量子零知识交互证明的相关研究
|
摘要
由于量子计算和量子通信在原则上是可行的,并有一天可能会在物理上完全实现(现在已经能够部分实现,尤其是量子保密通信),因此,看看它们能够如何改变我们的生活是一件非常有趣的事情;特别地,随着安全性在我们的日常生活中变地越来越重要,看看量子特性能够提供给我们一个怎样的安全保障显得格外引人注目。众所周知,经典的密码学有时在量子攻击下是不安全的,这也迫使我们去考虑量子密码学:我们能否利用量子机制去抵抗同样由量子机制带来的攻击?
零知识证明是经典密码学中的一个基本概念,可以用它来构造许多有用的密码协议,例如,身份认证方案。因此,把零知识证明推广到量子情形,考虑量子零知识证明,是有意义的。这篇论文的主题就是用计算复杂性理论的方法对量子零知识交互证明展开研究。这里,用“计算复杂性理论的方法”的含义是,我们把具有量子零知识交互证明的语言(或许诺问题)看作一个复杂性类,然后用计算复杂性理论中发展的各种思想和方法来对其进行研究。具体如下。
我们首先详细地讨论量子零知识证明的形式化定义,解释该定义如何从经典定义中推广而来并且符合我们的直观。据我们了解,在此之前还没有文献对量子零知识证明的定义做过系统的总结和讨论。
我们接下来研究量子完美零知识证明,并且构造了对应的复杂性类的第一个完全问题。我们需要指出,这个结果依赖于量子特性,因此没有经典的对应结果。事实表明,我们的完全问题在研究完美零知识量子证明中有很多应用。
操作迹距离是研究量子统计和完美零知识证明的一个基本工具。在这篇论文中,我们发现了一个有趣的逆转迹距离的方法。特别地,该方法有两个引人注目的特性:首先,我们的构造利用了量子纠缠;它的底层思想与一种称作退相干的普遍量子现象非常相似。其次,我们的构造有非黑盒的意味。
Since quantum computation and quantum communication are possible in principle and may be physically realized one day (now we have already realized it partly, especially in secure quantum communication), it would be very interesting to see how quantumness can change our lives. In particular, it would be intriguing to see what security quantumness may provide us, which is becoming more and more important in our everyday life. As it is well-known, classical cryptography sometimes is insecure under quantum attack, this also drives us to consider quan-tum cryptography:can we use quantum mechanism to counter against the attack that may also come from quantum mechanism?
Among others, zero-knowledge proof is a basic notion in classical cryptogra-phy, which can be used to construct many useful cryptographic protocols, e.g. identification scheme. Thus, it would be interesting to generalize zero-knowledge proof to quantum case, that is, consider zero-knowledge quantum proof. The theme of this thesis is to carry out a complexity-theoretic study of zero-knowledge quantum interactive proof. Here by "complexity-theoretic method" we mean we identify languages (or promise problems) possessing zero-knowledge quantum in-teractive proof as a complexity class, and study it using various ideas and methods developed in computational complexity.
Specifically, we first fully discuss the formal definition of zero-knowledge quantum proof, explaining how it generalizes from its classical counterpart and captures our intuition. As far as we known, similar systematical discussion of zero-knowledge quantum proof can be found nowhere before us.
We next study perfect zero-knowledge quantum proof, constructing a first complete problem for the corresponding complexity class. We remark that this result heavily relies on quantum property, thus does not have classical counterpart. It turns out that our complete problem finds many applications in the study of perfect zero-knowledge quantum proof.
Manipulating trace distance serves as a basic tool in deriving complete prob-lems for statistical and perfect zero-knowledge quantum proof. In this thesis, we discover an interesting way of reversing trace distance. In particular, this way has two intriguing features:first, our construction makes use of quantum entangle-ment; its underlying idea is similar to a common quantum phenomenon known as decoherence. Second, our construction has a non-black-box sense.
