) Mihir Bellare Silvio Micali y Rafail Ostrovsky z MIT Laboratory for Computer Science 545 Technology Square Cambridge, MA 02139 Abstract Statistical zero-knowledge is a very strong privacy constraint which is not dependent on computational limitations. In this paper we show that given a complexity assumption a much weaker condition suffices to attain statistical zero-knowledge. As a result we are able to simplify statistical zero-knowledge and to better characterize, on many counts, the class of languages that possess statistical zero-knowledge proofs. 1 Introduction An interactive proof involves two parties, a prover and a verifier, who talk back and forth. The prover, who is computationally unbounded, tries to convince the probabilistic polynomial time verifier that a given theorem is true. A zero-knowledge proof is an interactive proof with an additional privacy constraint: the verifier does not learn why the theorem is true [11]. That is, whatever the polynomial-time verif...

Suppose that a weak (polynomial time) device needs to interact over a clear channel with a strong (infinitely-powerful) and untrustworthy adversarial device. Assuming the existence of one-way functions, during this interaction (game) the infinitelypowerful device can encrypt and (computationally) hide information from the weak device. However, to keep the game fair, the weak player must hide information from the infinitely-powerful player in the information-theoretic sense. Clearly, encryption in this case is useless, and other means must be used. In this paper, we show that under a general complexity assumption, this task is always possible to achieve. That is, we show that the weak player can play any polynomial length partial-information game (or secure protocol) with the strong player using any one-way function; we achieve this by implementing oblivious transfer protocol in this model. We also establish related impossibility results concerning oblivious transfer. In the proof of ou...

In this paper, we study connections among one-way functions, hard on the average problems, and statistical zero-knowledge proofs. In particular, we show how these three notions are related and how the third notion can be better characterized, assuming the first one.

Often the core difficulty in designing zero-knowledge protocols arises from having to consider every possible cheating verifier trying to extract aAditional information.

Abstract not found

We propose a new cryptographic primitive, called extractable functions. An extractable function guarantees any machine that manages to output a point in the range of this function knows a corresponding preimage. Wecapture knowledgeofpreimage bywayofalgorithmicextraction. Weformulate twomainvariantsofextractability,namelynoninteractiveandinteractive. Thenoninteractive variant can be regarded as a generalization from speci c knowledge assumptions to a notion that is formulated in general computational terms. Indeed, we show how to realize it under several di erent assumptions. On the other hand, interactive extraction can be realized from certain perfectly one-way (POW) functions or veri able secret-sharing (VSS) schemes. Wetheninitiateamoregeneralstudyofextractablefunctionaimedatunderstanding theconceptofextractabilityinofitself. Inparticularwedemonstratethataweaknotion of extraction implies a strong one, and make rigorous the intuition that extraction and obfuscation are complementary notions. We demonstrate the usefulness of the new primitive in two quite di erent settings.