Succinct Perfect Zero-knowledge for MIP*
Honghao Fu, Kieran Mastel, Xingjian Zhang
TL;DR
This work establishes a method to realize succinct, perfect zero-knowledge two-prover MIP^* protocols for RE languages by compressing existing nonlocal-proof frameworks. It integrates question reduction, oracularization, answer reduction, and parallel repetition, then fortifies the zero-knowledge guarantees with a parametrized PZK transformation based on obliviation and Barrington's branching programs, including a conversion from constraint-constraint to constraint-variable BC games to preserve perfect completeness. The results show that, starting from a baseline MIP^* protocol with constant completeness-soundness gap and polylogarithmic question lengths, one can achieve a succinct PZK-MIP^* protocol with polylog question length and constant or polylog answer length, while maintaining polynomial sampling and verification times. The work also develops a framework to preserve ZK against dishonest verifiers for the compression steps, and raises open questions about extending these techniques to other models, reducing question length further, and enabling non-interactive quantum protocols. Overall, the paper advances the theoretical foundation for highly succinct, quantum-zero-knowledge multi-prover proofs with strong completeness and soundness guarantees, with potential implications for quantum cryptography and scalable protocol design.
Abstract
In their recent breakthrough result, Slofstra and the second author show that there is a two-player one-round perfect zero-knowledge MIP* protocol for RE (STOC'24). We build on their result to show that there exists a succinct two-player one-round perfect zero-knowledge MIP* protocol for RE against dishonest verifiers with polylog question size and O(1) answer size, or with O(1) question size and polylog answer size. To prove our result, we study the three central compression techniques underlying the MIP*=RE proof (Ji et al. '20): question reduction, oracularization, and answer reduction. We show that question reduction preserves the perfect (as well as statistical and computational) zero-knowledge properties of the original protocol against dishonest verifiers, and oracularization and answer reduction preserve the perfect (as well as statistical and computational) zero-knowledge properties of the original protocol against honest verifiers. Secondly, we show that every constraint-constraint binary constraint system (BCS) nonlocal game, which provides a quantum information characterization of MIP*, can be converted to a synchronous constraint-variable BCS game to preserve perfect completeness for our compression. Lastly, we present a parametrized perfect-zero-knowledge transformation of MIP* protocols, which generalizes the transformation in (Slofstra and Kieran STOC'24) . This transformation allows us to preserve the zero-knowledge property against dishonest verifiers in the recursively oracularized protocols in our compression.