零知识证明是经典密码学中的一个基本概念,可以用它来构造许多有用的密码协议,例如,身份认证方案。因此,把零知识证明推广到量子情形,考虑量子零知识证明,是有意义的。这篇论文的主题就是用计算复杂性理论的方法对量子零知识交互证明展开研究。这里,用“计算复杂性理论的方法”的含义是,我们把具有量子零知识交互证明的语言(或许诺问题)看作一个复杂性类,然后用计算复杂性理论中发展的各种思想和方法来对其进行研究。具体如下。
我们首先详细地讨论量子零知识证明的形式化定义,解释该定义如何从经典定义中推广而来并且符合我们的直观。据我们了解,在此之前还没有文献对量子零知识证明的定义做过系统的总结和讨论。
我们接下来研究量子完美零知识证明,并且构造了对应的复杂性类的第一个完全问题。我们需要指出,这个结果依赖于量子特性,因此没有经典的对应结果。事实表明,我们的完全问题在研究完美零知识量子证明中有很多应用。
操作迹距离是研究量子统计和完美零知识证明的一个基本工具。在这篇论文中,我们发现了一个有趣的逆转迹距离的方法。特别地,该方法有两个引人注目的特性:首先,我们的构造利用了量子纠缠;它的底层思想与一种称作退相干的普遍量子现象非常相似。其次,我们的构造有非黑盒的意味。
Since quantum computation and quantum communication are possible in principle and may be physically realized one day (now we have already realized it partly, especially in secure quantum communication), it would be very interesting to see how quantumness can change our lives. In particular, it would be intriguing to see what security quantumness may provide us, which is becoming more and more important in our everyday life. As it is well-known, classical cryptography sometimes is insecure under quantum attack, this also drives us to consider quan-tum cryptography:can we use quantum mechanism to counter against the attack that may also come from quantum mechanism?
Among others, zero-knowledge proof is a basic notion in classical cryptogra-phy, which can be used to construct many useful cryptographic protocols, e.g. identification scheme. Thus, it would be interesting to generalize zero-knowledge proof to quantum case, that is, consider zero-knowledge quantum proof. The theme of this thesis is to carry out a complexity-theoretic study of zero-knowledge quantum interactive proof. Here by "complexity-theoretic method" we mean we identify languages (or promise problems) possessing zero-knowledge quantum in-teractive proof as a complexity class, and study it using various ideas and methods developed in computational complexity.
Specifically, we first fully discuss the formal definition of zero-knowledge quantum proof, explaining how it generalizes from its classical counterpart and captures our intuition. As far as we known, similar systematical discussion of zero-knowledge quantum proof can be found nowhere before us.
We next study perfect zero-knowledge quantum proof, constructing a first complete problem for the corresponding complexity class. We remark that this result heavily relies on quantum property, thus does not have classical counterpart. It turns out that our complete problem finds many applications in the study of perfect zero-knowledge quantum proof.
Manipulating trace distance serves as a basic tool in deriving complete prob-lems for statistical and perfect zero-knowledge quantum proof. In this thesis, we discover an interesting way of reversing trace distance. In particular, this way has two intriguing features:first, our construction makes use of quantum entangle-ment; its underlying idea is similar to a common quantum phenomenon known as decoherence. Second, our construction has a non-black-box sense.
引文
[1]Goldwasser S, Micali S, Rackoff C. The Knowledge Complexity of Interactive Proof Systems. SI AM J. Comput.,1989,18(1):186-208.
[2]Babai L, Moran S. Arthur-Merlin Games:A Randomized Proof System, and a Hierarchy of Complexity Classes. J. Comput. Syst. Sci.,1988,36(2):254-276.
[3]Sipser M. Introduction to the Theory of Computation,3rd Edition. Course Technology,2012.
[4]Kitaev A Y, Shen A H, Vyalyi M N. Classical and Quantum Computation, volume 47 of Graduate Studies in Mathematics. American Mathematical Society,2002.
[5]Nielsen M A, Chuang I L. Quantum computation and Quantum Informatioin. Cambridge University Press,2000.
[6]Shor P W. Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer. SIAM J. Comput.,1997,26(5):1484-1509.
[7]Goldreich O. Foundations of Cryptography, Basic Tools, volume I. Cambridge University Press, 2001.
[8]Goldreich O, Krawczyk H. On the Composition of Zero-Knowledge Proof Systems. SIAM J. Comput.,1996,25(1):169-192.
[9]Kitaev A, Watrous J. Parallelization, amplification, and exponential time simulation of quantum interactive proof systems. Proceedings of STOC,2000.608-617.
[10]Marriott C, Watrous J. Quantum Arthur-Merlin games. Computational Complexity,2005, 14(2):122-152.
[11]Boppana R B, Hastad J, Zachos S. Does co-NP Have Short Interactive Proofs? Inf. Process. Lett., 1987,25(2):127-132.
[12]Pavan A, Selman A L, Sengupta S, et al. Polylogarithmic-round interactive proofs for coNP collapse the exponential hierarchy. Theor. Comput. Sci.,2007,385(1-3):167-178.
