Abstract

Abstract. A new public-key model for resettable zero-knowledge (rZK) protocols, which is an extension and generalization of the upperbounded public-key (UPK) model introduced by Micali and Reyzin [EuroCrypt’01, pp. 373–393], is introduced and is named weak public-key (WPK) model. The motivations and applications of the WPK model are justified in the distributed smart-card/server setting and it seems more preferable in practice, especially in E-commerce over Internet. In this WPK model a 3-round (optimal) black-box resettable zero-knowledge argument with concurrent soundness for NP is presented assuming the security of RSA with large exponents against subexponential-time adversaries. Our result improves Micali and Reyzin’s result of resettable zero-knowledge argument with concurrent soundness for NP in the UPK model. Note that although Micali and Reyzin ’ protocol satisfies concurrent soundness in the UPK model, but it does not satisfy even sequential soundness in our WPK model. Our protocol works in a somewhat “parallel repetition ” manner to reduce the error probability and the black-box zero-knowledge simulator works in strict polynomial time rather than expected polynomial time. The critical tools used are: verifiable random functions introduced by Micali, Rabin and Vadhan [FOCS’99, pp. 120-130], zap presented by Dwork and Naor [FOCS’00, pp. 283–293] and complexity leveraging introduced by Canetti, Goldreich, Goldwasser and Micali [STOC’00, pp. 235–244]. 1

Citations