Distributed Non-Interactive Zero-Knowledge Proofs
Alex B. Grilo, Ami Paz, Mor Perry
TL;DR
The paper introduces distributed non-interactive zero-knowledge proofs (dNIZK) for graph properties, presenting efficient protocols for 3-colorability and triangle-freeness that achieve strong zero-knowledge with minimal prover-to-node communication and controlled neighbor communication. It introduces polynomial-sharing techniques to enable zero-knowledge verification without revealing neighbor colors, and demonstrates a versatile trade-off between certificate size and inter-node messages. A general compiler in the random oracle model yields a universal dNIZK for any NP property, with zero-knowledge maintained under coalitions and adjustable soundness via neighbor communication. The work situates itself within distributed certification and ZK literature, offering both top-down NP-to-dNIZK constructions and problem-specific protocols, with open questions about coalitional security, broader applicability of polynomial sharing, and plain-model realizations.
Abstract
Distributed certification is a set of mechanisms that allows an all-knowing prover to convince the units of a communication network that the network's state has some desired property, such as being 3-colorable or triangle-free. Classical mechanisms, such as proof labeling schemes (PLS), consist of a message from the prover to each unit, followed by one round of communication between each unit and its neighbors. Later works consider extensions, called distributed interactive proofs, where the prover and the units can have multiple rounds of communication before the communication among the units. Recently, Bick, Kol, and Oshman (SODA '22) defined a zero-knowledge version of distributed interactive proofs, where the prover convinces the units of the network's state without revealing any other information about the network's state or structure. In their work, they propose different variants of this model and show that many graph properties of interest can be certified with them. In this work, we define and study distributed non-interactive zero-knowledge proofs (dNIZK); these can be seen as a non-interactive version of the aforementioned model, and also as a zero-knowledge version of PLS. We prove the following: - There exists a dNIZK protocol for 3-coloring with O(log n)-bit messages from the prover and O(log n)-size messages among neighbors. - There exists a family of dNIZK protocols for triangle-freeness, that presents a trade-off between the size of the messages from the prover and the size of the messages among neighbors. - There exists a dNIZK protocol for any graph property in NP in the random oracle models, which is secure against an arbitrary number of malicious parties.