Resettable Statistical Zero Knowledge

Two central notions of Zero Knowledge that provide strong, yet seemingly incomparable security guarantees against malicious verifiers are those of Statistical Zero Knowledge and Resettable Zero Knowledge. The current state of the art includes several feasibility and impossibility results regarding these two notions separately. However, the question of achieving Resettable Statistical Zero Knowledge (i.e., Resettable Zero Knowledge and Statistical Zero Knowledge simultaneously) for non-trivial languages remained open. In this paper, we show: — Resettable Statistical Zero Knowledge with unbounded prover: under the assumption that sub-exponentially hard one-way functions exist, rSƵK = SƵK. In other words, every language that admits a Statistical Zero-Knowledge (SƵK) proof system also admits a Resettable Statistical Zero-Knowledge (rSƵK) proof system. (Further, the result can be re-stated unconditionally provided there exists a sub-exponentially hard language in SƵK). Moreover, under the assumption that (standard) one-way functions exist, all languages L such that the complement of L is random self reducible, admit a rSƵK; in other words: co-RSR ⊆ rSƵK. — Resettable Statistical Zero Knowledge with efficient prover: efficient-prover Resettable Statistical Zero-Knowledge proof systems exist for all languages that admit hash proof systems (e.g., QNR, QR, ƊƊH, DCR). Furthermore, for these languages we construct a two-round resettable statistical witness-indistinguishable argument system. The round complexity of our proof systems is O(log κ), where κ is the security parameter, and all our simulators are black-box.

[1]  Amit Sahai,et al.  Resolving the Simultaneous Resettability Conjecture and a New Non-Black-Box Simulation Strategy , 2009, 2009 50th Annual IEEE Symposium on Foundations of Computer Science.

[2]  Moni Naor,et al.  Zaps and Their Applications , 2007, SIAM J. Comput..

[3]  Martín Abadi,et al.  On Hiding Information from an Oracle , 1987, Proceeding Structure in Complexity Theory.

[4]  Silvio Micali,et al.  Soundness in the Public-Key Model , 2001, CRYPTO.

[5]  Ivan Damgård,et al.  Non-interactive Zero-Knowledge from Homomorphic Encryption , 2006, TCC.

[6]  Amit Sahai,et al.  Concurrent Zero Knowledge without Complexity Assumptions , 2006, Electron. Colloquium Comput. Complex..

[7]  Moni Naor,et al.  Nonmalleable Cryptography , 2000, SIAM Rev..

[8]  Ronald Cramer,et al.  A Twist on the Naor-Yung Paradigm and Its Application to Efficient CCA-Secure Encryption from Hard Search Problems , 2010, TCC.

[9]  Giovanni Di Crescenzo,et al.  On monotone formula closure of SZK , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[10]  Iordanis Kerenidis,et al.  Interactive and Noninteractive Zero Knowledge are Equivalent in the Help Model , 2008, TCC.

[11]  Daniele Micciancio,et al.  The Round-Complexity of Black-Box Zero-Knowledge: A Combinatorial Characterization , 2008, TCC.

[12]  Hoeteck Wee,et al.  Constant-Round Non-malleable Commitments from Sub-exponential One-Way Functions , 2010, EUROCRYPT.

[13]  Amit Sahai,et al.  Resettably Secure Computation , 2009, EUROCRYPT.

[14]  Ivan Damgård,et al.  Efficient Zero-Knowledge Proofs of Knowledge Without Intractability Assumptions , 2000, Public Key Cryptography.

[15]  Oded Goldreich,et al.  How to construct constant-round zero-knowledge proof systems for NP , 1996, Journal of Cryptology.

[16]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[17]  Giovanni Di Crescenzo,et al.  Constant-Round Resettable Zero Knowledge with Concurrent Soundness in the Bare Public-Key Model , 2004, CRYPTO.

[18]  Stathis Zachos,et al.  Does co-NP Have Short Interactive Proofs? , 1987, Inf. Process. Lett..

[19]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[20]  Ronald Cramer,et al.  Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption , 2001, EUROCRYPT.

[21]  Toshiya Itoh,et al.  A language-dependent cryptographic primitive , 1997, Journal of Cryptology.

[22]  Rafail Ostrovsky,et al.  The (true) complexity of statistical zero knowledge , 1990, STOC '90.

[23]  Srinivasan Venkatesh,et al.  A Characterization of Non-interactive Instance-Dependent Commitment-Schemes (NIC) , 2007, ICALP.

[24]  Rafail Ostrovsky,et al.  Concurrent Statistical Zero-Knowledge Arguments for NP from One Way Functions , 2007, ASIACRYPT.

