Concurrent and resettable zero-knowledge in poly-loalgorithm rounds

A proof is concurrent zero-knowledge if it remains zero-knowledge when many copies of the proof are run in an asynchronous environment, such as the Internet. Richardson and Kilian have shown that there exists a concurrent zero-knowledge proof for any language in NP, but with round complexity <italic>polynomial</italic> in the maximum number of concurrent proofs. In this paper, we present a concurrent zero-knowledge proof for all languages in NP with a poly-logarithmic round complexity: specifically, ω(log^2 <italic>k</italic>) rounds given at most <italic>k</italic> concurrent proofs. Finally, we show that a simple modification of our proof is a <italic>resettable</italic> zero-knowledge proof for NP, with ω(log^2 <italic>k</italic>) rounds; previously known protocols required a polynomial number of rounds.

[1]  Joe Kilian,et al.  Lower bounds for zero knowledge on the Internet , 1998, Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No.98CB36280).

[2]  Ivan Damgård,et al.  Efficient Concurrent Zero-Knowledge in the Auxiliary String Model , 2000, EUROCRYPT.

[3]  Joe Kilian,et al.  On the Concurrent Composition of Zero-Knowledge Proofs , 1999, EUROCRYPT.

[4]  Silvio Micali,et al.  The Knowledge Complexity of Interactive Proof Systems , 1989, SIAM J. Comput..

[5]  Joe Kilian,et al.  Zero-knowledge with log-space verifiers , 1988, [Proceedings 1988] 29th Annual Symposium on Foundations of Computer Science.

[6]  Ran Canetti,et al.  Resettable zero-knowledge (extended abstract) , 2000, STOC '00.

[7]  Adi Shamir,et al.  Zero Knowledge Proofs of Knowledge in Two Rounds , 1989, CRYPTO.

[8]  Rafail Ostrovsky,et al.  On Concurrent Zero-Knowledge with Pre-processing , 1999, CRYPTO.

[9]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[10]  Moti Yung,et al.  Constant-Round Perfect Zero-Knowledge Computationally Convincing Protocols , 1991, Theor. Comput. Sci..

[11]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[12]  Adi Shamir,et al.  Multiple non-interactive zero knowledge proofs based on a single random string , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[13]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[14]  Oded Goldreich,et al.  Foundations of Cryptography (Fragments of a Book) , 1995 .

[15]  Moni Naor,et al.  Concurrent zero-knowledge , 1998, STOC '98.

[16]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[17]  Ivan Damgård,et al.  On the Existence of Statistically Hiding Bit Commitment Schemes and Fail-Stop Signatures , 1993, CRYPTO.

[18]  Alon Rosen,et al.  A Note on the Round-Complexity of Concurrent Zero-Knowledge , 2000, CRYPTO.

[19]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[20]  Adi Shamir,et al.  Witness indistinguishable and witness hiding protocols , 1990, STOC '90.

[21]  Ran Canetti,et al.  Resettable Zero-Knowledge , 1999, IACR Cryptol. ePrint Arch..

[22]  Yair Oren,et al.  On the cunning power of cheating verifiers: Some observations about zero knowledge proofs , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[23]  Hugo Krawczyk,et al.  On the Composition of Zero-Knowledge Proof Systems , 1990, ICALP.

[24]  Amit Sahai,et al.  Concurrent Zero-Knowledge: Reducing the Need for Timing Constraints , 1998, CRYPTO.

[25]  Moni Naor,et al.  Bit Commitment Using Pseudo-Randomness , 1989, CRYPTO.

[26]  GoldreichOded,et al.  Definitions and properties of zero-knowledge proof systems , 1994 .

[27]  Ran Canetti,et al.  Black-box concurrent zero-knowledge requires \tilde {Ω} (logn) rounds , 2001, STOC '01.