[13]Watrous J. Limits on the Power of Quantum Statistical Zero-Knowledge. Proceedings of FOCS, 2002.459-468.
[14]Sahai A, Vadhan S P. A complete problem for statistical zero knowledge. J. ACM,2003, 50(2).-196-249. Preliminary version appears in FOCS 1997.
[15]Malka L. How to Achieve Perfect Simulation and A Complete Problem for Non-interactive Perfect Zero-Knowledge. Proceedings of TCC,2008.89-106.
[16]Watrous J. Theory of Quantum Information. Online Lecture Notes:http://www.cs.uwaterloo.ca/-watrous/798/,2008.
[17]Preskill J. Quantum Informaiton and Computation. Online Lecture Notes:http://www.theory. caltech.edu/people/preskill/ph229/index.html,2001.
[18]Bernstein E, Vazirani U V. Quantum Complexity Theory. SIAM J. Comput.,1997, 26(5):1411-1473.
[19]Yao A C C. Quantum Circuit Complexity. Proceedings of FOCS,1993.352-361.
[20]Shor P W. Fault-Tolerant Quantum Computation. Proceedings of FOCS,1996.56-65.
[21]Kitaev A Y. Qua.ntum computations:algorithms and error correction. Russian Mathematical Surveys,1997,52(6):1191-1249.
[22]Watrous J. Zero-Knowledge against Quantum Attacks. SIAM J. Comput.,2009,39(1):25-58. Preliminary version appears in STOC 2006.
[23]Arora S, Barak B. Computational Complexity:A Modern Approach. Cambridge University Press, 2009.
[24]Goldreich O. Modern Cryptography, Probabilistic Proofs and Pseudorandomness. Springer,1998.
[25]Lund C, Fortnow L, Karloff H J, et al. Algebraic Methods for Interactive Proof Systems. J. ACM, 1992,39(4):859-868.
[26]Shamir A. IP=PSPACE. J. ACM,1992,39(4):869-877.
[27]Furer M, Goldreich O, Mansour Y, et al. On completeness and soundness in interactive proof sys-tems. In:Micali S, (eds.). Proceedings of Randomness and Computation, Greenwich, Connecticut: Advances in Computing Research, vol.5, JAI Press,1989.429-442.
[28]Goldwasser S, Sipser M. Private Coins versus Public Coins in Interactive Proof Systems. Proceed-ings of Advances in Computing Research:a research annual (Randomness and Computation, S. Micali, ed.), volume 5. JAI Press,1989.73-90.
[29]Goldreich O. Computational Complexity:A Conceptual Approach. Cambridge University Press, 2008.
[30]Wolf R. Quantum communication and complexity. Theor. Comput. Sci.,2002,287(1):337-353.
[31]Graaf J. Towards a formal definition of security for quantum protocols. PhD thesis, Universite de Montreal,1997,
[32]Jain R, Ji Z, Upadhyay S, et al. QIP=PSPACE. J. ACM,2011,58(6):30.
[33]Watrous J. PSPACE Has Constant-Round Quantum Interactive Proof Systems. Proceedings of FOGS,1999.112-119.
[34]Micciancio D, Vadhan S P. Statistical Zero-Knowledge Proofs with Efficient Provers:Lattice Problems and More. Proceedings of CRYPTO,2003.282-298.
[35]Nguyen M H, Vadhan S P. Zero knowledge with efficient provers. Proceedings of STOC,2006. 287-295.
[36]Ong S J, Vadhan S P. An Equivalence Between Zero Knowledge and Commitments. Proceedings of TCC,2008.482-500.
[37]Vadhan S. Ph.D Thesis:A Study of Statistical Zero-Knowledge Proofs.1999.
[38]Kobayashi H. General Properties of Quantum Zero-Knowledge Proofs. Available as arXiv.org e-Print 0705.1129. Preliminary version appears in TCC 2008.
[39]Kobayashi H. Non-interactive Quantum Perfect and Statistical Zero-Knowledge. Proceedings of ISAAC,2003.178-188.
[40]Goldreich O. A Note on Computational Indistinguishability. Inf. Process. Lett.,1990, 34(6):277-281.
[41]Goldreich O, Meyer B. Computational Indistinguishability:Algorithms vs. Circuits. Theor. Com-put. Sci.,1998,191(1-2):215-218.
