Adaptive Concurrent Non-Malleability with Bare Public-Keys

Concurrent non-malleability (CNM) is central for cryptographic protocols running concurrently in environments such as the Internet. In this work, we formulate CNM in the bare public-key (BPK) model, and show that round-efficient concurrent non-malleable cryptography with full adaptive input selection can be established, in general, with bare public-keys (where, in particular, no trusted assumption is made). Along the way, we clarify the various subtleties of adaptive concurrent non-malleability in the bare public-key model.

[1]  Dongdai Lin,et al.  Concurrently Non-malleable Black-Box Zero Knowledge in the Bare Public-Key Model , 2009, CSR.

[2]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[3]  Oded Goldreich,et al.  Universal arguments and their applications , 2002, Proceedings 17th IEEE Annual Conference on Computational Complexity.

[4]  Adi Shamir,et al.  Zero Knowledge Proofs of Knowledge in Two Rounds , 1989, CRYPTO.

[5]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[6]  Yunlei Zhao,et al.  Generic yet Practical ZK Arguments from any Public-Coin HVZK , 2005, Electron. Colloquium Comput. Complex..

[7]  Rafail Ostrovsky,et al.  Efficiency Preserving Transformations for Concurrent Non-malleable Zero Knowledge , 2010, TCC.

[8]  Omer Reingold,et al.  Statistically-hiding commitment from any one-way function , 2007, STOC '07.

[9]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[10]  Marc Fischlin,et al.  Efficient Non-malleable Commitment Schemes , 2000, Journal of Cryptology.

[11]  Rafael Pass,et al.  Concurrent Non-Malleable Zero Knowledge with Adaptive Inputs , 2011, TCC.

[12]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[13]  Rafail Ostrovsky,et al.  Non-interactive and non-malleable commitment , 1998, STOC '98.

[14]  Rafael Pass,et al.  Concurrent Non-Malleable Zero Knowledge Proofs , 2010, CRYPTO.

[15]  Yehuda Lindell,et al.  Lower Bounds for Concurrent Self Composition , 2004, TCC.

[16]  S. Goldwasser The Knowledge Complexity of Interactive Proof System , 1989 .

[17]  Rafail Ostrovsky,et al.  Constant-Round Concurrent Non-malleable Zero Knowledge in the Bare Public-Key Model , 2008, ICALP.

[18]  Yehuda Lindell,et al.  Universally composable two-party and multi-party secure computation , 2002, STOC '02.

[19]  Silvio Micali,et al.  Soundness in the Public-Key Model , 2001, CRYPTO.

[20]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[21]  Giovanni Di Crescenzo,et al.  On Defining Proofs of Knowledge in the Bare Public Key Model , 2007, ICTCS.

[22]  Ivan Damgård,et al.  On the existence of statistically hiding bit commitment schemes and fail-stop signatures , 1994, Journal of Cryptology.

[23]  Rafail Ostrovsky,et al.  Perfect Zero-Knowledge Arguments for NP Using Any One-Way Permutation , 1998, Journal of Cryptology.

[24]  Mihir Bellare,et al.  On Defining Proofs of Knowledge , 1992, CRYPTO.

[25]  Rafael Pass,et al.  A unified framework for concurrent security: universal composability from stand-alone non-malleability , 2009, STOC '09.

[26]  Ivan Damgård,et al.  Non-interactive and reusable non-malleable commitment schemes , 2003, STOC '03.

[27]  Boaz Barak,et al.  Constant-round coin-tossing with a man in the middle or realizing the shared random string model , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[28]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[29]  Yehuda Lindell,et al.  Bounded-concurrent secure two-party computation without setup assumptions , 2003, STOC '03.

[30]  Rafael Pass,et al.  New and improved constructions of non-malleable cryptographic protocols , 2005, STOC '05.

[31]  Manuel Blum,et al.  Coin Flipping by Telephone. , 1981, CRYPTO 1981.

[32]  Yunlei Zhao,et al.  Concurrent/Resettable Zero-Knowledge With Concurrent Soundness in the Bare Public-Key Model and Its Applications , 2003, IACR Cryptol. ePrint Arch..

[33]  Yehuda Lindell,et al.  Impossibility Results for Universal Composability in Public-Key Models and with Fixed Inputs , 2011, Journal of Cryptology.

[34]  Rafail Ostrovsky,et al.  Robust Non-interactive Zero Knowledge , 2001, CRYPTO.

[35]  Jonathan Katz,et al.  Reducing Complexity Assumptions for Statistically-Hiding Commitment , 2009, Journal of Cryptology.

[36]  Manuel Blum,et al.  How to Prove a Theorem So No One Else Can Claim It , 2010 .

[37]  Yehuda Lindell,et al.  Strict polynomial-time in simulation and extraction , 2002, STOC '02.

[38]  Moni Naor,et al.  Number-theoretic constructions of efficient pseudo-random functions , 2004, JACM.

[39]  Mihir Bellare,et al.  On Probabilistic versus Deterministic Provers in the Definition of Proofs Of Knowledge , 2006, IACR Cryptol. ePrint Arch..

