Results 1  10
of
182
Impossibility Results for LeakageResilient Zero Knowledge and MultiParty Computation
"... In [AGP14] Ananth et al. showed that continual leakageresilient nontransferable interactive proofs exist when a leakfree inputencoding phase is allowed and a common reference string is available. They left open the problem of removing the need of a common reference string. In [BGJK12] Boyle et a ..."
Abstract
 Add to MetaCart
questions. Our main contribution shows that leakageresilient blackbox zeroknowledge is impossible when relying on a leakfree inputencoding phase only (i.e., without CRS/preprocessing). Additionally, we also show that leakageresilient multiparty computation for all functionalities is impossible
Achieving Constant Round LeakageResilient ZeroKnowledge
"... Recently there has been a huge emphasis on constructing cryptographic protocols that maintain their security guarantees even in the presence of side channel attacks. Such attacks exploit the physical characteristics of a cryptographic device to learn useful information about the internal state of th ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
is ⌈ n ϵ ⌉. In this work, we present the first construction of leakageresilient zeroknowledge satisfying the ideal requirement of ϵ = 0. While our focus is on a feasibility result for ϵ = 0, our construction also enjoys a constant number of rounds. At the heart of our construction is a new “public
LeakageResilient Zero Knowledge ∗
"... In this paper, we initiate a study of zero knowledge proof systems in the presence of sidechannel attacks. Specifically, we consider a setting where a cheating verifier is allowed to obtain arbitrary bounded leakage on the entire state (including the witness and the random coins) of the proverduring ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
) of the proverduring the entire protocol execution. We formalize a meaningful definition of leakageresilient zero knowledge (LRZK) proof system, that intuitively guarantees that the protocol does not yield anything beyond the validity of the statement and the leakage obtained by the verifier. We give a construction
On the Composition of ZeroKnowledge Proof Systems
 SIAM Journal on Computing
, 1990
"... : The wide applicability of zeroknowledge interactive proofs comes from the possibility of using these proofs as subroutines in cryptographic protocols. A basic question concerning this use is whether the (sequential and/or parallel) composition of zeroknowledge protocols is zeroknowledge too. We ..."
Abstract

Cited by 208 (15 self)
 Add to MetaCart
. We demonstrate the limitations of the composition of zeroknowledge protocols by proving that the original definition of zeroknowledge is not closed under sequential composition; and that even the strong formulations of zeroknowledge (e.g. blackbox simulation) are not closed under parallel
ConstantRound LeakageResilient ZeroKnowledge Arguments of Knowledge for NP
, 2014
"... Garg, Jain, and Sahai first consider zero knowledge proofs in the presence of leakage on the local state of the prover, and present a leakageresilientzeroknowledge proof system for HC (Hamiltonian Cycle) problem. Their construction is called (1 + ε)leakageresilient zeroknowledge, for any con ..."
Abstract
 Add to MetaCart
constant ε> 0, because the total length of the leakage the simulator needs is (1 + ε) times as large as that of the leakage received by the verifier. In recent, Pandey provides a constantround leakageresilient zeroknowledge argument satisfying the ideal requirement of ε = 0. Whether there exist
BlackBox Concurrent ZeroKnowledge Requires (almost) Logarithmically Many Rounds
 SIAM Journal on Computing
, 2002
"... We show that any concurrent zeroknowledge protocol for a nontrivial language (i.e., for a language outside BPP), whose security is proven via blackbox simulation, must use at least ~ \Omega\Gamma/10 n) rounds of interaction. This result achieves a substantial improvement over previous lower bound ..."
Abstract

Cited by 101 (9 self)
 Add to MetaCart
We show that any concurrent zeroknowledge protocol for a nontrivial language (i.e., for a language outside BPP), whose security is proven via blackbox simulation, must use at least ~ \Omega\Gamma/10 n) rounds of interaction. This result achieves a substantial improvement over previous lower
LeakageResilient Identification Schemes from ZeroKnowledge Proofs of Storage∗
"... We provide a framework for constructing leakageresilient identification (ID) protocols in the bounded retrieval model (BRM) from proofs of storage (PoS) that hide partial information about the file. More precisely, we describe a generic transformation from any zeroknowledge PoS to a leakageresili ..."
Abstract
 Add to MetaCart
We provide a framework for constructing leakageresilient identification (ID) protocols in the bounded retrieval model (BRM) from proofs of storage (PoS) that hide partial information about the file. More precisely, we describe a generic transformation from any zeroknowledge PoS to a leakageresilient
The RoundComplexity of BlackBox Concurrent ZeroKnowledge
, 2003
"... Zeroknowledge proof systems are interactive protocols that enable one party, called the prover, to convince another party, called the verifier, in the truth of a statement without revealing anything beyond the validity of the assertion being proved. Besides being fascinating on their own right, zer ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
in the era of the Internet, is one that allows the concurrent execution of zeroknowledge protocols. The most common technique for proving the zeroknowledge property of a protocol is called blackbox simulation. As it turns out, the usage of blackbox simulation in the concurrent setting introduces many
How to Go Beyond the BlackBox Simulation Barrier
 In 42nd FOCS
, 2001
"... The simulation paradigm is central to cryptography. A simulator is an algorithm that tries to simulate the interaction of the adversary with an honest party, without knowing the private input of this honest party. Almost all known simulators use the adversary’s algorithm as a blackbox. We present t ..."
Abstract

Cited by 228 (13 self)
 Add to MetaCart
The simulation paradigm is central to cryptography. A simulator is an algorithm that tries to simulate the interaction of the adversary with an honest party, without knowing the private input of this honest party. Almost all known simulators use the adversary’s algorithm as a blackbox. We present
The RoundComplexity of BlackBox ZeroKnowledge: A Combinatorial Characterization
"... Abstract. The roundcomplexity of blackbox zeroknowledge has for years been a topic of much interest. Results in this area generally focus on either proving lower bounds in various settings (e.g., Canetti, Kilian, Petrank, and Rosen [3] prove concurrent zeroknowledge (cZK) requires Ω(log n/log lo ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Abstract. The roundcomplexity of blackbox zeroknowledge has for years been a topic of much interest. Results in this area generally focus on either proving lower bounds in various settings (e.g., Canetti, Kilian, Petrank, and Rosen [3] prove concurrent zeroknowledge (cZK) requires Ω(log n
Results 1  10
of
182