[42]Goldreich O, Sudan M. Computational Indistinguishability:A Sample Hierarchy. Proceedings of IEEE Conference on Computational Complexity,1998.24-33.
[43]Watson T. Time Hierarchies for Sampling Distributions. Electronic Colloquium on Computational Complexity (ECCC),2012,19:26.
[44]Barak B. How to Go Beyond the Black-Box Simulation Barrier. Proceedings of FOCS,2001. 106-115.
[45]Jain R, Kolla A, Midrijanis G, et al. On parallel composition of zero-knowledge proofs with black-box quantum simulators. Quantum Information & Computation,2009,9(5):513-532.
[46]Jain R, Upadhyay S, Watrous J. Two-Message Quantum Interactive Proofs Are in PSPACE. Proceedings of FOCS,2009.534-543.
[47]Molina A. Parallel Repetition of Prover-Verifier Quantum Interactions. Master thesis, University of Waterloo,2012.
[48]Chailloux A, Ciocan D F, Kerenidis I, et al. Interactive and Noninteractive Zero Knowledge are Equivalent in the Help Model. Proceedings of TCC,2008.501-534.
[49]Goldreich O, Vadhan S P. Comparing Entropies in Statistical Zero Knowledge with Applications to the Structure of SZK. Proceedings of IEEE Conference on Computational Complexity,1999. 54-73.
[50]Santis A D, Crescenzo G D, Persiano G, et al. Image Density is Complete for Non-Interactive-SZK (Extended Abstract). Proceedings of ICALP, 1998.784-795.
[51]Goldreich O, Sahai A, Vadhan S P. Can Statistical Zero Knowledge Be Made Non-interactive? or On the Relationship of SZK and NISZK. Proceedings of CRYPTO,1999.467-484.
[52]Ben-Aroya A, Schwartz O, Ta.-Shma A. Quantum Expanders:Motivation and Construction. Theory of Computing,2010,6(1):47-79.
[53]Vadhan S P. An Unconditional Study of Computational Zero Knowledge. SIAM J. Comput.,2006, 36(4):1160-1214.
[54]Ben-Or M, Goldreich O, Goldwasser S, et al. Everything Provable is Provable in Zero-Knowledge. Proceedings of CRYPTO,1988.37-56.
[55]Goldreich O, Vadhan S P. On the Complexity of Computational Problems Regarding Distributions. Proceedings of Studies in Complexity and Cryptography.2011:390-405.
[56]Ben-Or M, Gutfreund D. Trading Help for Interaction in Statistical Zero-Knowledge Proofs. J. Cryptology,2003,16(2):95-116.
[57]Santis A D, Crescenzo G D, Persiano G, et al. On Monotone Formula Closure of SZK. Proceedings of FOCS,1994.454-465.
[58]Damgard I B, Cramer R J. On monotone function closure of perfect and statistical zero-knowledge. Technical report, Amsterdam, The Netherlands, The Netherlands,1996.
[59]Sahai A, Vadhan S. Manipulating Statistical Difference. In:Pardalos P, Rajasekaran S, Rolim J, (eds.). Proceedings of Randomization Methods in Algorithm Design (DIMACS Workshop, De-cember 1997), volume 43 of DIMACS Series in Discrete Mathematics and Theoretical Computer Science. American Mathematical Society,1999.251-270.
[60]Okamoto T. On Relationships between Statistical Zero-Knowledge Proofs. J. Comput. Syst. Sci., 2000,60(1):47-108.
[61]Watrous J. Reply to the author's question on websit "Theoretical Comput-er Science-Stack Exchange". http://cstheory.stackexchange.com/questions/1348/ does-the-trace-norm-of-the-difference-of-two-density-matrices-being-one-imply-th,2010.
[2]Babai L, Moran S. Arthur-Merlin Games:A Randomized Proof System, and a Hierarchy of Complexity Classes. J. Comput. Syst. Sci.,1988,36(2):254-276.
[3]Sipser M. Introduction to the Theory of Computation,3rd Edition. Course Technology,2012.
[4]Kitaev A Y, Shen A H, Vyalyi M N. Classical and Quantum Computation, volume 47 of Graduate Studies in Mathematics. American Mathematical Society,2002.
[5]Nielsen M A, Chuang I L. Quantum computation and Quantum Informatioin. Cambridge University Press,2000.
[6]Shor P W. Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer. SIAM J. Comput.,1997,26(5):1484-1509.
[7]Goldreich O. Foundations of Cryptography, Basic Tools, volume I. Cambridge University Press, 2001.
