Concurrent zero-knowledge with timing, revisited

Following Dwork, Naor, and Sahai (30th STOC, 1998), we consider concurrent execution of protocols in a semi-synchronized network. Specifically, we assume that each party holds a local clock such that a constant bound on the relative rates of these clocks is a-priori known, and consider protocols that employ time-driven operations (i.e., time-out in-coming messages and delay out-going messages).We show that the constant-round zero-knowledge proof for NP of Goldreich and Kahan (Jour. of Crypto., 1996) preserves its security when polynomially-many independent copies are executed concurrently under the above timing model.We stress that our main result establishes zero-knowledge of interactive proofs, whereas the results of Dwork et al are either for zero-knowledge arguments or for a weak notion of zero-knowledge (called ε-knowledge) proofs.Our analysis identifies two extreme schedulings of concurrent executions under the above timing model: the first is the case of parallel execution of polynomially-many copies, and the second is of concurrent execution of polynomially-many copies such the number of copies that are simultaneously active at any time is bounded by a constant (i.e., bounded simultaneity). Dealing with each of these extreme cases is of independent interest, and the general result (regarding concurrent executions under the timing model) is obtained by combining the two treatments.

[1]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[2]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[3]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[4]  Silvio Micali,et al.  The Knowledge Complexity of Interactive Proof Systems , 1989, SIAM J. Comput..

[5]  Adi Shamir,et al.  Zero Knowledge Proofs of Knowledge in Two Rounds , 1989, CRYPTO.

[6]  Hugo Krawczyk,et al.  On the Composition of Zero-Knowledge Proof Systems , 1990, ICALP.

[7]  Rafail Ostrovsky,et al.  Perfect zero-knowledge in constant rounds , 1990, STOC '90.

[8]  Rafail Ostrovsky,et al.  The (true) complexity of statistical zero knowledge , 1990, STOC '90.

[9]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[10]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[11]  Moti Yung,et al.  Constant-Round Perfect Zero-Knowledge Computationally Convincing Protocols , 1991, Theor. Comput. Sci..

[12]  Hugo Krawczyk,et al.  On the Composition of Zero-Knowledge Proof Systems , 1990, ICALP.

[13]  Moni Naor,et al.  Does parallel repetition lower the error in computationally sound protocols? , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[14]  Markus Jakobsson,et al.  Round-Optimal Zero-Knowledge Arguments Based on any One-Way Function , 1997, EUROCRYPT.

[15]  Moni Naor,et al.  Concurrent zero-knowledge , 1998, STOC '98.

[16]  Amit Sahai,et al.  Concurrent Zero-Knowledge: Reducing the Need for Timing Constraints , 1998, CRYPTO.

[17]  Joe Kilian,et al.  Lower bounds for zero knowledge on the Internet , 1998, Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No.98CB36280).

[18]  Joe Kilian,et al.  On the Concurrent Composition of Zero-Knowledge Proofs , 1999, EUROCRYPT.

[19]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[20]  Ran Canetti,et al.  Resettable Zero-Knowledge , 1999, IACR Cryptol. ePrint Arch..

[21]  Ran Canetti,et al.  Resettable zero-knowledge (extended abstract) , 2000, STOC '00.

[22]  Oded Goldreich,et al.  Foundations of Cryptography: Basic Tools , 2000 .

[23]  Ivan Damgård,et al.  Efficient Concurrent Zero-Knowledge in the Auxiliary String Model , 2000, EUROCRYPT.

[24]  Moni Naor,et al.  Nonmalleable Cryptography , 2000, SIAM Rev..

[25]  Oded Goldreich,et al.  Foundations of Cryptography: List of Figures , 2001 .

[26]  Joe Kilian,et al.  Concurrent and resettable zero-knowledge in poly-loalgorithm rounds , 2001, STOC '01.

[27]  Oded Goldreich Foundations of Cryptography: Index , 2001 .

[28]  Boaz Barak,et al.  How to go beyond the black-box simulation barrier , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[29]  J. Kilian,et al.  Concurrent and Resettable Zero-Knowledge in Poly-logarithmic Rounds [ Extended Abstract ] , 2001 .

[30]  Ran Canetti,et al.  Black-box concurrent zero-knowledge requires \tilde {Ω} (logn) rounds , 2001, STOC '01.

[31]  Amit Sahai,et al.  Concurrent zero knowledge with logarithmic round-complexity , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[32]  Ran Canetti,et al.  Black-Box Concurrent Zero-Knowledge Requires (Almost) Logarithmically Many Rounds , 2002, SIAM J. Comput..

[33]  Richard E. Overill,et al.  Foundations of Cryptography: Basic Tools , 2002, J. Log. Comput..

[34]  Yehuda Lindell,et al.  Strict polynomial-time in simulation and extraction , 2002, STOC '02.

[35]  Alon Rosen,et al.  A Note on Constant-Round Zero-Knowledge Proofs for NP , 2004, TCC.

[36]  Salil P. Vadhan Probabilistic proof systems - Part I , 2004, Computational Complexity Theory.

[37]  Moni Naor,et al.  Bit commitment using pseudorandomness , 1989, Journal of Cryptology.

[38]  Oded Goldreich,et al.  Definitions and properties of zero-knowledge proof systems , 1994, Journal of Cryptology.

[39]  Oded Goldreich,et al.  How to construct constant-round zero-knowledge proof systems for NP , 1996, Journal of Cryptology.