On Non-Black-Box Simulation and the Impossibility of Approximate Obfuscation

Bitansky, Nir; Paneth, Omer

doi:10.1137/130928236

Cited by 15 publications

(9 citation statements)

References 38 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Finally, following the general transformation of (Deng et al 2009), they obtained a simultaneously-resettable ZK protocol. We stress that, to the best of our knowledge, this transformation is the most direct route to achieve simultaneously-resettable zero-knowledge argument system (see also (Bitansky and Paneth 2015;Chung et al 2013a;Canetti et al 2013)). In this paper, we observe that this construction actually preserves non-malleability: If the original protocol is a constant-round concurrent non-malleable zero-knowledge argument system, then the new one is a constant-round resettably-sound concurrent nonmalleable zero-knowledge argument.…”

Section: Our Techniquesmentioning

confidence: 90%

“…It requires the soundness condition holds even when the prover can reset the verifier to use the same random tape in multiple concurrent executions. Following the two works above, a number of works have investigated the resettable security in zero-knowledge protocols (Deng et al 2009;Cho et al 2012;Garg et al 2012;Chung et al 2013bChung et al , 2014Bitansky and Paneth 2015;Ostrovsky et al 2015), which focused on either reducing the complexity assumptions or reducing the round complexity and so on. Recently, Chung et al (2013a) presented a construction of the simultaneous resettable zero-knowledge protocol with polynomial rounds based on the minimal assumption of one-way functions.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Concurrent non-malleable zero-knowledge and simultaneous resettable non-malleable zero-knowledge in constant rounds

2018

View full text Add to dashboard Cite

Concurrent non-malleable zero-knowledge (CNMZK) considers the concurrent execution of zero-knowledge protocols in a setting even when adversaries can simultaneously corrupt multiple provers and verifiers. As far as we know, the round complexity of all the constructions of CNMZK arguments for NP is at least ω(log n). In this paper, we provide the first construction of a constant-round concurrent non-malleable zero-knowledge argument for every language in NP. Our protocol relies on the existence of families of collision-resistant hash functions, one-way permutations and indistinguishability obfuscators. As an additional contribution, we study the composition of two central notions in zero knowledge, the simultaneously resettable zero-knowledge and non-malleable zero-knowledge, which seemingly have stronger proved security guarantees. We give the first construction of a constant-round simultaneously-resettable non-malleable zero-knowledge. To the best of our knowledge, this is the first study to combine the two security concepts described above together in the zero-knowledge protocols.

show abstract

Section: Our Techniquesmentioning

confidence: 90%

Section: Introductionmentioning

confidence: 99%

Concurrent non-malleable zero-knowledge and simultaneous resettable non-malleable zero-knowledge in constant rounds

2018

View full text Add to dashboard Cite

show abstract

“…Finally, we use the transformation of [30] to construct resettably-sound protocol [4,31,32]. Roughly speaking, for each message from the verifier in our original protocol, we replace the randomness needed by the verifier by applying a pseudo-random function f s to the messages that the verifier has received so far.…”

Section: Our Techniquesmentioning

confidence: 99%

A novel approach to public-coin concurrent zero-knowledge and applications on resettable security

Yan

Deng

2019

Sci. China Inf. Sci.

View full text Add to dashboard Cite

Canetti, Lin and Paneth in TCC 2013 showed a O(log 1+ε n) rounds public-coin concurrent zeroknowledge argument system (CZK) based on the existence of collision resistant hash functions, which is currently known as round optimal public-coin CZK from standard assumptions. In this paper, we further address this problem and present an alternative construction of public-coin CZK argument system with succinct slot. The key technique involves a new variant of Barak's non-black-box simulate approach. In particular, the original protocol uses n commitments in each slot, while our construction uses one commitment in each slot. Through our simulation techniques, the simulator recovers any previous state needed for the probabilistically checkable proof (PCP) from the current committed state, which, in our view, may be of independent interest. Furthermore, the public-coin CZK argument system can be transformed into a resettable security protocol based on the one way functions assumption. Therefore, we present a new construction of the simultaneous resettable zero-knowledge argument system.

show abstract

“…, ρ head(k+1)−1 (which are computed in Step 1), find the randomness R 1 that was used for generating C i 1 , −1 . 10 Then, compute a PCP proof π s for statement Case 2. ctr s = 1, and trans k contains a UA-slot of the sth session. /*Computing WIPOK witness*/ Let sl denote the UA-slot that is contained by trans k .…”

Section: Formal Description Of Smentioning

confidence: 99%

“…An important step toward obtaining non-black-box simulation in the fully concurrent setting was made by Deng et al [17], who used Barak's technique in the fully concurrent setting by combining it with a black-box simulation technique (specifically, with the recursive rewinding technique of Richardson and Kilian [34]). Another important step was made by Bitansky and Paneth [8][9][10], who developed a new non-black-box simulation technique (which is not based on that of Barak) that can handle fully concurrent execution when being combined with a black-box simulation technique (again, the recursive rewinding technique of [34]). The simulation techniques of these works are powerful enough to allow us to overcome another black-box impossibility result (the impossibility of simultaneously resettable ZK protocols [6,12]).…”

Section: Introductionmentioning

confidence: 99%

Non-black-box Simulation in the Fully Concurrent Setting, Revisited

Kiyoshima

2019

J Cryptol

View full text Add to dashboard Cite

We give a new proof of the existence of O(n)-round public-coin concurrent zero-knowledge arguments for N P, where > 0 is an arbitrary constant. The security is proven in the plain model under the assumption that collision-resistant hash functions exist. The existence of such concurrent zero-knowledge arguments was previously proven by Goyal (STOC'13) in the plain model under the same assumption. In the proof, we use a new variant of the non-black-box simulation technique of Barak (FOCS'01). An important property of our simulation technique is that the simulator runs in a "straight-line" manner in the fully concurrent setting. Compared with the simulation technique of Goyal, which also has such a property, the analysis of our simulation technique is (arguably) simpler.

show abstract

On Non-Black-Box Simulation and the Impossibility of Approximate Obfuscation

Cited by 15 publications

References 38 publications

Concurrent non-malleable zero-knowledge and simultaneous resettable non-malleable zero-knowledge in constant rounds

Concurrent non-malleable zero-knowledge and simultaneous resettable non-malleable zero-knowledge in constant rounds

A novel approach to public-coin concurrent zero-knowledge and applications on resettable security

Non-black-box Simulation in the Fully Concurrent Setting, Revisited

Contact Info

Product

Resources

About