Results 1  10
of
15
Finding collisions in interactive protocols – A tight lower bound on the round complexity of statisticallyhiding commitments
 In Proceedings of the 48th Annual IEEE Symposium on Foundations of Computer Science
, 2007
"... We study the round complexity of various cryptographic protocols. Our main result is a tight lower bound on the round complexity of any fullyblackbox construction of a statisticallyhiding commitment scheme from oneway permutations, and even from trapdoor permutations. This lower bound matches th ..."
Abstract

Cited by 33 (11 self)
 Add to MetaCart
We study the round complexity of various cryptographic protocols. Our main result is a tight lower bound on the round complexity of any fullyblackbox construction of a statisticallyhiding commitment scheme from oneway permutations, and even from trapdoor permutations. This lower bound matches the round complexity of the statisticallyhiding commitment scheme due to Naor, Ostrovsky, Venkatesan and Yung (CRYPTO ’92). As a corollary, we derive similar tight lower bounds for several other cryptographic protocols, such as singleserver private information retrieval, interactive hashing, and oblivious transfer that guarantees statistical security for one of the parties. Our techniques extend the collisionfinding oracle due to Simon (EUROCRYPT ’98) to the setting of interactive protocols (our extension also implies an alternative proof for the main property of the original oracle). In addition, we substantially extend the reconstruction paradigm of Gennaro and Trevisan (FOCS ‘00). In both cases, our extensions are quite delicate and may be found useful in proving additional blackbox separation results.
Statisticallyhiding commitment from any oneway function
 In 39th STOC
, 2007
"... We give a construction of statisticallyhiding commitment schemes (ones where the hiding property holds information theoretically), based on the minimal cryptographic assumption that oneway functions exist. Our construction employs twophase commitment schemes, recently constructed by Nguyen, Ong a ..."
Abstract

Cited by 25 (7 self)
 Add to MetaCart
We give a construction of statisticallyhiding commitment schemes (ones where the hiding property holds information theoretically), based on the minimal cryptographic assumption that oneway functions exist. Our construction employs twophase commitment schemes, recently constructed by Nguyen, Ong and Vadhan (FOCS ‘06), and universal oneway hash functions introduced and constructed by Naor and Yung (STOC ‘89) and Rompel (STOC ‘90).
Statistical ZeroKnowledge Arguments for NP from Any OneWay
 ELECTRONIC COLLOQUIUM ON COMPUTATIONAL COMPLEXITY
, 2006
"... We show that every language in NP has a statistical zeroknowledge argument system under the (minimal) complexity assumption that oneway functions exist. In such protocols, even a computationally unbounded verifier cannot learn anything other than the fact that the assertion being proven is true, w ..."
Abstract

Cited by 20 (2 self)
 Add to MetaCart
We show that every language in NP has a statistical zeroknowledge argument system under the (minimal) complexity assumption that oneway functions exist. In such protocols, even a computationally unbounded verifier cannot learn anything other than the fact that the assertion being proven is true, whereas a polynomialtime prover cannot convince the verifier to accept a false assertion except with negligible probability. This resolves an open question posed by Naor, Ostrovsky, Venkatesan, and Yung (CRYPTO ‘92, J. Cryptology ‘98). Departing from previous works on this problem, we do not construct standard statistically hiding commitments from any oneway function. Instead, we construct a relaxed variant of commitment schemes called “1outof2binding commitments,” recently introduced by Nguyen and Vadhan (STOC ‘06).
A new interactive hashing theorem
 In Proceedings of the 22nd Annual IEEE Conference on Computational Complexity
, 2007
"... Interactive hashing, introduced by Naor, Ostrovsky, Venkatesan and Yung (CRYPTO ’92), plays an important role in many cryptographic protocols. In particular, it is a major component in all known constructions of statistically hiding and computationally binding commitment schemes and of zeroknowledg ..."
Abstract

Cited by 12 (5 self)
 Add to MetaCart
Interactive hashing, introduced by Naor, Ostrovsky, Venkatesan and Yung (CRYPTO ’92), plays an important role in many cryptographic protocols. In particular, it is a major component in all known constructions of statistically hiding and computationally binding commitment schemes and of zeroknowledge arguments based on general oneway permutations and on oneway functions. Interactive hashing with respect to a oneway permutation f, is a twoparty protocol that enables a sender that knows y = f(x) to transfer a random hash z = h(y) to a receiver. The receiver is guaranteed that the sender is committed to y (in the sense that it cannot come up with x and x ′ such that f(x) � = f(x ′), but h(f(x)) = h(f(x ′)) = z). The sender is guaranteed that the receiver does not learn any additional information on y. In particular, when h is a twotoone hash function, the receiver does not learn which of the two preimages {y, y ′ } = h −1 (z) is the one the sender can invert with respect to f. This paper reexamines the notion of interactive hashing. We give an alternative proof for the Naor et al. protocol, which seems to us significantly simpler and more intuitive than the original one. Moreover, the new proof achieves much better parameters (in terms of how security
Inaccessible Entropy
"... We put forth a new computational notion of entropy, which measures the (in)feasibility of sampling high entropy strings that are consistent with a given protocol. Specifically, we say that the i’th round of a protocol (A, B) has accessible entropy at most k, if no polynomialtime strategy A ∗ can ge ..."
Abstract

