Results 1  10
of
25
Finding collisions in interactive protocols – A tight lower bound on the round complexity of statisticallyhiding commitments
 In Proceedings of the 48th Annual IEEE Symposium on Foundations of Computer Science
, 2007
"... We study the round complexity of various cryptographic protocols. Our main result is a tight lower bound on the round complexity of any fullyblackbox construction of a statisticallyhiding commitment scheme from oneway permutations, and even from trapdoor permutations. This lower bound matches th ..."
Abstract

Cited by 33 (11 self)
 Add to MetaCart
We study the round complexity of various cryptographic protocols. Our main result is a tight lower bound on the round complexity of any fullyblackbox construction of a statisticallyhiding commitment scheme from oneway permutations, and even from trapdoor permutations. This lower bound matches the round complexity of the statisticallyhiding commitment scheme due to Naor, Ostrovsky, Venkatesan and Yung (CRYPTO ’92). As a corollary, we derive similar tight lower bounds for several other cryptographic protocols, such as singleserver private information retrieval, interactive hashing, and oblivious transfer that guarantees statistical security for one of the parties. Our techniques extend the collisionfinding oracle due to Simon (EUROCRYPT ’98) to the setting of interactive protocols (our extension also implies an alternative proof for the main property of the original oracle). In addition, we substantially extend the reconstruction paradigm of Gennaro and Trevisan (FOCS ‘00). In both cases, our extensions are quite delicate and may be found useful in proving additional blackbox separation results.
Statisticallyhiding commitment from any oneway function
 In 39th STOC
, 2007
"... We give a construction of statisticallyhiding commitment schemes (ones where the hiding property holds information theoretically), based on the minimal cryptographic assumption that oneway functions exist. Our construction employs twophase commitment schemes, recently constructed by Nguyen, Ong a ..."
Abstract

Cited by 26 (7 self)
 Add to MetaCart
We give a construction of statisticallyhiding commitment schemes (ones where the hiding property holds information theoretically), based on the minimal cryptographic assumption that oneway functions exist. Our construction employs twophase commitment schemes, recently constructed by Nguyen, Ong and Vadhan (FOCS ‘06), and universal oneway hash functions introduced and constructed by Naor and Yung (STOC ‘89) and Rompel (STOC ‘90).
Statistical ZeroKnowledge Arguments for NP from Any OneWay
 ELECTRONIC COLLOQUIUM ON COMPUTATIONAL COMPLEXITY
, 2006
"... We show that every language in NP has a statistical zeroknowledge argument system under the (minimal) complexity assumption that oneway functions exist. In such protocols, even a computationally unbounded verifier cannot learn anything other than the fact that the assertion being proven is true, w ..."
Abstract

Cited by 20 (2 self)
 Add to MetaCart
We show that every language in NP has a statistical zeroknowledge argument system under the (minimal) complexity assumption that oneway functions exist. In such protocols, even a computationally unbounded verifier cannot learn anything other than the fact that the assertion being proven is true, whereas a polynomialtime prover cannot convince the verifier to accept a false assertion except with negligible probability. This resolves an open question posed by Naor, Ostrovsky, Venkatesan, and Yung (CRYPTO ‘92, J. Cryptology ‘98). Departing from previous works on this problem, we do not construct standard statistically hiding commitments from any oneway function. Instead, we construct a relaxed variant of commitment schemes called “1outof2binding commitments,” recently introduced by Nguyen and Vadhan (STOC ‘06).
A new interactive hashing theorem
 In Proceedings of the 22nd Annual IEEE Conference on Computational Complexity
, 2007
"... Interactive hashing, introduced by Naor, Ostrovsky, Venkatesan and Yung (CRYPTO ’92), plays an important role in many cryptographic protocols. In particular, it is a major component in all known constructions of statistically hiding and computationally binding commitment schemes and of zeroknowledg ..."
Abstract

Cited by 12 (5 self)
 Add to MetaCart
Interactive hashing, introduced by Naor, Ostrovsky, Venkatesan and Yung (CRYPTO ’92), plays an important role in many cryptographic protocols. In particular, it is a major component in all known constructions of statistically hiding and computationally binding commitment schemes and of zeroknowledge arguments based on general oneway permutations and on oneway functions. Interactive hashing with respect to a oneway permutation f, is a twoparty protocol that enables a sender that knows y = f(x) to transfer a random hash z = h(y) to a receiver. The receiver is guaranteed that the sender is committed to y (in the sense that it cannot come up with x and x ′ such that f(x) � = f(x ′), but h(f(x)) = h(f(x ′)) = z). The sender is guaranteed that the receiver does not learn any additional information on y. In particular, when h is a twotoone hash function, the receiver does not learn which of the two preimages {y, y ′ } = h −1 (z) is the one the sender can invert with respect to f. This paper reexamines the notion of interactive hashing. We give an alternative proof for the Naor et al. protocol, which seems to us significantly simpler and more intuitive than the original one. Moreover, the new proof achieves much better parameters (in terms of how security
Inaccessible Entropy
"... We put forth a new computational notion of entropy, which measures the (in)feasibility of sampling high entropy strings that are consistent with a given protocol. Specifically, we say that the i’th round of a protocol (A, B) has accessible entropy at most k, if no polynomialtime strategy A ∗ can ge ..."
Abstract

