Constant-Round Concurrent Zero Knowledge in the Bounded Player Model

In [18] Goyal et al. introduced the bounded player model for secure computation. In the bounded player model, there are an a priori bounded number of players in the system, however, each player may execute any unbounded polynomial number of sessions. They showed that even though the model consists of a relatively mild relaxation of the standard model, it allows for round-efficient concurrent zero knowledge. Their protocol requires a super-constant number of rounds. In this work we show, constructively, that there exists a constant-round concurrent zero-knowledge argument in the bounded player model. Our result relies on a new technique where the simulator obtains a trapdoor corresponding to a player identity by putting together information obtained in multiple sessions. Our protocol is only based on the existence of a collision-resistance hash-function family and comes with a "straight-line" simulator. We note that this constitutes the strongest result known on constant-round concurrent zero knowledge in the plain model under well accepted relaxations and subsumes Barak's constant-round bounded concurrent zero-knowledge result. We view this as a positive step towards getting constant round fully concurrent zero-knowledge in the plain model, without relaxations.

[1]  Joe Kilian,et al.  Concurrent and resettable zero-knowledge in poly-loalgorithm rounds , 2001, STOC '01.

[2]  Yunlei Zhao,et al.  Concurrent/Resettable Zero-Knowledge With Concurrent Soundness in the Bare Public-Key Model and Its Applications , 2003, IACR Cryptol. ePrint Arch..

[3]  Rafail Ostrovsky,et al.  Concurrent Zero Knowledge in the Bounded Player Model , 2013, TCC.

[4]  Rafail Ostrovsky,et al.  Zero-Knowledge Proofs from Secure Multiparty Computation , 2009, SIAM J. Comput..

[5]  Moni Naor,et al.  Concurrent zero-knowledge , 1998, STOC '98.

[6]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[7]  Giovanni Di Crescenzo,et al.  Constant-Round Resettable Zero Knowledge with Concurrent Soundness in the Bare Public-Key Model , 2004, CRYPTO.

[8]  Moni Naor,et al.  Non-Malleable Cryptography (Extended Abstract) , 1991, STOC 1991.

[9]  Yunlei Zhao,et al.  Generic and Practical Resettable Zero-Knowledge in the Bare Public-Key Model , 2007, EUROCRYPT.

[10]  Ran Canetti,et al.  Adaptive Hardness and Composable Security in the Plain Model from Standard Assumptions , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[11]  Yehuda Lindell,et al.  Lower Bounds for Concurrent Self Composition , 2004, TCC.

[12]  Rafail Ostrovsky,et al.  Minimum Resource Zero-Knowledge Proofs (Extended Abstract) , 1989, CRYPTO.

[13]  Giovanni Di Crescenzo,et al.  Concurrent Zero Knowledge in the Public-Key Model , 2005, ICALP.

[14]  Yehuda Lindell,et al.  On the Limitations of Universally Composable Two-Party Computation Without Set-Up Assumptions , 2003, Journal of Cryptology.

[15]  Dongdai Lin,et al.  Resettable Cryptography in Constant Rounds - the Case of Zero Knowledge , 2011, IACR Cryptol. ePrint Arch..

[16]  Yehuda Lindell,et al.  Concurrent general composition of secure protocols in the timing model , 2005, STOC '05.

[17]  Yehuda Lindell,et al.  General composition and universal composability in secure multi-party computation , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[18]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.

[19]  Oded Goldreich,et al.  How to construct constant-round zero-knowledge proof systems for NP , 1996, Journal of Cryptology.

[20]  Joe Kilian,et al.  On the Concurrent Composition of Zero-Knowledge Proofs , 1999, EUROCRYPT.

[21]  Kenneth G. Paterson,et al.  Security of Symmetric Encryption in the Presence of Ciphertext Fragmentation , 2015, IACR Cryptol. ePrint Arch..

[22]  Rafael Pass,et al.  A unified framework for concurrent security: universal composability from stand-alone non-malleability , 2009, STOC '09.