[8]Goldreich O, Krawczyk H. On the Composition of Zero-Knowledge Proof Systems. SIAM J. Comput.,1996,25(1):169-192.
[9]Kitaev A, Watrous J. Parallelization, amplification, and exponential time simulation of quantum interactive proof systems. Proceedings of STOC,2000.608-617.
[10]Marriott C, Watrous J. Quantum Arthur-Merlin games. Computational Complexity,2005, 14(2):122-152.
[11]Boppana R B, Hastad J, Zachos S. Does co-NP Have Short Interactive Proofs? Inf. Process. Lett., 1987,25(2):127-132.
[12]Pavan A, Selman A L, Sengupta S, et al. Polylogarithmic-round interactive proofs for coNP collapse the exponential hierarchy. Theor. Comput. Sci.,2007,385(1-3):167-178.
[13]Watrous J. Limits on the Power of Quantum Statistical Zero-Knowledge. Proceedings of FOCS, 2002.459-468.
[14]Sahai A, Vadhan S P. A complete problem for statistical zero knowledge. J. ACM,2003, 50(2).-196-249. Preliminary version appears in FOCS 1997.
[15]Malka L. How to Achieve Perfect Simulation and A Complete Problem for Non-interactive Perfect Zero-Knowledge. Proceedings of TCC,2008.89-106.
[16]Watrous J. Theory of Quantum Information. Online Lecture Notes:http://www.cs.uwaterloo.ca/-watrous/798/,2008.
[17]Preskill J. Quantum Informaiton and Computation. Online Lecture Notes:http://www.theory. caltech.edu/people/preskill/ph229/index.html,2001.
[18]Bernstein E, Vazirani U V. Quantum Complexity Theory. SIAM J. Comput.,1997, 26(5):1411-1473.
[19]Yao A C C. Quantum Circuit Complexity. Proceedings of FOCS,1993.352-361.
[20]Shor P W. Fault-Tolerant Quantum Computation. Proceedings of FOCS,1996.56-65.
[21]Kitaev A Y. Qua.ntum computations:algorithms and error correction. Russian Mathematical Surveys,1997,52(6):1191-1249.
[22]Watrous J. Zero-Knowledge against Quantum Attacks. SIAM J. Comput.,2009,39(1):25-58. Preliminary version appears in STOC 2006.
[23]Arora S, Barak B. Computational Complexity:A Modern Approach. Cambridge University Press, 2009.
[24]Goldreich O. Modern Cryptography, Probabilistic Proofs and Pseudorandomness. Springer,1998.
[25]Lund C, Fortnow L, Karloff H J, et al. Algebraic Methods for Interactive Proof Systems. J. ACM, 1992,39(4):859-868.
[26]Shamir A. IP=PSPACE. J. ACM,1992,39(4):869-877.
[27]Furer M, Goldreich O, Mansour Y, et al. On completeness and soundness in interactive proof sys-tems. In:Micali S, (eds.). Proceedings of Randomness and Computation, Greenwich, Connecticut: Advances in Computing Research, vol.5, JAI Press,1989.429-442.
[28]Goldwasser S, Sipser M. Private Coins versus Public Coins in Interactive Proof Systems. Proceed-ings of Advances in Computing Research:a research annual (Randomness and Computation, S. Micali, ed.), volume 5. JAI Press,1989.73-90.
[29]Goldreich O. Computational Complexity:A Conceptual Approach. Cambridge University Press, 2008.
[30]Wolf R. Quantum communication and complexity. Theor. Comput. Sci.,2002,287(1):337-353.
[31]Graaf J. Towards a formal definition of security for quantum protocols. PhD thesis, Universite de Montreal,1997,
[32]Jain R, Ji Z, Upadhyay S, et al. QIP=PSPACE. J. ACM,2011,58(6):30.
[33]Watrous J. PSPACE Has Constant-Round Quantum Interactive Proof Systems. Proceedings of FOGS,1999.112-119.
[34]Micciancio D, Vadhan S P. Statistical Zero-Knowledge Proofs with Efficient Provers:Lattice Problems and More. Proceedings of CRYPTO,2003.282-298.
[35]Nguyen M H, Vadhan S P. Zero knowledge with efficient provers. Proceedings of STOC,2006. 287-295.
[36]Ong S J, Vadhan S P. An Equivalence Between Zero Knowledge and Commitments. Proceedings of TCC,2008.482-500.
