On the Impossibility of Post-Quantum Black-Box Zero-Knowledge in Constant Rounds
share
We investigate the existence of constant-round post-quantum black-box zero-knowledge protocols for 𝐍𝐏. As a main result, we show that there is no constant-round post-quantum black-box zero-knowledge argument for 𝐍𝐏 unless 𝐍𝐏⊆𝐁𝐐𝐏. As constant-round black-box zero-knowledge arguments for 𝐍𝐏 exist in the classical setting, our main result points out a fundamental difference between post-quantum and classical zero-knowledge protocols. Combining previous results, we conclude that unless 𝐍𝐏⊆𝐁𝐐𝐏, constant-round post-quantum zero-knowledge protocols for 𝐍𝐏 exist if and only if we use non-black-box techniques or relax certain security requirements such as relaxing standard zero-knowledge to ϵ-zero-knowledge. Additionally, we also prove that three-round and public-coin constant-round post-quantum black-box ϵ-zero-knowledge arguments for 𝐍𝐏 do not exist unless 𝐍𝐏⊆𝐁𝐐𝐏.
READ FULL TEXT
