Black-box non-black-box zero knowledge

Motivated by theoretical and practical interest, the challenging task of designing cryptographic protocols having only black-box access to primitives has generated various breakthroughs in the last decade. Despite such positive results, even though nowadays we know black-box constructions for secure two-party and multi-party computation even in constant rounds, there still are in Cryptography several constructions that critically require non-black-box use of primitives in order to securely realize some fundamental tasks. As such, the study of the gap between black-box and nonblack-box constructions still includes major open questions. In this work we make progress towards filling the above gap. We consider the case of black-box constructions for computations requiring that even the size of the input of a player remains hidden. We show how to commit to a string of arbitrary size and to prove statements over the bits of the string. Both the commitment and the proof are succinct, hide the input size and use standard primitives in a blackbox way. We achieve such a result by giving a black-box construction of an extendable Merkle tree that relies on a novel use of the "MPC in the head" paradigm of Ishai et al. [STOC 2007]. We show the power of our new techniques by giving the first black-box constant-round public-coin zero knowledge argument for NP. To achieve this result we use the nonblack-box simulation technique introduced by Barak [FOCS 2001], the PCP of Proximity introduced by Ben-Sasson et al. [STOC 2004], together with a black-box public-coin witness indistinguishable universal argument that we construct along the way.

[1]  Tal Malkin,et al.  Simple, Black-Box Constructions of Adaptively Secure Protocols , 2009, TCC.

[2]  Eli Ben-Sasson,et al.  On the Concrete-Efficiency Threshold of Probabilistically-Checkable Proofs , 2012, Electron. Colloquium Comput. Complex..

[3]  Vipul Goyal,et al.  Constant round non-malleable protocols using one way functions , 2011, STOC '11.

[4]  Ran Canetti,et al.  Advances in Cryptology – CRYPTO 2012 , 2012, Lecture Notes in Computer Science.

[5]  Omer Reingold,et al.  Statistically Hiding Commitments and Statistical Zero-Knowledge Arguments from Any One-Way Function , 2009, SIAM J. Comput..

[6]  Rafail Ostrovsky,et al.  Revisiting Lower and Upper Bounds for Selective Decommitments , 2011, IACR Cryptol. ePrint Arch..

[7]  Tatsuaki Okamoto,et al.  Constant-Round Black-Box Construction of Composable Multi-Party Computation Protocol , 2014, TCC.

[8]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[9]  Dennis Hofheinz Possibility and Impossibility Results for Selective Decommitments , 2010, Journal of Cryptology.

[10]  Silvio Micali,et al.  CS Proofs (Extended Abstracts) , 1994, FOCS 1994.

[11]  David Xiao,et al.  Errata to (Nearly) Round-Optimal Black-Box Constructions of Commitments Secure against Selective Opening Attacks , 2013, TCC.

[12]  Iftach Haitner,et al.  Semi-honest to Malicious Oblivious Transfer - The Black-Box Way , 2008, TCC.

[13]  Nir Bitansky,et al.  Point Obfuscation and 3-Round Zero-Knowledge , 2012, TCC.

[14]  Baruch Awerbuch,et al.  Verifiable secret sharing and achieving simultaneity in the presence of faults , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[15]  Oded Goldreich,et al.  Universal arguments and their applications , 2002, Proceedings 17th IEEE Annual Conference on Computational Complexity.

[16]  Ivan Damgård,et al.  Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks , 1991, CRYPTO.

[17]  Omer Reingold,et al.  Statistically-hiding commitment from any one-way function , 2007, STOC '07.

[18]  R. Cramer,et al.  Linear Zero-Knowledgde. A Note on Efficient Zero-Knowledge Proofs and Arguments , 1996 .

[19]  Boaz Barak,et al.  How to go beyond the black-box simulation barrier , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[20]  Rafael Pass,et al.  Concurrent Nonmalleable Commitments , 2008, SIAM J. Comput..

[21]  Yehuda Lindell,et al.  Universally composable two-party and multi-party secure computation , 2002, STOC '02.

