Simultaneous Resettability from One-Way Functions

Resettable-security, introduced by Canetti, Goldreich, Goldwasser and Micali (STOC'00), considers the security of cryptographic two-party protocols (in particular zero-knowledge arguments) in a setting where the attacker may “reset” or “rewind” one of the players. The strongest notion of resettable security, simultaneous resettability, introduced by Barak, Goldreich, Goldwasser and Lindell (FOCS'01), requires resettable security to hold for both parties: in the context of zero-knowledge, both the soundness and the zero-knowledge conditions remain robust to resetting attacks. To date, all known constructions of protocols satisfying simultaneous resettable security rely on the existence of ZAPs; constructions of ZAPs are only known based on the existence of trapdoor permutations or number-theoretic assumptions. In this paper, we provide a new method for constructing protocols satisfying simultaneous resettable security while relying only on the minimal assumption of one-way functions. Our key results establish, assuming only one-way functions: Every language in NP has an ω(1)-round simultaneously resettable witness indistinguishable argument system; Every language in NP has a (polynomial-round) simultaneously resettable zero-knowledge argument system. The key conceptual insight in our technique is relying on black-box impossibility results for concurrent zero-knowledge to achieve resettable-security.

[1]  Amit Sahai,et al.  Resolving the Simultaneous Resettability Conjecture and a New Non-Black-Box Simulation Strategy , 2009, 2009 50th Annual IEEE Symposium on Foundations of Computer Science.

[2]  Silvio Micali,et al.  Soundness in the Public-Key Model , 2001, CRYPTO.

[3]  Rafail Ostrovsky,et al.  Non-interactive Zaps and New Techniques for NIZK , 2006, CRYPTO.

[4]  Joe Kilian,et al.  Lower bounds for zero knowledge on the Internet , 1998, Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No.98CB36280).

[5]  Iftach Haitner A Parallel Repetition Theorem for Any Interactive Argument , 2009, 2009 50th Annual IEEE Symposium on Foundations of Computer Science.

[6]  Giovanni Di Crescenzo,et al.  Improved Setup Assumptions for 3-Round Resettable Zero Knowledge , 2004, ASIACRYPT.

[7]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[8]  Yunlei Zhao,et al.  Generic and Practical Resettable Zero-Knowledge in the Bare Public-Key Model , 2007, EUROCRYPT.

[9]  Hugo Krawczyk,et al.  On the Composition of Zero-Knowledge Proof Systems , 1990, ICALP.

[10]  Moni Naor,et al.  Concurrent zero-knowledge , 2004, JACM.

[11]  Ran Canetti,et al.  Resettable zero-knowledge (extended abstract) , 2000, STOC '00.

[12]  Kai-Min Chung,et al.  The Knowledge Tightness of Parallel Zero-Knowledge , 2012, TCC.

[13]  Rafael Pass,et al.  On the Composition of Public-Coin Zero-Knowledge Protocols , 2011, SIAM J. Comput..

[14]  Boaz Barak,et al.  How to go beyond the black-box simulation barrier , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[15]  Alon Rosen,et al.  A Note on the Round-Complexity of Concurrent Zero-Knowledge , 2000, CRYPTO.

[16]  Moni Naor,et al.  Zaps and their applications , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[17]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[18]  Yehuda Lindell,et al.  Resettably-sound zero-knowledge and its applications , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[19]  Rafail Ostrovsky,et al.  Nearly Simultaneously Resettable Black-Box Zero Knowledge , 2012, ICALP.

[20]  Ran Canetti,et al.  Black-box concurrent zero-knowledge requires \tilde {Ω} (logn) rounds , 2001, STOC '01.

[21]  Rafail Ostrovsky,et al.  One-way functions are essential for non-trivial zero-knowledge , 1993, [1993] The 2nd Israel Symposium on Theory and Computing Systems.

[22]  Kai-Min Chung,et al.  Non-black-box simulation from one-way functions and applications to resettable security , 2013, STOC '13.

[23]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[24]  Giovanni Di Crescenzo,et al.  Constant-Round Resettable Zero Knowledge with Concurrent Soundness in the Bare Public-Key Model , 2004, CRYPTO.

[25]  Nir Bitansky,et al.  From the Impossibility of Obfuscation to a New Non-Black-Box Simulation Technique , 2012, 2012 IEEE 53rd Annual Symposium on Foundations of Computer Science.

[26]  Mihir Bellare,et al.  On Defining Proofs of Knowledge , 1992, CRYPTO.

[27]  Adi Shamir,et al.  Witness indistinguishable and witness hiding protocols , 1990, STOC '90.

[28]  Nir Bitansky,et al.  On the impossibility of approximate obfuscation and applications to resettable cryptography , 2013, STOC '13.