Improved Setup Assumptions for 3-Round Resettable Zero Knowledge

In the bare public-key model, introduced by Canetti et al. [STOC 2000], it is only assumed that each verifier deposits during a set-up phase a public key in a file accessible by all users at all times.As pointed out by Micali and Reyzin [Crypto 2001], the notion of soundness in this model is more subtle and complex than in the classical model. Indeed Micali and Reyzin have introduced four different notions which are called (from weaker to stronger): one-time, sequential, concurrent and resettable soundness. In this paper we introduce the counter public-key model (the cPK model for short), an augmentation of the bare public-key model in which each verifier is equipped with a counter and, like in the original bare public-key model, the key of the verifier can be used for any polynomial number of interactions with provers. In the cPK model, we give a three-round concurrently-sound resettable zero-knowledge argument of membership for NP. Previously similar results were obtained by Micali and Reyzin [EuroCrypt 2001] and then improved by Zhao et al. [EuroCrypt 2003] in models in which, roughly speaking, each verifier is still equipped with a counter, but the key of the verifier could only be used for a fixed number of interactions.

[1]  Silvio Micali,et al.  Soundness in the Public-Key Model , 2001, CRYPTO.

[2]  Michael J. Wiener,et al.  Advances in cryptology, CRYPTO '99 : 19th Annual International Cryptology Conference, Santa Barbara, California, USA, August 15-19, 1999 : proceedings , 1999, CRYPTO 1999.

[3]  Manuel Blum,et al.  Noninteractive Zero-Knowledge , 1991, SIAM J. Comput..

[4]  Rafail Ostrovsky,et al.  On Concurrent Zero-Knowledge with Pre-processing , 1999, CRYPTO.

[5]  Giovanni Di Crescenzo Removing Complexity Assumptions from Concurrent Zero-Knowledge Proofs , 2000, COCOON.

[6]  Ran Canetti,et al.  Resettable zero-knowledge (extended abstract) , 2000, STOC '00.

[7]  Yehuda Lindell,et al.  Resettably-sound zero-knowledge and its applications , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[8]  Leonid Reyzin,et al.  Zero-knowledge with public keys , 2001 .

[9]  Silvio Micali,et al.  Min-round Resettable Zero-Knowledge in the Public-Key Model , 2001, EUROCRYPT.

[10]  Adi Shamir,et al.  Multiple NonInteractive Zero Knowledge Proofs Under General Assumptions , 1999, SIAM J. Comput..

[11]  Moni Naor,et al.  Zaps and their applications , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[12]  Ran Canetti,et al.  Black-box concurrent zero-knowledge requires \tilde {Ω} (logn) rounds , 2001, STOC '01.

[13]  Rafael Pass,et al.  Simulation in Quasi-Polynomial Time, and Its Application to Protocol Composition , 2003, EUROCRYPT.

[14]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[15]  J. Kilian,et al.  Concurrent and Resettable Zero-Knowledge in Poly-logarithmic Rounds [ Extended Abstract ] , 2001 .

[16]  Yunlei Zhao,et al.  Resettable Zero-Knowledge in the Weak Public-Key Model , 2003, EUROCRYPT.

[17]  Rafail Ostrovsky,et al.  Round-Optimal Secure Two-Party Computation , 2004, CRYPTO.

[18]  Joe Kilian,et al.  Lower bounds for zero knowledge on the Internet , 1998, Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No.98CB36280).

[19]  John Rompel,et al.  One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.

[20]  S. Micali,et al.  Noninteractive Zero-Knowledge , 1990, SIAM J. Comput..

[21]  Joe Kilian,et al.  Concurrent and resettable zero-knowledge in poly-loalgorithm rounds , 2001, STOC '01.

[22]  Alfredo De Santis,et al.  Zero-knowledge proofs of knowledge without interaction , 1992, Proceedings., 33rd Annual Symposium on Foundations of Computer Science.

[23]  Moni Naor,et al.  Concurrent zero-knowledge , 2004, JACM.

[24]  Adi Shamir,et al.  Publicly Verifiable Non-Interactive Zero-Knowledge Proofs , 1990, CRYPTO.

[25]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[26]  Giovanni Di Crescenzo,et al.  Constant-Round Resettable Zero Knowledge with Concurrent Soundness in the Bare Public-Key Model , 2004, CRYPTO.

[27]  Ivan Damgård,et al.  Efficient Concurrent Zero-Knowledge in the Auxiliary String Model , 2000, EUROCRYPT.

[28]  Joe Kilian,et al.  On the Concurrent Composition of Zero-Knowledge Proofs , 1999, EUROCRYPT.

[29]  Oded Goldreich,et al.  Concurrent zero-knowledge with timing, revisited , 2002, STOC '02.

[30]  Amit Sahai,et al.  Concurrent Zero-Knowledge: Reducing the Need for Timing Constraints , 1998, CRYPTO.

[31]  Ran Canetti,et al.  Resettable Zero-Knowledge , 1999, IACR Cryptol. ePrint Arch..