[40]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[41]  Yunlei Zhao,et al.  Concurrent Knowledge Extraction in the Public-Key Model , 2009, ICALP.

[42]  Ivan Damgård,et al.  Efficient Concurrent Zero-Knowledge in the Auxiliary String Model , 2000, EUROCRYPT.

[43]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[44]  Adi Shamir,et al.  Multiple NonInteractive Zero Knowledge Proofs Under General Assumptions , 1999, SIAM J. Comput..

[45]  Rafail Ostrovsky,et al.  Concurrent Non-Malleable Witness Indistinguishability and its Applications , 2006, Electron. Colloquium Comput. Complex..

[46]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[47]  Dongdai Lin,et al.  Concurrently Non-Malleable Zero Knowledge in the Authenticated Public-Key Model , 2006, IACR Cryptol. ePrint Arch..

[48]  Yehuda Lindell,et al.  Lower Bounds and Impossibility Results for Concurrent Self Composition , 2008, Journal of Cryptology.

[49]  Yunlei Zhao,et al.  Interactive Zero-Knowledge with Restricted Random Oracles , 2006, TCC.

[50]  Rafail Ostrovsky,et al.  On Concurrent Zero-Knowledge with Pre-processing , 1999, CRYPTO.

[51]  Adi Shamir,et al.  Witness indistinguishable and witness hiding protocols , 1990, STOC '90.

[52]  Silvio Micali,et al.  Practical and Provably-Secure Commitment Schemes from Collision-Free Hashing , 1996, CRYPTO.

[53]  Ran Canetti,et al.  Universally composable protocols with relaxed set-up assumptions , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[54]  Oded Goldreich,et al.  How to construct constant-round zero-knowledge proof systems for NP , 1996, Journal of Cryptology.

[55]  Ivan Damgård,et al.  On the Existence of Bit Commitment Schemes and Zero-Knowledge Proofs , 1989, CRYPTO.

[56]  Erez Petrank,et al.  Simulatable Commitments and Efficient Concurrent Zero-Knowledge , 2003, EUROCRYPT.

[57]  Moni Naor,et al.  Bit commitment using pseudorandomness , 1989, Journal of Cryptology.

[58]  Ran Canetti,et al.  Resettable Zero-Knowledge , 1999, IACR Cryptol. ePrint Arch..

[59]  Amit Sahai,et al.  Concurrent Non-Malleable Zero Knowledge , 2006, 2006 47th Annual IEEE Symposium on Foundations of Computer Science (FOCS'06).

[60]  Rafail Ostrovsky,et al.  Constant-Round Concurrent NMWI and its relation to NMZK , 2006, IACR Cryptol. ePrint Arch..

[61]  Richard E. Overill,et al.  Foundations of Cryptography: Basic Tools , 2002, J. Log. Comput..

[62]  Yehuda Lindell,et al.  General Composition and Universal Composability in Secure Multiparty Computation , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[63]  Jonathan Katz,et al.  Reducing Complexity Assumptions for Statistically-Hiding Commitment , 2005, EUROCRYPT.

[64]  Amit Sahai,et al.  Concurrent Zero-Knowledge: Reducing the Need for Timing Constraints , 1998, CRYPTO.

[65]  Silvio Micali,et al.  Input-Indistinguishable Computation , 2006, 2006 47th Annual IEEE Symposium on Foundations of Computer Science (FOCS'06).

[66]  Yunlei Zhao,et al.  Generic and Practical Resettable Zero-Knowledge in the Bare Public-Key Model , 2007, EUROCRYPT.

[67]  Moni Naor,et al.  Concurrent zero-knowledge , 1998, STOC '98.

[68]  Adi Shamir,et al.  Publicly Verifiable Non-Interactive Zero-Knowledge Proofs , 1990, CRYPTO.

[69]  Rafael Pass,et al.  Concurrent non-malleable commitments , 2005, 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS'05).

[70]  Silvio Micali,et al.  The Knowledge Complexity of Interactive Proof Systems , 1989, SIAM J. Comput..

[71]  Yehuda Lindell,et al.  Parallel Coin-Tossing and Constant-Round Secure Two-Party Computation , 2001, Journal of Cryptology.

[72]  Rafail Ostrovsky,et al.  Efficient and Non-interactive Non-malleable Commitment , 2001, EUROCRYPT.

[73]  Giovanni Di Crescenzo,et al.  Concurrent Zero Knowledge in the Public-Key Model , 2005, ICALP.

[74]  Yehuda Lindell,et al.  Resettably-sound zero-knowledge and its applications , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[75]  Johan Hstad,et al.  Construction of a pseudo-random generator from any one-way function , 1989 .

[76]  Yehuda Lindell,et al.  Concurrent Composition of Secure Protocols in the Timing Model , 2007, Journal of Cryptology.

[77]  Rafail Ostrovsky,et al.  Round Efficiency of Multi-party Computation with a Dishonest Majority , 2003, EUROCRYPT.

[78]  Boaz Barak,et al.  How to go beyond the black-box simulation barrier , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[79]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..