Simultaneous Resettability from Collision Resistance

In FOCS 2001, Barak, Goldreich, Goldwasser and Lindell conjectured that the existence of ZAPs, introduced by Dwork and Naor in FOCS 2000, could lead to the design of a zeroknowledge proof system that is secure against both resetting provers and resetting verifiers. Their conjecture has been proven true by Deng, Goyal and Sahai in FOCS 2009 where both ZAPs and collision-resistant hash functions (CRHFs, for short) play a fundamental role. In this paper, we present a new technique that allows us to prove that simultaneously resettable zero knowledge can be achieved by relying on CRHFs only. Our construction therefore goes beyond the conjecture of Barak et al. bypassing the (demanding) use of ZAPs, that in turn require double enhanced trapdoor permutations (DTPs, for short). More specifically, we present the following results: 1. We construct the first resettably-sound resettable witness indistinguishable (rsrWI, for short) argument for NP based on CRHFs. Our construction exploits a new technique that we call “soundness upgrade”. In order to upgrade stand-alone soundness to resettable soundness, we use the lower bound proved by Rosen in CRYPTO 2000 on the round complexity of black-box concurrent zero knowledge. Moreover our rsrWI argument is an argument of knowledge (AoK, for short). 2. As an application of the above result, we obtain the main theorem of this work: we prove (constructively) the existence of an argument system that is both resettable zero knowledge and resettably sound under the sole assumption that CRHFs exist. Our results improve the state-of-the-art, and, perhaps even more importantly, provide a novel tool for the design of resettably-secure protocols. We also show a novel way to use protocol lower bounds in constructive protocol design.

[1]  Marc Fischlin,et al.  Identification Protocols Secure against Reset Attacks , 2001, EUROCRYPT.

[2]  Rafael Pass,et al.  New and Improved Constructions of Nonmalleable Cryptographic Protocols , 2008, SIAM J. Comput..

[3]  Ahmad-Reza Sadeghi,et al.  Improved Security Notions and Protocols for Non-transferable Identification , 2008, ESORICS.

[4]  Rafail Ostrovsky,et al.  Non-interactive Zaps and New Techniques for NIZK , 2006, CRYPTO.

[5]  Vipul Goyal,et al.  Stateless Cryptographic Protocols , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[6]  Ivan Visconti,et al.  On Round-Optimal Zero Knowledge in the Bare Public-Key Model , 2012, EUROCRYPT.

[7]  Rafail Ostrovsky,et al.  Resettable Statistical Zero Knowledge , 2012, IACR Cryptol. ePrint Arch..

[8]  Ivan Visconti,et al.  Impossibility and Feasibility Results for Zero Knowledge with Public Keys , 2005, CRYPTO.

[9]  Ran Canetti,et al.  Black-box concurrent zero-knowledge requires \tilde {Ω} (logn) rounds , 2001, STOC '01.

[10]  Dongdai Lin,et al.  Instance-Dependent Verifiable Random Functions and Their Application to Simultaneous Resettability , 2007, EUROCRYPT.

[11]  Scott Yilek,et al.  Resettable Public-Key Encryption: How to Encrypt on a Virtual Machine , 2010, CT-RSA.

[12]  Yehuda Lindell,et al.  Resettably-sound zero-knowledge and its applications , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[13]  Rafail Ostrovsky,et al.  Nearly Simultaneously Resettable Black-Box Zero Knowledge , 2012, ICALP.

[14]  Yunlei Zhao,et al.  Resettable Zero-Knowledge in the Weak Public-Key Model , 2003, EUROCRYPT.

[15]  Silvio Micali,et al.  Min-round Resettable Zero-Knowledge in the Public-Key Model , 2001, EUROCRYPT.

[16]  Rafail Ostrovsky,et al.  Simultaneously Resettable Arguments of Knowledge , 2012, TCC.

[17]  Oded Goldreich,et al.  Universal arguments and their applications , 2002, Proceedings 17th IEEE Annual Conference on Computational Complexity.

[18]  Moni Naor,et al.  Zaps and their applications , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[19]  Dongdai Lin,et al.  Resettable Cryptography in Constant Rounds - the Case of Zero Knowledge , 2011, IACR Cryptol. ePrint Arch..

[20]  Boaz Barak,et al.  Non-black-box Techniques in Cryptography , 2006, CSR.

[21]  Yunlei Zhao,et al.  Generic and Practical Resettable Zero-Knowledge in the Bare Public-Key Model , 2007, EUROCRYPT.

[22]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[23]  Boaz Barak,et al.  How to go beyond the black-box simulation barrier , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[24]  Carmine Ventre,et al.  Co-sound Zero-Knowledge with Public Keys , 2009, AFRICACRYPT.

[25]  Giovanni Di Crescenzo,et al.  Constant-Round Resettable Zero Knowledge with Concurrent Soundness in the Bare Public-Key Model , 2004, CRYPTO.

[26]  Oded Goldreich Zero-Knowledge , 2002, FOCS 2002.

[27]  Nir Bitansky,et al.  From the Impossibility of Obfuscation to a New Non-Black-Box Simulation Technique , 2012, 2012 IEEE 53rd Annual Symposium on Foundations of Computer Science.

[28]  Moni Naor,et al.  Concurrent zero-knowledge , 2004, JACM.

[29]  Yehuda Lindell,et al.  Lower bounds for non-black-box zero knowledge , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[30]  Ran Canetti,et al.  Black-Box Concurrent Zero-Knowledge Requires ~Omega(log n) Rounds , 2001, Electron. Colloquium Comput. Complex..

[31]  Alon Rosen,et al.  A Note on the Round-Complexity of Concurrent Zero-Knowledge , 2000, CRYPTO.

[32]  Manuel Blum,et al.  How to Prove a Theorem So No One Else Can Claim It , 2010 .

[33]  Ran Canetti,et al.  Resettable zero-knowledge (extended abstract) , 2000, STOC '00.

[34]  Oded Goldreich Basing Non-Interactive Zero-Knowledge on (Enhanced) Trapdoor Permutations: The State of the Art , 2011, Studies in Complexity and Cryptography.

[35]  Rafael Pass,et al.  New and improved constructions of non-malleable cryptographic protocols , 2005, STOC '05.

[36]  Giovanni Di Crescenzo,et al.  Improved Setup Assumptions for 3-Round Resettable Zero Knowledge , 2004, ASIACRYPT.

[37]  Rafail Ostrovsky,et al.  Impossibility Results for Static Input Secure Computation , 2012, IACR Cryptol. ePrint Arch..

[38]  Amit Sahai,et al.  Resolving the Simultaneous Resettability Conjecture and a New Non-Black-Box Simulation Strategy , 2009, 2009 50th Annual IEEE Symposium on Foundations of Computer Science.

[39]  Silvio Micali,et al.  Soundness in the Public-Key Model , 2001, CRYPTO.

[40]  Adi Shamir,et al.  Publicly Verifiable Non-Interactive Zero-Knowledge Proofs , 1990, CRYPTO.

[41]  Rafael Pass,et al.  Concurrent non-malleable commitments , 2005, 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS'05).

[42]  Adi Shamir,et al.  Multiple non-interactive zero knowledge proofs based on a single random string , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.