactive Proofs
- Non-Interactive Zero-Knowledge
- Witness Indistinguishability

## ASJC Scopus subject areas

- Software