[25]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[26]  Yehuda Lindell,et al.  Resettably-sound zero-knowledge and its applications , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[27]  Silvio Micali,et al.  Min-round Resettable Zero-Knowledge in the Public-Key Model , 2001, EUROCRYPT.

[28]  Rafail Ostrovsky,et al.  Simultaneously Resettable Arguments of Knowledge , 2012, TCC.

[29]  Silvio Micali,et al.  Local zero knowledge , 2006, STOC '06.

[30]  Rafail Ostrovsky,et al.  Non-interactive Zaps and New Techniques for NIZK , 2006, CRYPTO.

[31]  Lance Fortnow,et al.  The Complexity of Perfect Zero-Knowledge , 1987, Proceeding Structure in Complexity Theory.

[32]  Boaz Barak,et al.  How to go beyond the black-box simulation barrier , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[33]  Amit Sahai,et al.  Concurrent zero knowledge with logarithmic round-complexity , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[34]  Ivan Visconti,et al.  On Round-Optimal Zero Knowledge in the Bare Public-Key Model , 2012, EUROCRYPT.

[35]  Amit Sahai,et al.  A complete promise problem for statistical zero-knowledge , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[36]  Ivan Visconti,et al.  Impossibility and Feasibility Results for Zero Knowledge with Public Keys , 2005, CRYPTO.

[37]  Johan Håstad,et al.  Perfect zero-knowledge languages can be recognized in two rounds , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[38]  Moni Naor,et al.  Concurrent zero-knowledge , 2004, JACM.

[39]  Giovanni Di Crescenzo,et al.  Round-Optimal Perfect Zero-Knowledge Proofs , 1994, Inf. Process. Lett..

[40]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[41]  Ran Canetti,et al.  Resettable zero-knowledge (extended abstract) , 2000, STOC '00.

[42]  Yunlei Zhao,et al.  Resettable Zero-Knowledge in the Weak Public-Key Model , 2003, EUROCRYPT.

[43]  Martin Tompa,et al.  Random self-reducibility and zero knowledge interactive proofs of possession of information , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[44]  Yehuda Lindell,et al.  Bounded-concurrent secure two-party computation without setup assumptions , 2003, STOC '03.

[45]  Rafael Pass,et al.  Concurrent Zero Knowledge: Simplifications and Generalizations , 2008 .

[46]  Silvio Micali,et al.  Practical and Provably-Secure Commitment Schemes from Collision-Free Hashing , 1996, CRYPTO.

[47]  Marc Fischlin,et al.  Identification Protocols Secure against Reset Attacks , 2001, EUROCRYPT.

[48]  Ran Canetti,et al.  Black-Box Concurrent Zero-Knowledge Requires (Almost) Logarithmically Many Rounds , 2002, SIAM J. Comput..

[49]  Rafail Ostrovsky,et al.  One-way functions, hard on average problems, and statistical zero-knowledge proofs , 1991, [1991] Proceedings of the Sixth Annual Structure in Complexity Theory Conference.

[50]  SahaiAmit,et al.  A complete problem for statistical zero knowledge , 2003 .

[51]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[52]  Yunlei Zhao,et al.  Generic and Practical Resettable Zero-Knowledge in the Bare Public-Key Model , 2007, EUROCRYPT.

[53]  Luca Trevisan,et al.  Goldreich's One-Way Function Candidate and Myopic Backtracking Algorithms , 2009, TCC.

[54]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[55]  Hoeteck Wee,et al.  Black-Box, Round-Efficient Secure Computation via Non-malleability Amplification , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[56]  Amit Sahai,et al.  Honest-verifier statistical zero-knowledge equals general statistical zero-knowledge , 1998, STOC '98.

[57]  Yehuda Lindell,et al.  Lower bounds for non-black-box zero knowledge , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[58]  Salil P. Vadhan,et al.  An Equivalence Between Zero Knowledge and Commitments , 2008, TCC.

[59]  Tatsuaki Okamoto,et al.  On relationships between statistical zero-knowledge proofs , 1996, STOC '96.

[60]  Manuel Blum,et al.  Non-Interactive Zero-Knowledge and Its Applications (Extended Abstract) , 1988, STOC 1988.

[61]  Kouichi Sakurai,et al.  On the Complexity of Constant Round ZKIP of Possession of Knowledge , 1991, ASIACRYPT.

[62]  Markus Jakobsson,et al.  Round-Optimal Zero-Knowledge Arguments Based on any One-Way Function , 1997, EUROCRYPT.

[63]  Dongdai Lin,et al.  Instance-Dependent Verifiable Random Functions and Their Application to Simultaneous Resettability , 2007, EUROCRYPT.