Non-Malleable Zero Knowledge: Black-Box Constructions and Definitional Relationships

This paper deals with efficient non-malleable zero-knowledge proofs for \(\mathcal{NP}\), based on general assumptions. We give the first construction of a simulation-sound zero-knowledge (\(\mathcal{ZK}\)) protocol for \(\mathcal{NP}\) based only on the black-box use of one-way functions. Constructing such a proof system has been an open question ever since the original work of Dolev, Dwork, and Naor [18]. In addition to the feasibility result, our protocol has a constant number of rounds, which is asymptotically optimal.

[1]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[2]  Amit Sahai,et al.  Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[3]  Jonathan Katz,et al.  Universally-Composable Two-Party Computation in Two Rounds , 2007, CRYPTO.

[4]  Rafael Pass,et al.  Concurrent non-malleable commitments , 2005, 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS'05).

[5]  Rafail Ostrovsky,et al.  Robust Non-interactive Zero Knowledge , 2001, CRYPTO.

[6]  Amit Sahai,et al.  Concurrent zero knowledge with logarithmic round-complexity , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[7]  Vinod Vaikuntanathan,et al.  Adaptive One-Way Functions and Applications , 2008, CRYPTO.

[8]  Adi Shamir,et al.  Witness indistinguishable and witness hiding protocols , 1990, STOC '90.

[9]  Rafael Pass,et al.  Bounded-concurrent secure multi-party computation with a dishonest majority , 2004, STOC '04.

[10]  Manuel Blum,et al.  Non-interactive zero-knowledge and its applications , 1988, STOC '88.

[11]  Rafael Pass,et al.  Concurrent Non-malleable Commitments from Any One-Way Function , 2008, TCC.

[12]  Manuel Blum,et al.  Non-Interactive Zero-Knowledge and Its Applications (Extended Abstract) , 1988, STOC 1988.

[13]  Moni Naor,et al.  Bit commitment using pseudo-randomness (extended abstract) , 1989, CRYPTO 1989.

[14]  Yehuda Lindell,et al.  Highly-Efficient Universally-Composable Commitments based on the DDH Assumption , 2011, IACR Cryptol. ePrint Arch..

[15]  Rafail Ostrovsky,et al.  Constant-Round Concurrent Non-malleable Zero Knowledge in the Bare Public-Key Model , 2008, ICALP.

[16]  Alon Rosen,et al.  A Note on Constant-Round Zero-Knowledge Proofs for NP , 2004, TCC.

[17]  Yehuda Lindell,et al.  Universally composable two-party and multi-party secure computation , 2002, STOC '02.

[18]  Oded Goldreich,et al.  How to construct constant-round zero-knowledge proof systems for NP , 1996, Journal of Cryptology.

[19]  Leonid A. Levin Problems, complete in “average” instance , 1984, STOC '84.

[20]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[21]  Oded Goldreich,et al.  Foundations of Cryptography: Basic Tools , 2000 .

[22]  Manuel Blum,et al.  How to Prove a Theorem So No One Else Can Claim It , 2010 .

[23]  Benny Pinkas,et al.  Fairplay - Secure Two-Party Computation System , 2004, USENIX Security Symposium.

[24]  Juan A. Garay,et al.  Strengthening Zero-Knowledge Protocols Using Signatures , 2003, EUROCRYPT.

[25]  David Cash,et al.  Foundations of Non-malleable Hash and One-Way Functions , 2009, ASIACRYPT.

[26]  Rafael Pass,et al.  A unified framework for concurrent security: universal composability from stand-alone non-malleability , 2009, STOC '09.

[27]  Ran Canetti,et al.  Adaptive Hardness and Composable Security in the Plain Model from Standard Assumptions , 2010, FOCS.

[28]  Moni Naor,et al.  Nonmalleable Cryptography , 2000, SIAM Rev..

[29]  Rafail Ostrovsky,et al.  Constructing Non-malleable Commitments: A Black-Box Approach , 2012, 2012 IEEE 53rd Annual Symposium on Foundations of Computer Science.

[30]  Serge Fehr,et al.  On Notions of Security for Deterministic Encryption, and Efficient Constructions without Random Oracles , 2008, CRYPTO.

[31]  Yehuda Lindell,et al.  Constant-Round Zero-Knowledge Proofs of Knowledge , 2010, IACR Cryptol. ePrint Arch..

[32]  Benny Pinkas,et al.  FairplayMP: a system for secure multi-party computation , 2008, CCS.

[33]  Moni Naor,et al.  Non-Malleable Cryptography (Extended Abstract) , 1991, STOC 1991.

[34]  Rafael Pass,et al.  Non-malleability amplification , 2009, STOC '09.

[35]  Jonathan Katz,et al.  Complete characterization of security notions for probabilistic private-key encryption , 2000, STOC '00.

[36]  Stephen A. Cook,et al.  The complexity of theorem-proving procedures , 1971, STOC.

[37]  Rafail Ostrovsky,et al.  Efficient and Non-interactive Non-malleable Commitment , 2001, EUROCRYPT.

[38]  Manuel Blum,et al.  Noninteractive Zero-Knowledge , 1991, SIAM J. Comput..

[39]  Hoeteck Wee,et al.  Black-Box Constructions of Two-Party Protocols from One-Way Functions , 2009, TCC.

[40]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[41]  Yehuda Lindell Parallel Coin-Tossing and Constant-Round Secure Two-Party Computation , 2001, CRYPTO.

[42]  Boaz Barak,et al.  Constant-round coin-tossing with a man in the middle or realizing the shared random string model , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[43]  Yehuda Lindell,et al.  Bounded-concurrent secure two-party computation without setup assumptions , 2003, STOC '03.

[44]  Rafael Pass,et al.  New and improved constructions of non-malleable cryptographic protocols , 2005, STOC '05.

[45]  Yevgeniy Dodis,et al.  Non-malleable extractors and symmetric key cryptography from weak secrets , 2009, STOC '09.

[46]  Adam O'Neill,et al.  Deterministic Encryption: Definitional Equivalences and Constructions without Random Oracles , 2008, CRYPTO.

[47]  Rafael Pass,et al.  Constant-round non-malleable commitments from any one-way function , 2011, STOC '11.

[48]  Hoeteck Wee,et al.  Black-Box, Round-Efficient Secure Computation via Non-malleability Amplification , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[49]  Giovanni Di Crescenzo,et al.  On Defining Proofs of Knowledge in the Bare Public Key Model , 2007, ICTCS.

[50]  Vipul Goyal,et al.  Constant round non-malleable protocols using one way functions , 2011, STOC '11.

[51]  Moni Naor,et al.  Bit Commitment Using Pseudo-Randomness , 1989, CRYPTO.

[52]  Rafail Ostrovsky,et al.  Efficiency Preserving Transformations for Concurrent Non-malleable Zero Knowledge , 2010, TCC.

[53]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[54]  Adi Shamir,et al.  Zero Knowledge Proofs of Knowledge in Two Rounds , 1989, CRYPTO.

[55]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.