Cited by 10 (5 self)
 Add to MetaCart
We put forth a new computational notion of entropy, which measures the (in)feasibility of sampling high entropy strings that are consistent with a given protocol. Specifically, we say that the i’th round of a protocol (A, B) has accessible entropy at most k, if no polynomialtime strategy A ∗ can generate messages for A such that the entropy of its message in the i’th round has entropy greater than k when conditioned both on prior messages of the protocol and on prior coin tosses of A ∗. We say that the protocol has inaccessible entropy if the total accessible entropy (summed over the rounds) is noticeably smaller than the real entropy of A’s messages, conditioned only on prior messages (but not the coin tosses of A). As applications of this notion, we • Give a much simpler and more efficient construction of statistically hiding commitment schemes from arbitrary oneway functions. • Prove that constantround statistically hiding commitments are necessary for constructing constantround zeroknowledge proof systems for NP that remain secure under parallel composition (assuming the existence of oneway functions). Categories and Subject Descriptors: F.0 [Theory of Computation]: General.
Statistically Hiding Commitments and Statistical ZeroKnowledge Arguments from Any OneWay Function
, 2007
"... We give a construction of statistically hiding commitment schemes (ones where the hiding property holds against even computationally unbounded adversaries) under the minimal complexity assumption that oneway functions exist. Consequently, oneway functions suffice to give statistical zeroknowledge ..."
Abstract

Cited by 7 (4 self)
 Add to MetaCart
We give a construction of statistically hiding commitment schemes (ones where the hiding property holds against even computationally unbounded adversaries) under the minimal complexity assumption that oneway functions exist. Consequently, oneway functions suffice to give statistical zeroknowledge arguments for any NP statement (whereby even a computationally unbounded adversarial verifier learns nothing other than the fact the assertion being proven is true, and a polynomialtime adversarial prover cannot convince the verifier of a false statement). These results resolve an open question posed by Naor, Ostrovsky, Venkatesan, and Yung (CRYPTO ‘92, J. Cryptology ‘98).
A.: Concurrent nonmalleable zero knowledge
 In: 47th Annual Symposium on Foundations of Computer Science, IEEE Computer
, 2006
"... ..."
Concurrent/Resettable ZeroKnowledge with Concurrent Soundness in the Bare PublicKey Model and Its Applications
, 2003
"... In this paper, we present both practical and general 4round concurrent and resettable zeroknowledge arguments with concurrent soundness in the bare publickey (BPK) model. To our knowledge, our result is the first work that achieves concurrent soundness for ZK protocols in the BPK model and stan ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
In this paper, we present both practical and general 4round concurrent and resettable zeroknowledge arguments with concurrent soundness in the bare publickey (BPK) model. To our knowledge, our result is the first work that achieves concurrent soundness for ZK protocols in the BPK model and stands for the current stateoftheart of concurrent zeroknowledge with setup assumptions.
Computational Verifiable Secret Sharing Revisited
 In Advances in Cryptology—ASIACRYPT
, 2011
"... Verifiable secret sharing (VSS) is an important primitive in distributed cryptography that allows a dealer to share a secret among n parties in the presence of an adversary controlling at most t of them. In the computational setting, the feasibility of VSS schemes based on commitments was establishe ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Verifiable secret sharing (VSS) is an important primitive in distributed cryptography that allows a dealer to share a secret among n parties in the presence of an adversary controlling at most t of them. In the computational setting, the feasibility of VSS schemes based on commitments was established over two decades ago. Interestingly, all known computational VSS schemes rely on the homomorphic nature of these commitments or achieve weaker guarantees. As homomorphism is not inherent to commitments or to the computational setting in general, a closer look at its utility to VSS is called for. In this paper, we demonstrate that homomorphism of commitments is not a necessity for computational VSS in the synchronous or in the asynchronous communication setting. We present new VSS schemes based only on the definitional properties of commitments that are almost as good as existing VSS schemes based homomorphic commitments. Furthermore, they have significantly lower communication complexities than their (statistical or perfect) unconditional counterparts. Considering the feasibility of commitments from any clawfree permutation, oneway function or collisionresistant hash function, our schemes can be an excellent alternative to unconditional VSS in the future.
Concurrent Statistical ZeroKnowledge Arguments for NP from One Way Functions
"... In this paper we show a general transformation from any honest verifier statistical zeroknowledge argument to a concurrent statistical zeroknowledge argument. Our transformation relies only on the existence of oneway functions. It is known that the existence of zeroknowledge systems for any non ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
In this paper we show a general transformation from any honest verifier statistical zeroknowledge argument to a concurrent statistical zeroknowledge argument. Our transformation relies only on the existence of oneway functions. It is known that the existence of zeroknowledge systems for any nontrivial language implies one way functions. Hence our transformation unconditionally shows that concurrent statistical zeroknowledge arguments for a nontrivial language exist if and only if standalone secure statistical zeroknowledge arguments for that language exist. Further, applying our transformation to the recent statistical zeroknowledge argument system of Nguyen et al (STOC’06) yields the first concurrent statistical zeroknowledge argument system for all languages in NP from any one way function. 1