Concurrent Zero Knowledge in the Public-Key Model

The concurrent setting for Zero-Knowledge protocols is very challenging as it requires protocols to remain secure even when several parties execute the same protocol concurrently. Indeed, it has been proved that achieving concurrent security for (black-box-simulation) zero-knowledge protocols in standard models requires a non-constant number of rounds, thus severely limiting efficiency. As a result, a few models with additional setup or network assumptions have been introduced to present constant-round concurrently-secure zero-knowledge protocols for all languages in ${\mathcal NP}$. In this paper we consider the bare public-key model, which is known to have very minimal setup assumptions, and we present the first constant round and concurrently secure zero-knowledge argument for any languages in ${\mathcal NP}$, under standard intractability assumptions. In fact, our protocol requires 4 rounds and is therefore round-optimal, is a proof of knowledge, and is time-efficient, in the sense that it is based on a tranformation that does not require any expensive ${\mathcal NP}$ reduction from prover or verifier. One 5-round variant of our protocol can be based on the minimal assumption of the existence of a one-way function.

[1]  Ran Canetti,et al.  Resettable zero-knowledge (extended abstract) , 2000, STOC '00.

[2]  Hugo Krawczyk,et al.  On the Composition of Zero-Knowledge Proof Systems , 1990, ICALP.

[3]  Marc Fischlin,et al.  Efficient Non-Malleable Commitment Schemes , 2000, Annual International Cryptology Conference.

[4]  Pil Joong Lee,et al.  Advances in Cryptology — ASIACRYPT 2001 , 2001, Lecture Notes in Computer Science.

[5]  Giovanni Di Crescenzo,et al.  Improved Setup Assumptions for 3-Round Resettable Zero Knowledge , 2004, ASIACRYPT.

[6]  Manuel Blum,et al.  Noninteractive Zero-Knowledge , 1991, SIAM J. Comput..

[7]  Rafail Ostrovsky,et al.  On Concurrent Zero-Knowledge with Pre-processing , 1999, CRYPTO.

[8]  Rafail Ostrovsky,et al.  Efficient and Non-interactive Non-malleable Commitment , 2001, EUROCRYPT.

[9]  Ran Canetti,et al.  Black-box concurrent zero-knowledge requires \tilde {Ω} (logn) rounds , 2001, STOC '01.

[10]  Silvio Micali,et al.  The Knowledge Complexity of Interactive Proof Systems , 1989, SIAM J. Comput..

[11]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[12]  Amit Sahai,et al.  Concurrent Zero Knowledge without Complexity Assumptions , 2006, Electron. Colloquium Comput. Complex..

[13]  Yunlei Zhao,et al.  Concurrent/Resettable Zero-Knowledge With Concurrent Soundness in the Bare Public-Key Model and Its Applications , 2003, IACR Cryptol. ePrint Arch..

[14]  Amit Sahai,et al.  Concurrent Zero-Knowledge: Reducing the Need for Timing Constraints , 1998, CRYPTO.

[15]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[16]  Joe Kilian,et al.  Concurrent and resettable zero-knowledge in poly-loalgorithm rounds , 2001, STOC '01.

[17]  Oded Goldreich,et al.  Concurrent zero-knowledge with timing, revisited , 2002, STOC '02.

[18]  Amit Sahai,et al.  Concurrent zero knowledge with logarithmic round-complexity , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[19]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[20]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[21]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[22]  S. D. Chatterji Proceedings of the International Congress of Mathematicians , 1995 .

[23]  Joan Feigenbaum,et al.  Advances in Cryptology-Crypto 91 , 1992 .

[24]  Joe Kilian,et al.  On the Concurrent Composition of Zero-Knowledge Proofs , 1999, EUROCRYPT.

[25]  Giovanni Di Crescenzo,et al.  Equivocable and Extractable Commitment Schemes , 2002, SCN.

[26]  Jacques Stern,et al.  Advances in Cryptology — EUROCRYPT ’99 , 1999, Lecture Notes in Computer Science.

[27]  S. Micali,et al.  Noninteractive Zero-Knowledge , 1990, SIAM J. Comput..

[28]  Giovanni Di Crescenzo Removing Complexity Assumptions from Concurrent Zero-Knowledge Proofs , 2000, COCOON.

[29]  Hugo Krawczyk,et al.  Advances in Cryptology - CRYPTO '98 , 1998 .

[30]  Moni Naor,et al.  Concurrent zero-knowledge , 1998, STOC '98.

[31]  Giovanni Di Crescenzo,et al.  Constant-Round Resettable Zero Knowledge with Concurrent Soundness in the Bare Public-Key Model , 2004, CRYPTO.

[32]  Ran Canetti,et al.  Resettable Zero-Knowledge , 1999, IACR Cryptol. ePrint Arch..

[33]  Silvio Micali,et al.  Soundness in the Public-Key Model , 2001, CRYPTO.

[34]  Giovanni Di Crescenzo,et al.  On monotone formula closure of SZK , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[35]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[36]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[37]  Yehuda Lindell,et al.  Resettably-sound zero-knowledge and its applications , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[38]  Mihir Bellare Advances in Cryptology — CRYPTO 2000 , 2000, Lecture Notes in Computer Science.

[39]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.

[40]  Moni Naor,et al.  Nonmalleable Cryptography , 2000, SIAM Rev..