Concurrent Zero Knowledge in the Bounded Player Model

In this paper we put forward the Bounded Player Model for secure computation. In this new model, the number of players that will ever be involved in secure computations is bounded, but the number of computations is not a priori bounded. Indeed, while the number of devices and people on this planet can be realistically estimated and bounded, the number of computations these devices will run can not be realistically bounded. Further, we note that in the bounded player model, in addition to no a priori bound on the number of sessions, there is no synchronization barrier, no trusted party, and simulation must be performed in polynomial time. In this setting, we achieve concurrent Zero Knowledge (cZK) with sub-logarithmic round complexity. Our security proof is (necessarily) non-black-box, our simulator is 'straight-line' and works as long as the number of rounds is ω(1). We further show that unlike previously studied relaxations of the standard model (e.g., bounded number of sessions, timing assumptions, super-polynomial simulation), concurrent-secure computation is still impossible to achieve in the Bounded Player model. This gives evidence that our model is 'closer' to the standard model than previously studied models, and study of this model might shed light on constructing round efficient concurrent zero-knowledge in the standard model as well.

[1]  Rafael Pass,et al.  Bounded-concurrent secure two-party computation in a constant number of rounds , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[2]  Amit Sahai,et al.  Resolving the Simultaneous Resettability Conjecture and a New Non-Black-Box Simulation Strategy , 2009, 2009 50th Annual IEEE Symposium on Foundations of Computer Science.

[3]  Rafael Pass,et al.  Bounded-concurrent secure multi-party computation with a dishonest majority , 2004, STOC '04.

[4]  Yehuda Lindell,et al.  Strict polynomial-time in simulation and extraction , 2002, STOC '02.

[5]  Silvio Micali,et al.  Soundness in the Public-Key Model , 2001, CRYPTO.

[6]  Rafail Ostrovsky,et al.  Zero-Knowledge Proofs from Secure Multiparty Computation , 2009, SIAM J. Comput..

[7]  Giovanni Di Crescenzo,et al.  Concurrent Zero Knowledge in the Public-Key Model , 2005, ICALP.

[8]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1988, Journal of Cryptology.

[9]  Yehuda Lindell,et al.  On the Limitations of Universally Composable Two-Party Computation Without Set-Up Assumptions , 2003, Journal of Cryptology.

[10]  Ran Canetti,et al.  Resettable zero-knowledge (extended abstract) , 2000, STOC '00.

[11]  Yehuda Lindell,et al.  Lower Bounds for Concurrent Self Composition , 2004, TCC.

[12]  Yehuda Lindell,et al.  Bounded-concurrent secure two-party computation without setup assumptions , 2003, STOC '03.

[13]  Rafael Pass,et al.  Concurrent non-malleable commitments , 2005, 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS'05).

[14]  Rafael Pass,et al.  New and improved constructions of non-malleable cryptographic protocols , 2005, STOC '05.

[15]  Rafail Ostrovsky,et al.  Constant-Round Concurrent Zero Knowledge in the Bounded Player Model , 2013, ASIACRYPT.

[16]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[17]  Rafail Ostrovsky,et al.  Impossibility Results for Static Input Secure Computation , 2012, IACR Cryptol. ePrint Arch..

[18]  Joe Kilian,et al.  Lower bounds for zero knowledge on the Internet , 1998, Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No.98CB36280).

[19]  Amit Sahai,et al.  Concurrently Secure Computation in Constant Rounds , 2012, EUROCRYPT.

[20]  Rafael Pass,et al.  Simulation in Quasi-Polynomial Time, and Its Application to Protocol Composition , 2003, EUROCRYPT.

[21]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[22]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[23]  Ran Canetti,et al.  Black-box concurrent zero-knowledge requires \tilde {Ω} (logn) rounds , 2001, STOC '01.

[24]  Amit Sahai,et al.  Concurrent Non-Malleable Zero Knowledge , 2006, 2006 47th Annual IEEE Symposium on Foundations of Computer Science (FOCS'06).

[25]  Yehuda Lindell General Composition and Universal Composability in Secure Multiparty Computation , 2008, Journal of Cryptology.

[26]  Ivan Visconti,et al.  On Round-Optimal Zero Knowledge in the Bare Public-Key Model , 2012, EUROCRYPT.

[27]  Ran Canetti,et al.  Universally composable signature, certification, and authentication , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[28]  Amit Sahai,et al.  New Impossibility Results for Concurrent Composition and a Non-Interactive Completeness Theorem for Secure Computation , 2012, IACR Cryptol. ePrint Arch..

