We show how a pseudo-random generator can provide a bit commitment protocol. We also analyze the number of bits communicated when parties commit to many bits simultaneously, and show that the assumption of the existence of pseudo-random generators suffices to assure amortized O(1) bits of communication per bit commitment.

"Zero-knowledge arguments" is a fundamental cryptographic primitive which allows one polynomial-time player to convince another polynomial-time player of the validity of an NP statement, without revealing any additional information in the information-theoretic sense. Despite their practical and theoretical importance, it was only known how to implement zero-knowledge arguments based on specific algebraic assumptions; basing them on a general complexity assumption was open since their introduction in 1986 [BCC, BC, CH]. In this paper, we finally show a general construction, which can be based on any one-way permutation. We stress that our scheme is efficient: both players can execute only polynomial-time programs during the protocol. Moreover, the security achieved is on-line: in order to cheat and validate a false theorem, the prover must break a cryptographic assumption on-line during the conversation, while the verifier can not find (ever!) any information unconditionally (in the i...

Abstract. Sander, Young and Yung recently exhibited a protocol for computing on encrypted inputs, for functions computable in NC 1. In their variant of secure function evaluation, Bob (the “CryptoComputer”) accepts homomorphically-encrypted inputs (x) from client Alice, and then returns a string from which Alice can extract f(x, y) (where y is Bob’s input, or e.g. the function f itself). Alice must not learn more about y than what f(x, y) reveals by itself. We extend their result to encompass NLOGSPACE (nondeterministic log-space functions). In the domain of multiparty computations, constant-round protocols have been known for years [BB89,FKN95]. This paper introduces novel parallelization techniques that, coupled with the [SYY99] methods, reduce the constant to 1 with preprocessing. This resolves the conjecture that NLOGSPACE subcomputations (including log-slices of circuit computation) can be evaluated with latency 1 (as opposed to just O(1)). 1

Abstract. We define and construct simulatable commitments. These are commitment schemes such that there is an efficient interactive proof system to show that a given string c is a legitimate commitment on a given value v, and furthermore, this proof is efficiently simulatable given any proper pair (c, v). Our construction is provably secure based on the Decisional Diffie-Hellman (DDH) assumption. Using simulatable commitments, we show how to efficiently transform any public coin honest verifier zero knowledge proof system into a proof system that is concurrent zero-knowledge with respect to any (possibly cheating) verifier via black box simulation. By efficient we mean that our transformation incurs only an additive overhead (both in terms of the number of rounds and the computational and communication complexity of each round), and the additive term is close to optimal (for black box simulation): only ω(log n) additional rounds, and ω(log n) additional public key operations for each round of the original protocol, where n is a security parameter, and ω(log n) can be any superlogarithmic function of n independent of the complexity of the original protocol. The transformation preserves (up to negligible additive terms) the soundness and completeness error probabilities, and the new proof system is proved secure based on the DDH assumption, in the standard model of computation, i.e., no random oracles, shared random strings, or public key infrastructure is assumed. 1

We show how to efficiently transform any public coin honest verifier zero knowledge proof system into a proof system that is concurrent zero-knowledge with respect to any (possibly cheating) verifier via black box simulation. By efficient we mean that our transformation incurs only an additive overhead, both in terms of the number of rounds and the computational and communication complexity of each round, independently of the complexity of the original protocol. Moreover, the transformation preserves (up to negligible additive terms) the soundness and completeness error probabilities. The new proof system is proved secure based on the Decisional Die-Hellman (DDH) assumption, in the standard model of computation, i.e., no random oracles, shared random strings, or public key infrastructure is assumed. In addition to the introduction of a practical protocol, this construction provides yet another example of ideas in plausibility results that turn into ideas in the construction of practical protocols.