Cited by 10 (5 self)
 Add to MetaCart
We put forth a new computational notion of entropy, which measures the (in)feasibility of sampling high entropy strings that are consistent with a given protocol. Specifically, we say that the i’th round of a protocol (A, B) has accessible entropy at most k, if no polynomialtime strategy A ∗ can generate messages for A such that the entropy of its message in the i’th round has entropy greater than k when conditioned both on prior messages of the protocol and on prior coin tosses of A ∗. We say that the protocol has inaccessible entropy if the total accessible entropy (summed over the rounds) is noticeably smaller than the real entropy of A’s messages, conditioned only on prior messages (but not the coin tosses of A). As applications of this notion, we • Give a much simpler and more efficient construction of statistically hiding commitment schemes from arbitrary oneway functions. • Prove that constantround statistically hiding commitments are necessary for constructing constantround zeroknowledge proof systems for NP that remain secure under parallel composition (assuming the existence of oneway functions). Categories and Subject Descriptors: F.0 [Theory of Computation]: General.
Statistically Hiding Commitments and Statistical ZeroKnowledge Arguments from Any OneWay Function
, 2007
"... We give a construction of statistically hiding commitment schemes (ones where the hiding property holds against even computationally unbounded adversaries) under the minimal complexity assumption that oneway functions exist. Consequently, oneway functions suffice to give statistical zeroknowledge ..."
Abstract

Cited by 7 (4 self)
 Add to MetaCart
We give a construction of statistically hiding commitment schemes (ones where the hiding property holds against even computationally unbounded adversaries) under the minimal complexity assumption that oneway functions exist. Consequently, oneway functions suffice to give statistical zeroknowledge arguments for any NP statement (whereby even a computationally unbounded adversarial verifier learns nothing other than the fact the assertion being proven is true, and a polynomialtime adversarial prover cannot convince the verifier of a false statement). These results resolve an open question posed by Naor, Ostrovsky, Venkatesan, and Yung (CRYPTO ‘92, J. Cryptology ‘98).
Concurrent NonMalleable Zero Knowledge
, 2006
"... We provide the first construction of a concurrent and nonmalleable zero knowledge argument for every language in NP. We stress that our construction is in the plain model with no common random string, trusted parties, or superpolynomial simulation. That is, we construct a zero knowledge protocol ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
We provide the first construction of a concurrent and nonmalleable zero knowledge argument for every language in NP. We stress that our construction is in the plain model with no common random string, trusted parties, or superpolynomial simulation. That is, we construct a zero knowledge protocol # such that for every polynomialtime adversary that can adaptively and concurrently schedule polynomially many executions of #, and corrupt some of the verifiers and some of the provers in these sessions, there is a polynomialtime simulator that can simulate a transcript of the entire execution, along with the witnesses for all statements proven by a corrupt prover to an honest verifier.
Concurrent/Resettable ZeroKnowledge with Concurrent Soundness in the Bare PublicKey Model and Its Applications
, 2003
"... In this paper, we present both practical and general 4round concurrent and resettable zeroknowledge arguments with concurrent soundness in the bare publickey (BPK) model. To our knowledge, our result is the first work that achieves concurrent soundness for ZK protocols in the BPK model and stan ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
In this paper, we present both practical and general 4round concurrent and resettable zeroknowledge arguments with concurrent soundness in the bare publickey (BPK) model. To our knowledge, our result is the first work that achieves concurrent soundness for ZK protocols in the BPK model and stands for the current stateoftheart of concurrent zeroknowledge with setup assumptions.
Concurrent Statistical ZeroKnowledge Arguments for NP from One Way Functions
"... In this paper we show a general transformation from any honest verifier statistical zeroknowledge argument to a concurrent statistical zeroknowledge argument. Our transformation relies only on the existence of oneway functions. It is known that the existence of zeroknowledge systems for any non ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
In this paper we show a general transformation from any honest verifier statistical zeroknowledge argument to a concurrent statistical zeroknowledge argument. Our transformation relies only on the existence of oneway functions. It is known that the existence of zeroknowledge systems for any nontrivial language implies one way functions. Hence our transformation unconditionally shows that concurrent statistical zeroknowledge arguments for a nontrivial language exist if and only if standalone secure statistical zeroknowledge arguments for that language exist. Further, applying our transformation to the recent statistical zeroknowledge argument system of Nguyen et al (STOC’06) yields the first concurrent statistical zeroknowledge argument system for all languages in NP from any one way function. 1
Perfectly Hiding Commitment Scheme with TwoRound from Any OneWay Permutation
, 2008
"... Commitment schemes are arguably among the most important and useful primitives in cryptography. According to the computational power of receivers, commitments can be classified into three possible types: computational hiding commitments, statistically hiding commitments and perfect computational com ..."
Abstract
 Add to MetaCart
Commitment schemes are arguably among the most important and useful primitives in cryptography. According to the computational power of receivers, commitments can be classified into three possible types: computational hiding commitments, statistically hiding commitments and perfect computational commitments. The fist commitment with constant rounds had been constructed from any oneway functions in last centuries, and the second with nonconstant rounds were constructed from any oneway functions in FOCS2006, STOC2006 and STOC2007 respectively, furthermore, the lower bound of round complexity of statistically hiding commitments has been proven to be n/log n rounds under the existence of oneway function. Perfectly hiding commitments implies statistically hiding, hence, it is also infeasible to construct a practically perfectly hiding commitments with constant rounds under the existence of oneway function. In order to construct a perfectly hiding commitments with constant rounds, we have to relax the assumption that oneway functions exist. In this paper, we will construct a practically perfectly hiding commitment with tworound from any oneway permutation. To the best of our knowledge, these are the best results so far.