Concurrent Knowledge Extraction in the Public-Key Model

Yao, Andrew Chi-Chih; Yung, Moti; Zhao, Yunlei

doi:10.1007/978-3-642-14165-2_59

Cited by 5 publications

(16 citation statements)

References 46 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this paper we show subtle problems concerning security proofs of various cZK and rZK arguments in the BPK model [18,32,7,9,27,31,6,29], including all round-optimal constructions published so far.…”

Section: Our Results and Techniquesmentioning

confidence: 99%

“…We have given details to explain the problem with the simulation of Π MR , and under minor variations, all other results [18,32,7,9,27,31,6,29] suffer of similar problems. We will now focus on protocols that however could have a different simulation.…”

Section: The Case Of π Mrmentioning

confidence: 99%

“…In the very specific case of rZK, since soundness is proved through complexity leveraging, the proof of soundness could go through. [29,28]. In the concurrently sound cZK protocol presented in [29,28], the simulator is required to commit in the second round to one of the two secret keys of the verifier.…”

Section: The Case Of π Y Zmentioning

confidence: 99%

“…A more recent result [6] obtains both round optimality and optimal complexity assumptions (i.e., OWFs) in a concurrently sound cZK AoK. More sophisticated notions of arguments of knowledge have been given in [10] and in [29,28]. Indeed these papers focus on concurrent knowledge extraction (under different formulations).…”

mentioning

confidence: 99%

See 3 more Smart Citations

On Round-Optimal Zero Knowledge in the Bare Public-Key Model

Scafuro

Visconti

2012

Advances in Cryptology – EUROCRYPT 2012

View full text Add to dashboard Cite

Abstract. In this paper we revisit previous work in the BPK model and point out subtle problems concerning security proofs of concurrent and resettable zero knowledge (cZK and rZK, for short). Our analysis shows that the cZK and rZK simulations proposed for previous (in particular all round-optimal) protocols are distinguishable from real executions. Therefore some of the questions about achieving round optimal cZK and rZK in the BPK model are still open. We then show our main protocol, ΠcZK, that is a round-optimal concurrently sound cZK argument of knowledge (AoK, for short) for NP under standard complexitytheoretic assumptions. Next, using complexity leveraging arguments, we show a protocol ΠrZK that is round-optimal and concurrently sound rZK for NP. Finally we show that ΠcZK and ΠrZK can be instantiated efficiently through transformations based on number-theoretic assumptions. Indeed, starting from any language admitting a perfect Σ-protocol, they produce concurrently sound protocolsΠcZK andΠrZK, whereΠcZK is a round-optimal cZKAoK, andΠrZK is a 5-round rZK argument. The rZK protocols are mainly inherited from the ones of Yung and Zhao [31].

show abstract

Section: Our Results and Techniquesmentioning

confidence: 99%

Section: The Case Of π Mrmentioning

confidence: 99%

Section: The Case Of π Y Zmentioning

confidence: 99%

mentioning

confidence: 99%

See 2 more Smart Citations

On Round-Optimal Zero Knowledge in the Bare Public-Key Model

Scafuro

Visconti

2012

Advances in Cryptology – EUROCRYPT 2012

View full text Add to dashboard Cite

show abstract

“…The bare public key model was proposed in [5] where, before any interaction starts, every player is required to declare a public key and store it in a public file (which never changes once the sessions start). In this model it is known how to obtain constant-round concurrent zero knowledge with concurrent soundness under standard assumptions [13,35,36,34]. This model has also been used for constant-round concurrent non-malleable zero knowledge [25] and various constant-round resettable and simultaneously resettable protocols [22,39,11,9,10,38,37,7].…”

Section: Related Workmentioning

confidence: 99%

Constant-Round Concurrent Zero Knowledge in the Bounded Player Model

Goyal

Jain

Ostrovsky

et al. 2013

Advances in Cryptology - ASIACRYPT 2013

View full text Add to dashboard Cite

Abstract. In [18] Goyal et al. introduced the bounded player model for secure computation. In the bounded player model, there are an a priori bounded number of players in the system, however, each player may execute any unbounded (polynomial) number of sessions. They showed that even though the model consists of a relatively mild relaxation of the standard model, it allows for round-efficient concurrent zero knowledge. Their protocol requires a super-constant number of rounds. In this work we show, constructively, that there exists a constant-round concurrent zero-knowledge argument in the bounded player model. Our result relies on a new technique where the simulator obtains a trapdoor corresponding to a player identity by putting together information obtained in multiple sessions. Our protocol is only based on the existence of a collision-resistance hash-function family and comes with a "straight-line" simulator. We note that this constitutes the strongest result known on constantround concurrent zero knowledge in the plain model (under well accepted relaxations) and subsumes Barak's constant-round bounded concurrent zero-knowledge result. We view this as a positive step towards getting constant round fully concurrent zero-knowledge in the plain model, without relaxations.

show abstract