[23]  Yunlei Zhao,et al.  Concurrent Knowledge Extraction in the Public-Key Model , 2009, ICALP.

[24]  Ran Canetti,et al.  Resettable zero-knowledge (extended abstract) , 2000, STOC '00.

[25]  Yehuda Lindell,et al.  Impossibility Results for Universal Composability in Public-Key Models and with Fixed Inputs , 2011, Journal of Cryptology.

[26]  Alon Rosen,et al.  A Note on the Round-Complexity of Concurrent Zero-Knowledge , 2000, CRYPTO.

[27]  Manuel Blum,et al.  How to Prove a Theorem So No One Else Can Claim It , 2010 .

[28]  Yehuda Lindell,et al.  Bounded-concurrent secure two-party computation without setup assumptions , 2003, STOC '03.

[29]  Kai-Min Chung,et al.  Constant-Round Concurrent Zero Knowledge from P-Certificates , 2013, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science.

[30]  Rafael Pass,et al.  New and improved constructions of non-malleable cryptographic protocols , 2005, STOC '05.

[31]  Boaz Barak,et al.  How to go beyond the black-box simulation barrier , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[32]  Amit Sahai,et al.  Concurrent zero knowledge with logarithmic round-complexity , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[33]  Mihir Bellare Advances in Cryptology — CRYPTO 2000 , 2000, Lecture Notes in Computer Science.

[34]  Rafail Ostrovsky,et al.  Simultaneously Resettable Arguments of Knowledge , 2012, TCC.

[35]  Giovanni Di Crescenzo,et al.  Improved Setup Assumptions for 3-Round Resettable Zero Knowledge , 2004, ASIACRYPT.

[36]  Manuel Blum,et al.  Noninteractive Zero-Knowledge , 1991, SIAM J. Comput..

[37]  Rafail Ostrovsky,et al.  On Concurrent Zero-Knowledge with Pre-processing , 1999, CRYPTO.

[38]  Moni Naor Advances in Cryptology - EUROCRYPT 2007, 26th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Barcelona, Spain, May 20-24, 2007, Proceedings , 2007, EUROCRYPT.

[39]  Alfredo De Santis,et al.  Zero-knowledge proofs of knowledge without interaction , 1992, Proceedings., 33rd Annual Symposium on Foundations of Computer Science.

[40]  Rafail Ostrovsky,et al.  Impossibility Results for Static Input Secure Computation , 2012, IACR Cryptol. ePrint Arch..

[41]  Joe Kilian,et al.  Lower bounds for zero knowledge on the Internet , 1998, Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No.98CB36280).

[42]  Ran Canetti,et al.  Universally composable protocols with relaxed set-up assumptions , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[43]  Jacques Stern,et al.  Advances in Cryptology — EUROCRYPT ’99 , 1999, Lecture Notes in Computer Science.

[44]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[45]  Ran Canetti,et al.  Universally Composable Commitments , 2001, CRYPTO.

[46]  Rafail Ostrovsky,et al.  Robust Non-interactive Zero Knowledge , 2001, CRYPTO.

[47]  Pil Joong Lee,et al.  Advances in Cryptology — ASIACRYPT 2001 , 2001, Lecture Notes in Computer Science.

[48]  Ivan Visconti,et al.  On Round-Optimal Zero Knowledge in the Bare Public-Key Model , 2012, EUROCRYPT.

[49]  Ran Canetti,et al.  Universally composable signature, certification, and authentication , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[50]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[51]  John Rompel,et al.  One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.

[52]  Moni Naor,et al.  Bit commitment using pseudorandomness , 1989, Journal of Cryptology.

[53]  John P. Steinberger,et al.  The preimage security of double-block-length compression functions , 2011, IACR Cryptol. ePrint Arch..

[54]  Amit Sahai,et al.  Concurrent Non-Malleable Zero Knowledge , 2006, 2006 47th Annual IEEE Symposium on Foundations of Computer Science (FOCS'06).

