On Prover-Efficient Public-Coin Emulation of Interactive Proofs

Authors Gal Arnon, Guy N. Rothblum

Thumbnail PDF


  • Filesize: 0.62 MB
  • 15 pages

Document Identifiers

Author Details

Gal Arnon
  • Weizmann Institute of Science, Rehovot, Israel
Guy N. Rothblum
  • Weizmann Institute of Science, Rehovot, Israel


We would like to thank Ron Rothblum for making us aware of Kilian’s ideas which in turn developed into our piecemeal emulation protocol. We would also like to thank Zvika Brakerski and Moni Naor for helpful comments on the presentation of this work.

Cite AsGet BibTex

Gal Arnon and Guy N. Rothblum. On Prover-Efficient Public-Coin Emulation of Interactive Proofs. In 2nd Conference on Information-Theoretic Cryptography (ITC 2021). Leibniz International Proceedings in Informatics (LIPIcs), Volume 199, pp. 3:1-3:15, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2021)


A central question in the study of interactive proofs is the relationship between private-coin proofs, where the verifier is allowed to hide its randomness from the prover, and public-coin proofs, where the verifier’s random coins are sent to the prover. The seminal work of Goldwasser and Sipser [STOC 1986] showed how to transform private-coin proofs into public-coin ones. However, their transformation incurs a super-polynomial blowup in the running time of the honest prover. In this work, we study transformations from private-coin proofs to public-coin proofs that preserve (up to polynomial factors) the running time of the prover. We re-consider this question in light of the emergence of doubly-efficient interactive proofs, where the honest prover is required to run in polynomial time and the verifier should run in near-linear time. Can every private-coin doubly-efficient interactive proof be transformed into a public-coin doubly-efficient proof? Adapting a result of Vadhan [STOC 2000], we show that, assuming one-way functions exist, there is no general-purpose black-box private-coin to public-coin transformation for doubly-efficient interactive proofs. Our main result is a loose converse: if (auxiliary-input infinitely-often) one-way functions do not exist, then there exists a general-purpose efficiency-preserving transformation. To prove this result, we show a general condition that suffices for transforming a doubly-efficient private coin protocol: every such protocol induces an efficiently computable function, such that if this function is efficiently invertible (in the sense of one-way functions), then the proof can be efficiently transformed into a public-coin proof system with a polynomial-time honest prover. This result motivates a study of other general conditions that allow for efficiency-preserving private to public coin transformations. We identify an additional (incomparable) condition to that used in our main result. This condition allows for transforming any private coin interactive proof where (roughly) it is possible to efficiently approximate the number of verifier coins consistent with a partial transcript. This allows for transforming any constant-round interactive proof that has this property (even if it is not doubly-efficient). We demonstrate the applicability of this final result by using it to transform a private-coin protocol of Rothblum, Vadhan and Wigderson [STOC 2013], obtaining a doubly-efficient public-coin protocol for verifying that a given graph is close to bipartite in a setting for which such a protocol was not previously known.

Subject Classification

ACM Subject Classification
  • Theory of computation → Computational complexity and cryptography
  • Theory of computation → Interactive proof systems
  • Interactive Proofs
  • Computational complexity
  • Cryptography