[37]Vadhan S. Ph.D Thesis:A Study of Statistical Zero-Knowledge Proofs.1999.
[38]Kobayashi H. General Properties of Quantum Zero-Knowledge Proofs. Available as arXiv.org e-Print 0705.1129. Preliminary version appears in TCC 2008.
[39]Kobayashi H. Non-interactive Quantum Perfect and Statistical Zero-Knowledge. Proceedings of ISAAC,2003.178-188.
[40]Goldreich O. A Note on Computational Indistinguishability. Inf. Process. Lett.,1990, 34(6):277-281.
[41]Goldreich O, Meyer B. Computational Indistinguishability:Algorithms vs. Circuits. Theor. Com-put. Sci.,1998,191(1-2):215-218.
[42]Goldreich O, Sudan M. Computational Indistinguishability:A Sample Hierarchy. Proceedings of IEEE Conference on Computational Complexity,1998.24-33.
[43]Watson T. Time Hierarchies for Sampling Distributions. Electronic Colloquium on Computational Complexity (ECCC),2012,19:26.
[44]Barak B. How to Go Beyond the Black-Box Simulation Barrier. Proceedings of FOCS,2001. 106-115.
[45]Jain R, Kolla A, Midrijanis G, et al. On parallel composition of zero-knowledge proofs with black-box quantum simulators. Quantum Information & Computation,2009,9(5):513-532.
[46]Jain R, Upadhyay S, Watrous J. Two-Message Quantum Interactive Proofs Are in PSPACE. Proceedings of FOCS,2009.534-543.
[47]Molina A. Parallel Repetition of Prover-Verifier Quantum Interactions. Master thesis, University of Waterloo,2012.
[48]Chailloux A, Ciocan D F, Kerenidis I, et al. Interactive and Noninteractive Zero Knowledge are Equivalent in the Help Model. Proceedings of TCC,2008.501-534.
[49]Goldreich O, Vadhan S P. Comparing Entropies in Statistical Zero Knowledge with Applications to the Structure of SZK. Proceedings of IEEE Conference on Computational Complexity,1999. 54-73.
[50]Santis A D, Crescenzo G D, Persiano G, et al. Image Density is Complete for Non-Interactive-SZK (Extended Abstract). Proceedings of ICALP, 1998.784-795.
[51]Goldreich O, Sahai A, Vadhan S P. Can Statistical Zero Knowledge Be Made Non-interactive? or On the Relationship of SZK and NISZK. Proceedings of CRYPTO,1999.467-484.
[52]Ben-Aroya A, Schwartz O, Ta.-Shma A. Quantum Expanders:Motivation and Construction. Theory of Computing,2010,6(1):47-79.
[53]Vadhan S P. An Unconditional Study of Computational Zero Knowledge. SIAM J. Comput.,2006, 36(4):1160-1214.
[54]Ben-Or M, Goldreich O, Goldwasser S, et al. Everything Provable is Provable in Zero-Knowledge. Proceedings of CRYPTO,1988.37-56.
[55]Goldreich O, Vadhan S P. On the Complexity of Computational Problems Regarding Distributions. Proceedings of Studies in Complexity and Cryptography.2011:390-405.
[56]Ben-Or M, Gutfreund D. Trading Help for Interaction in Statistical Zero-Knowledge Proofs. J. Cryptology,2003,16(2):95-116.
[57]Santis A D, Crescenzo G D, Persiano G, et al. On Monotone Formula Closure of SZK. Proceedings of FOCS,1994.454-465.
[58]Damgard I B, Cramer R J. On monotone function closure of perfect and statistical zero-knowledge. Technical report, Amsterdam, The Netherlands, The Netherlands,1996.
[59]Sahai A, Vadhan S. Manipulating Statistical Difference. In:Pardalos P, Rajasekaran S, Rolim J, (eds.). Proceedings of Randomization Methods in Algorithm Design (DIMACS Workshop, De-cember 1997), volume 43 of DIMACS Series in Discrete Mathematics and Theoretical Computer Science. American Mathematical Society,1999.251-270.
[60]Okamoto T. On Relationships between Statistical Zero-Knowledge Proofs. J. Comput. Syst. Sci., 2000,60(1):47-108.
[61]Watrous J. Reply to the author's question on websit "Theoretical Comput-er Science-Stack Exchange". http://cstheory.stackexchange.com/questions/1348/ does-the-trace-norm-of-the-difference-of-two-density-matrices-being-one-imply-th,2010.