[22]  Rafail Ostrovsky,et al.  Constructing Non-malleable Commitments: A Black-Box Approach , 2012, 2012 IEEE 53rd Annual Symposium on Foundations of Computer Science.

[23]  Rafail Ostrovsky,et al.  Simultaneous Resettability from One-Way Functions , 2013, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science.

[24]  Yehuda Lindell,et al.  Black-Box Constructions for Secure Computation ∗ (extended abstract) , 2006 .

[25]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[26]  Yael Tauman Kalai,et al.  Securing Circuits against Constant-Rate Tampering , 2012, CRYPTO.

[27]  John Rompel,et al.  One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.

[28]  Silvio Micali,et al.  CS proofs , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[29]  Yehuda Lindell,et al.  A Full Proof of the BGW Protocol for Perfectly Secure Multiparty Computation , 2015, Journal of Cryptology.

[30]  Yuval Ishai,et al.  Probabilistically Checkable Proofs of Proximity with Zero-Knowledge , 2014, TCC.

[31]  Moni Naor,et al.  Bit commitment using pseudorandomness , 2004, Journal of Cryptology.

[32]  Nir Bitansky,et al.  On the impossibility of approximate obfuscation and applications to resettable cryptography , 2013, STOC '13.

[33]  Yuval Ishai,et al.  The round complexity of verifiable secret sharing and secure multicast , 2001, STOC '01.

[34]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[35]  Silvio Micali,et al.  Practical and Provably-Secure Commitment Schemes from Collision-Free Hashing , 1996, CRYPTO.

[36]  Ivan Damgård,et al.  Efficient Multiparty Computations Secure Against an Adaptive Adversary , 1999, EUROCRYPT.

[37]  Kai-Min Chung,et al.  Non-black-box simulation from one-way functions and applications to resettable security , 2013, STOC '13.

[38]  Russell Impagliazzo,et al.  Limits on the provable consequences of one-way permutations , 1988, STOC '89.

[39]  Rafail Ostrovsky,et al.  Zero-knowledge from secure multiparty computation , 2007, STOC '07.

[40]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[41]  Hoeteck Wee,et al.  Black-Box, Round-Efficient Secure Computation via Non-malleability Amplification , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[42]  Joe Kilian,et al.  A note on efficient zero-knowledge proofs and arguments (extended abstract) , 1992, STOC '92.

[43]  Hoeteck Wee,et al.  Black-Box Constructions of Two-Party Protocols from One-Way Functions , 2009, TCC.

[44]  David Xiao,et al.  (Nearly) Round-Optimal Black-Box Constructions of Commitments Secure against Selective Opening Attacks , 2011, TCC.

[45]  Nir Bitansky,et al.  From the Impossibility of Obfuscation to a New Non-Black-Box Simulation Technique , 2012, 2012 IEEE 53rd Annual Symposium on Foundations of Computer Science.

[46]  Moni Naor,et al.  On Cryptographic Assumptions and Challenges , 2003, CRYPTO.

[47]  Rafael Pass,et al.  Black-Box Constructions of Composable Protocols without Set-Up , 2012, CRYPTO.

[48]  Eli Ben-Sasson,et al.  Robust PCPs of Proximity, Shorter PCPs, and Applications to Coding , 2004, SIAM J. Comput..

[49]  Yehuda Lindell,et al.  Black-box constructions for secure computation , 2006, STOC '06.

[50]  Ivan Damgård,et al.  Linear zero-knowledge—a note on efficient zero-knowledge proofs and arguments , 1997, STOC '97.

[51]  Rafail Ostrovsky,et al.  4-Round Resettably-Sound Zero Knowledge , 2014, TCC.

[52]  Rudolf Ahlswede,et al.  Founding Cryptography on Oblivious Transfer , 2016 .

[53]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[54]  Sanjeev Arora,et al.  Probabilistic checking of proofs: a new characterization of NP , 1998, JACM.