Resettably Secure Computation

The notion of resettable zero-knowledge (rZK) was introduced by Canetti, Goldreich, Goldwasser and Micali (FOCS'01) as a strengthening of the classical notion of zero-knowledge. A rZK protocol remains zero-knowledge even if the verifier can reset the prover back to its initial state anytime during the protocol execution and force it to use the same random tape again and again. Following this work, various extensions of this notion were considered for the zero-knowledge and witness indistinguishability functionalities. In this paper, we initiate the study of resettability for more general functionalities. We first consider the setting of resettable two-party computation where a party (called the user) can reset the other party (called the smartcard) anytime during the protocol execution. After being reset, the smartcard comes back to its original state and thus the user has the opportunity to start interacting with it again (knowing that the smartcard will use the same set of random coins). In this setting, we show that it is possible to secure realize all PPT computable functionalities under the most natural (simulation based) definition. Thus our results show that in cryptographic protocols, the reliance on randomness and the ability to keep state can be made significantly weaker. Our simulator for the aforementioned resettable two-party computation protocol (inherently) makes use of non-black box techniques. Second, we provide a construction of simultaneous resettable multi-party computation with an honest majority (where the adversary not only controls a minority of parties but is also allowed to reset any number of parties at any point). Interestingly, all our results are in the plain model.

[1]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[2]  Amit Sahai,et al.  Concurrent Zero Knowledge without Complexity Assumptions , 2006, Electron. Colloquium Comput. Complex..

[3]  Silvio Micali,et al.  The round complexity of secure protocols , 1990, STOC '90.

[4]  Dongdai Lin,et al.  Instance-Dependent Verifiable Random Functions and Their Application to Simultaneous Resettability , 2007, EUROCRYPT.

[5]  Oded Goldreich,et al.  How to construct constant-round zero-knowledge proof systems for NP , 1996, Journal of Cryptology.

[6]  Joe Kilian,et al.  On the Concurrent Composition of Zero-Knowledge Proofs , 1999, EUROCRYPT.

[7]  Yehuda Lindell,et al.  On the Limitations of Universally Composable Two-Party Computation without Set-up Assumptions , 2003, EUROCRYPT.

[8]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[9]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[10]  Andrew Chi-Chih Yao,et al.  How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[11]  Jonathan Katz,et al.  Universally Composable Multi-party Computation Using Tamper-Proof Hardware , 2007, EUROCRYPT.

[12]  Amit Sahai,et al.  New Constructions for UC Secure Computation Using Tamper-Proof Hardware , 2008, EUROCRYPT.

[13]  Amit Sahai,et al.  Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[14]  Silvio Micali,et al.  The Round Complexity of Secure Protocols (Extended Abstract) , 1990, STOC 1990.

[15]  Moni Naor,et al.  Concurrent zero-knowledge , 2004, JACM.

[16]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[17]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[18]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[19]  Moni Naor,et al.  Zaps and Their Applications , 2007, SIAM J. Comput..

[20]  Yunlei Zhao,et al.  Generic and Practical Resettable Zero-Knowledge in the Bare Public-Key Model , 2007, EUROCRYPT.

[21]  Moni Naor Advances in Cryptology - EUROCRYPT 2007, 26th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Barcelona, Spain, May 20-24, 2007, Proceedings , 2007, EUROCRYPT.

[22]  J. Kilian,et al.  Concurrent and Resettable Zero-Knowledge in Poly-logarithmic Rounds [ Extended Abstract ] , 2001 .

[23]  Ran Canetti,et al.  Resettable zero-knowledge (extended abstract) , 2000, STOC '00.

[24]  Nigel P. Smart,et al.  Advances in Cryptology - EUROCRYPT 2008, 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Istanbul, Turkey, April 13-17, 2008. Proceedings , 2008, EUROCRYPT.

[25]  Yehuda Lindell,et al.  Bounded-concurrent secure two-party computation without setup assumptions , 2003, STOC '03.

[26]  Yehuda Lindell,et al.  Resettably-sound zero-knowledge and its applications , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[27]  Cynthia Dwork,et al.  Differential Privacy: A Survey of Results , 2008, TAMC.

[28]  Silvio Micali,et al.  Local zero knowledge , 2006, STOC '06.

[29]  Joe Kilian,et al.  Concurrent and resettable zero-knowledge in poly-loalgorithm rounds , 2001, STOC '01.

[30]  Boaz Barak,et al.  How to go beyond the black-box simulation barrier , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[31]  Amit Sahai,et al.  Concurrent zero knowledge with logarithmic round-complexity , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[32]  Yehuda Lindell,et al.  Lower Bounds for Concurrent Self Composition , 2004, TCC.

[33]  Ran Canetti,et al.  Universally Composable Commitments , 2001, CRYPTO.

[34]  Yehuda Lindell,et al.  Secure Computation without Agreement , 2002, DISC.

[35]  Moni Naor,et al.  Bit commitment using pseudorandomness , 1989, Journal of Cryptology.

[36]  Amit Sahai,et al.  Resolving the Simultaneous Resettability Conjecture and a New Non-Black-Box Simulation Strategy , 2009, 2009 50th Annual IEEE Symposium on Foundations of Computer Science.