Resolving the Simultaneous Resettability Conjecture and a New Non-Black-Box Simulation Strategy

Canetti, Goldreich, Goldwasser, and Micali (STOC 2000) introduced the notion of resettable zero-knowledge proofs, where the protocol must be zero-knowledge even if a cheating verifier can reset the prover and have several interactions in which the prover uses the same random tape. Soon afterwards, Barak, Goldreich, Goldwasser, and Lindell (FOCS 2001) studied the closely related notion of resettable soundness, where the soundness condition of the protocol must hold even if the cheating prover can reset the verifier to have multiple interactions with the same verifier's random tape. The main problem left open by this work was whether it is possible to have a single protocol that is simultaneously resettable zero knowledge and resettably sound. We resolve this question by constructing such a protocol. At the heart of our construction is a new non-black-box simulation strategy, which we believe to be of independent interest. This new strategy allows for simulators which "marry'' recursive rewinding techniques (common in the context of concurrent simulation) with non-black-box simulation. Previous non-black-box strategies led to exponential blowups in computational complexity in such circumstances, which our new strategy is able to avoid.

[1]  Yehuda Lindell,et al.  Resettably-sound zero-knowledge and its applications , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[2]  Silvio Micali,et al.  Min-round Resettable Zero-Knowledge in the Public-Key Model , 2001, EUROCRYPT.

[3]  Moni Naor,et al.  Concurrent zero-knowledge , 1998, STOC '98.

[4]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[5]  Giovanni Di Crescenzo,et al.  Constant-Round Resettable Zero Knowledge with Concurrent Soundness in the Bare Public-Key Model , 2004, CRYPTO.

[6]  Yael Tauman Kalai,et al.  Network Extractor Protocols , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[7]  Rafael Pass,et al.  Concurrent non-malleable commitments , 2005, 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS'05).

[8]  J. Kilian,et al.  Concurrent and Resettable Zero-Knowledge in Poly-logarithmic Rounds [ Extended Abstract ] , 2001 .

[9]  Yunlei Zhao,et al.  Resettable Zero-Knowledge in the Weak Public-Key Model , 2003, EUROCRYPT.

[10]  Yi Deng Resettably-Sound Resettable Zero Knowledge Arguments for NP , 2008, IACR Cryptol. ePrint Arch..

[11]  Oded Goldreich,et al.  Universal arguments and their applications , 2002, Proceedings 17th IEEE Annual Conference on Computational Complexity.

[12]  Ran Canetti,et al.  Resettable zero-knowledge (extended abstract) , 2000, STOC '00.

[13]  Boaz Barak,et al.  Constant-round coin-tossing with a man in the middle or realizing the shared random string model , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[14]  Rafael Pass,et al.  New and improved constructions of non-malleable cryptographic protocols , 2005, STOC '05.

[15]  Amit Sahai,et al.  On the (im)possibility of cryptography with imperfect randomness , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[16]  Boaz Barak,et al.  How to go beyond the black-box simulation barrier , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[17]  Amit Sahai,et al.  Concurrent zero knowledge with logarithmic round-complexity , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[18]  Yunlei Zhao,et al.  Generic and Practical Resettable Zero-Knowledge in the Bare Public-Key Model , 2007, EUROCRYPT.

[19]  Rafael Pass,et al.  On Constant-Round Concurrent Zero-Knowledge , 2008, TCC.

[20]  Dongdai Lin,et al.  Instance-Dependent Verifiable Random Functions and Their Application to Simultaneous Resettability , 2007, EUROCRYPT.

[21]  Dongdai Lin,et al.  Resettable Zero Knowledge with Concurrent Soundness in the Bare Public-Key Model under Standard Assumption , 2007, Inscrypt.

[22]  Yehuda Lindell,et al.  Lower bounds for non-black-box zero knowledge , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[23]  Joe Kilian,et al.  On the Concurrent Composition of Zero-Knowledge Proofs , 1999, EUROCRYPT.

[24]  Amit Sahai,et al.  How to play almost any mental game over the net - concurrent composition via super-polynomial simulation , 2005, 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS'05).

[25]  Moni Naor,et al.  Zaps and their applications , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[26]  Oded Goldreich,et al.  Definitions and properties of zero-knowledge proof systems , 1994, Journal of Cryptology.

[27]  Rafael Pass,et al.  Bounded-concurrent secure multi-party computation with a dishonest majority , 2004, STOC '04.

[28]  Silvio Micali,et al.  Soundness in the Public-Key Model , 2001, CRYPTO.