Precise Zero-Knowledge in Concurrent Setting

We present a stronger notion of zero-knowledge: precise concurrent zero-knowledge. Our notion captures the idea that the view of any verifier in concurrent interaction can be reconstructed in the almost same time (within a constant/polynomial factor). Precise zero-knowledge in stand-alone setting was introduced by Micali and Pass in STOC’06 (The original work used the term ”local zero-knowledge”.). Their notion shows that the view of any verifier can be reconstructed in the almost same time in stand-alone setting. Hence our notion is the generalization of their notion in concurrent setting. Furthermore, we propose a ω(log n)-round concurrent zero-knowledge argument for NP with linear precision, which shows that the view of any verifier in concurrent interaction can be reconstructed by the simulator with linear-time overhead. Our argument is Feige-Lapidot-Shamir type which consists of a proof-preamble and a proof-body for a modified NP statement. Our result assumes the restriction of adversarial scheduling the communication that the concurrent interaction of preambles of all sessions will be scheduled before any proof-body by the adversarial verifier.

[1]  Leonid A. Levin,et al.  A hard-core predicate for all one-way functions , 1989, STOC '89.

[2]  Adi Shamir,et al.  Witness indistinguishable and witness hiding protocols , 1990, STOC '90.

[3]  Oded Goldreich,et al.  Concurrent zero-knowledge with timing, revisited , 2002, STOC '02.

[4]  Joe Kilian,et al.  Concurrent Zero-Knowledge in Poly-logarithmic Rounds , 2000, IACR Cryptol. ePrint Arch..

[5]  Ivan Damgård,et al.  Efficient Concurrent Zero-Knowledge in the Auxiliary String Model , 2000, EUROCRYPT.

[6]  Joe Kilian,et al.  On the Concurrent Composition of Zero-Knowledge Proofs , 1999, EUROCRYPT.

[7]  Amit Sahai,et al.  Concurrent Zero-Knowledge: Reducing the Need for Timing Constraints , 1998, CRYPTO.

[8]  Oded Goldreich,et al.  Universal arguments and their applications , 2002, Proceedings 17th IEEE Annual Conference on Computational Complexity.

[9]  Rafael Pass,et al.  Simulation in Quasi-Polynomial Time, and Its Application to Protocol Composition , 2003, EUROCRYPT.

[10]  Eric Allender,et al.  Complexity Theory , 1997, Encyclopedia of Cryptography and Security.

[11]  Oded Goldreich,et al.  Concurrent Zero-Knowledge With Timing , 2002 .

[12]  Richard E. Overill,et al.  Foundations of Cryptography: Basic Tools , 2002, J. Log. Comput..

[13]  Rafael Pass,et al.  A precise computational approach to knowledge , 2006 .

[14]  S. Micali,et al.  Noninteractive Zero-Knowledge , 1990, SIAM J. Comput..

[15]  Silvio Micali,et al.  Local zero knowledge , 2006, STOC '06.

[16]  Boaz Barak,et al.  How to go beyond the black-box simulation barrier , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[17]  Amit Sahai,et al.  Concurrent zero knowledge with logarithmic round-complexity , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[18]  Moni Naor,et al.  Concurrent zero-knowledge , 1998, STOC '98.

[19]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[20]  Giovanni Di Crescenzo,et al.  Constant-Round Resettable Zero Knowledge with Concurrent Soundness in the Bare Public-Key Model , 2004, CRYPTO.

[21]  Adi Shamir,et al.  Multiple NonInteractive Zero Knowledge Proofs Under General Assumptions , 1999, SIAM J. Comput..

[22]  Salil P. Vadhan,et al.  Derandomization in Cryptography , 2003, SIAM J. Comput..