[55]  Robin Milner,et al.  On Observing Nondeterminism and Concurrency , 1980, ICALP.

[56]  Ran Canetti,et al.  Black-box concurrent zero-knowledge requires \tilde {Ω} (logn) rounds , 2001, STOC '01.

[57]  Dongdai Lin,et al.  Instance-Dependent Verifiable Random Functions and Their Application to Simultaneous Resettability , 2007, EUROCRYPT.

[58]  Silvio Micali,et al.  Precise Zero Knowledge , 2011 .

[59]  Amit Sahai,et al.  Resolving the Simultaneous Resettability Conjecture and a New Non-Black-Box Simulation Strategy , 2009, 2009 50th Annual IEEE Symposium on Foundations of Computer Science.

[60]  Rafael Pass,et al.  Bounded-concurrent secure multi-party computation with a dishonest majority , 2004, STOC '04.

[61]  Silvio Micali,et al.  Soundness in the Public-Key Model , 2001, CRYPTO.

[62]  Rafael Pass,et al.  Concurrent non-malleable commitments , 2005, 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS'05).

[63]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[64]  Amit Sahai,et al.  Concurrently Secure Computation in Constant Rounds , 2012, EUROCRYPT.

[65]  Rafael Pass,et al.  Simulation in Quasi-Polynomial Time, and Its Application to Protocol Composition , 2003, EUROCRYPT.

[66]  Rafail Ostrovsky,et al.  Constant-Round Concurrent Non-malleable Zero Knowledge in the Bare Public-Key Model , 2008, ICALP.

[67]  Amit Sahai,et al.  On Constant-Round Concurrent Zero-Knowledge from a Knowledge Assumption , 2012, INDOCRYPT.

[68]  Amit Sahai,et al.  New Impossibility Results for Concurrent Composition and a Non-Interactive Completeness Theorem for Secure Computation , 2012, IACR Cryptol. ePrint Arch..

[69]  Yehuda Lindell,et al.  Universally composable two-party and multi-party secure computation , 2002, STOC '02.

[70]  Rafail Ostrovsky,et al.  One-way functions are essential for non-trivial zero-knowledge , 1993, [1993] The 2nd Israel Symposium on Theory and Computing Systems.

[71]  Dongdai Lin,et al.  Resettable Zero Knowledge with Concurrent Soundness in the Bare Public-Key Model under Standard Assumption , 2007, Inscrypt.

[72]  Yehuda Lindell,et al.  Strict polynomial-time in simulation and extraction , 2002, STOC '02.

[73]  Moni Naor,et al.  Nonmalleable Cryptography , 2000, SIAM Rev..

[74]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1988, Journal of Cryptology.

[75]  Rafail Ostrovsky,et al.  One-way functions, hard on average problems, and statistical zero-knowledge proofs , 1991, [1991] Proceedings of the Sixth Annual Structure in Complexity Theory Conference.

[76]  Oded Goldreich,et al.  Universal arguments and their applications , 2002, Proceedings 17th IEEE Annual Conference on Computational Complexity.

[77]  Rafael Pass,et al.  Bounded-concurrent secure two-party computation in a constant number of rounds , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[78]  Rafael Pass,et al.  Limits of provable security from standard assumptions , 2011, STOC '11.

[79]  Ivan Visconti,et al.  Efficient Zero Knowledge on the Internet , 2006, ICALP.

[80]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[81]  Rafael Pass,et al.  Eye for an Eye: Efficient Concurrent Zero-Knowledge in the Timing Model , 2010, TCC.

[82]  S. D. Chatterji Proceedings of the International Congress of Mathematicians , 1995 .

[83]  Oded Goldreich,et al.  Concurrent zero-knowledge with timing, revisited , 2002, STOC '02.

[84]  Adi Shamir,et al.  Multiple non-interactive zero knowledge proofs based on a single random string , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[85]  Yunlei Zhao,et al.  Concurrent Knowledge Extraction in Public-Key Models , 2014, Journal of Cryptology.