[29]  Yehuda Lindell,et al.  Universally composable two-party and multi-party secure computation , 2002, STOC '02.

[30]  Rafail Ostrovsky,et al.  One-way functions are essential for non-trivial zero-knowledge , 1993, [1993] The 2nd Israel Symposium on Theory and Computing Systems.

[31]  Rafail Ostrovsky,et al.  Minimum resource zero-knowledge proofs (extended abstracts) , 1989, CRYPTO 1989.

[32]  Oded Goldreich,et al.  Concurrent zero-knowledge with timing, revisited , 2002, STOC '02.

[33]  Adi Shamir,et al.  Multiple non-interactive zero knowledge proofs based on a single random string , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[34]  Ran Canetti,et al.  Universally Composable Commitments , 2001, CRYPTO.

[35]  Rafail Ostrovsky,et al.  Minimum resource zero knowledge proofs , 1989, 30th Annual Symposium on Foundations of Computer Science.

[36]  Rafail Ostrovsky,et al.  Robust Non-interactive Zero Knowledge , 2001, CRYPTO.

[37]  Yehuda Lindell,et al.  Concurrent general composition of secure protocols in the timing model , 2005, STOC '05.

[38]  Rafael Pass,et al.  A unified framework for concurrent security: universal composability from stand-alone non-malleability , 2009, STOC '09.

[39]  Ran Canetti,et al.  Adaptive Hardness and Composable Security in the Plain Model from Standard Assumptions , 2010, FOCS.

[40]  Manuel Blum,et al.  Noninteractive Zero-Knowledge , 1991, SIAM J. Comput..

[41]  Rafail Ostrovsky,et al.  On Concurrent Zero-Knowledge with Pre-processing , 1999, CRYPTO.

[42]  Alfredo De Santis,et al.  Zero-knowledge proofs of knowledge without interaction , 1992, Proceedings., 33rd Annual Symposium on Foundations of Computer Science.

[43]  Ran Canetti,et al.  Universally composable protocols with relaxed set-up assumptions , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[44]  Yehuda Lindell,et al.  Impossibility Results for Universal Composability in Public-Key Models and with Fixed Inputs , 2011, Journal of Cryptology.

[45]  Alon Rosen,et al.  A Note on the Round-Complexity of Concurrent Zero-Knowledge , 2000, CRYPTO.

[46]  Manuel Blum,et al.  How to Prove a Theorem So No One Else Can Claim It , 2010 .

[47]  Rafael Pass,et al.  Eye for an Eye: Efficient Concurrent Zero-Knowledge in the Timing Model , 2010, TCC.

[48]  Alfredo De Santis,et al.  Communication Efficient Zero-Knowledge Proofs of Knowledge (With Applications to Electronic Cash) , 1992, STACS.

[49]  Oded Goldreich,et al.  How to construct constant-round zero-knowledge proof systems for NP , 1996, Journal of Cryptology.

[50]  Joe Kilian,et al.  On the Concurrent Composition of Zero-Knowledge Proofs , 1999, EUROCRYPT.

[51]  Moni Naor,et al.  Non-Malleable Cryptography (Extended Abstract) , 1991, STOC 1991.

[52]  Rafail Ostrovsky,et al.  Minimum Resource Zero-Knowledge Proofs (Extended Abstract) , 1989, CRYPTO.

[53]  Silvio Micali,et al.  Local zero knowledge , 2006, STOC '06.

[54]  Joe Kilian,et al.  Concurrent and resettable zero-knowledge in poly-loalgorithm rounds , 2001, STOC '01.

[55]  Boaz Barak,et al.  How to go beyond the black-box simulation barrier , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[56]  Amit Sahai,et al.  Concurrent zero knowledge with logarithmic round-complexity , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[57]  Silvio Micali,et al.  Precise Zero Knowledge , 2011 .

[58]  Moni Naor,et al.  Concurrent zero-knowledge , 1998, STOC '98.

[59]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[60]  Giovanni Di Crescenzo,et al.  Constant-Round Resettable Zero Knowledge with Concurrent Soundness in the Bare Public-Key Model , 2004, CRYPTO.

[61]  Rafail Ostrovsky,et al.  One-way functions, hard on average problems, and statistical zero-knowledge proofs , 1991, [1991] Proceedings of the Sixth Annual Structure in Complexity Theory Conference.

[62]  Oded Goldreich,et al.  Universal arguments and their applications , 2002, Proceedings 17th IEEE Annual Conference on Computational Complexity.

[63]  Ivan Visconti,et al.  Efficient Zero Knowledge on the Internet , 2006, ICALP.