  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    PDF Downloads


  1. László Babai and Shlomo Moran. Proving properties of interactive proofs by a generalized counting technique. Inf. Comput., 82(2):185-197, 1989. URL: https://doi.org/10.1016/0890-5401(89)90053-9.
  2. Michael Ben-Or, Oded Goldreich, Shafi Goldwasser, Johan Håstad, Joe Kilian, Silvio Micali, and Phillip Rogaway. Everything provable is provable in zero-knowledge. In Advances in Cryptology - CRYPTO '88, 8th Annual International Cryptology Conference, Santa Barbara, California, USA, August 21-25, 1988, Proceedings, pages 37-56, 1988. URL: https://doi.org/10.1007/0-387-34799-2_4.
  3. Amos Fiat and Adi Shamir. How to prove yourself: Practical solutions to identification and signature problems. In Advances in Cryptology - CRYPTO '86, Santa Barbara, California, USA, 1986, Proceedings, pages 186-194, 1986. URL: https://doi.org/10.1007/3-540-47721-7_12.
  4. Martin Fürer, Oded Goldreich, Yishay Mansour, Michael Sipser, and Stathis Zachos. On completeness and soundness in interactive proof systems. Advances in Computing Research, 5:429-442, 1989. Google Scholar
  5. Oded Goldreich. On doubly-efficient interactive proof systems. Foundations and Trends in Theoretical Computer Science, 13(3):158-246, 2018. URL: https://doi.org/10.1561/0400000084.
  6. Oded Goldreich and Maya Leshkowitz. On emulating interactive proofs with public coins. Electronic Colloquium on Computational Complexity (ECCC), 23:66, 2016. URL: http://eccc.hpi-web.de/report/2016/066.
  7. Oded Goldreich, Silvio Micali, and Avi Wigderson. Proofs that yield nothing but their validity and a methodology of cryptographic protocol design (extended abstract). In 27th Annual Symposium on Foundations of Computer Science, Toronto, Canada, 27-29 October 1986, pages 174-187, 1986. URL: https://doi.org/10.1109/SFCS.1986.47.
  8. Oded Goldreich and Dana Ron. A sublinear bipartiteness tester for bounded degree graphs. Comb., 19(3):335-373, 1999. URL: https://doi.org/10.1007/s004930050060.
  9. Oded Goldreich and Dana Ron. Property testing in bounded degree graphs. Algorithmica, 32(2):302-343, 2002. URL: https://doi.org/10.1007/s00453-001-0078-7.
  10. Shafi Goldwasser, Yael Tauman Kalai, and Guy N. Rothblum. Delegating computation: interactive proofs for muggles. In Proceedings of the 40th Annual ACM Symposium on Theory of Computing, Victoria, British Columbia, Canada, May 17-20, 2008, pages 113-122, 2008. URL: https://doi.org/10.1145/1374376.1374396.
  11. Shafi Goldwasser, Silvio Micali, and Charles Rackoff. The knowledge complexity of interactive proof-systems (extended abstract). In Proceedings of the 17th Annual ACM Symposium on Theory of Computing, May 6-8, 1985, Providence, Rhode Island, USA, pages 291-304, 1985. URL: https://doi.org/10.1145/22145.22178.
  12. Shafi Goldwasser and Michael Sipser. Private coins versus public coins in interactive proof systems. In Proceedings of the 18th Annual ACM Symposium on Theory of Computing, May 28-30, 1986, Berkeley, California, USA, pages 59-68, 1986. URL: https://doi.org/10.1145/12130.12137.
  13. Iftach Haitner, Mohammad Mahmoody, and David Xiao. A new sampling protocol and applications to basing cryptographic primitives on the hardness of NP. Electronic Colloquium on Computational Complexity (ECCC), 17:1, 2010. URL: http://eccc.hpi-web.de/report/2010/001.
  14. Thomas Holenstein and Robin Künzler. A protocol for generating random elements with their probabilities. CoRR, abs/1312.2483, 2013. URL: http://arxiv.org/abs/1312.2483.
  15. Russell Impagliazzo. A personal view of average-case complexity. In Proceedings of the Tenth Annual Structure in Complexity Theory Conference, Minneapolis, Minnesota, USA, June 19-22, 1995, pages 134-147, 1995. URL: https://doi.org/10.1109/SCT.1995.514853.
  16. Russell Impagliazzo and Michael Luby. One-way functions are essential for complexity based cryptography (extended abstract). In 30th Annual Symposium on Foundations of Computer Science, Research Triangle Park, North Carolina, USA, 30 October - 1 November 1989, pages 230-235, 1989. URL: https://doi.org/10.1109/SFCS.1989.63483.
  17. Carsten Lund, Lance Fortnow, Howard J. Karloff, and Noam Nisan. Algebraic methods for interactive proof systems. J. ACM, 39(4):859-868, 1992. URL: https://doi.org/10.1145/146585.146605.
  18. Guy N. Rothblum, Salil P. Vadhan, and Avi Wigderson. Interactive proofs of proximity: delegating computation in sublinear time. In Symposium on Theory of Computing Conference, STOC'13, Palo Alto, CA, USA, June 1-4, 2013, pages 793-802, 2013. URL: https://doi.org/10.1145/2488608.2488709.
  19. Adi Shamir. IP = PSPACE. J. ACM, 39(4):869-877, 1992. URL: https://doi.org/10.1145/146585.146609.
  20. Larry J. Stockmeyer. The complexity of approximate counting. In Proceedings of the 15th Annual ACM Symposium on Theory of Computing, 25-27 April, 1983, Boston, Massachusetts, USA, pages 118-126, 1983. URL: https://doi.org/10.1145/800061.808740.
  21. Madhu Sudan. Advanced Complexity Theory (Lecture 14): http://people.csail.mit.edu/madhu/ST07/scribe/lect14.pdf. Scribe notes by Nate Ince and Krzysztof Onak, 2007.
  22. Salil P. Vadhan. On transformation of interactive proofs that preserve the prover’s complexity. In Proceedings of the Thirty-Second Annual ACM Symposium on Theory of Computing, May 21-23, 2000, Portland, OR, USA, pages 200-207, 2000. URL: https://doi.org/10.1145/335305.335330.