Results 1 
5 of
5
Constantround concurrent zero knowledge from falsifiable assumptions
, 2012
"... We present a constantround concurrent zeroknowledge protocol for NP. Our protocol is sound against uniform polynomialtime attackers, and relies on the existence of families of collisionresistant hash functions, and a new (but in our eyes, natural) falsifiable intractability assumption: Roughly s ..."
Abstract

Cited by 16 (4 self)
 Add to MetaCart
We present a constantround concurrent zeroknowledge protocol for NP. Our protocol is sound against uniform polynomialtime attackers, and relies on the existence of families of collisionresistant hash functions, and a new (but in our eyes, natural) falsifiable intractability assumption: Roughly speaking, that Micali’s noninteractive CSproofs are sound for languages in P.
Obfuscationbased Nonblackbox Simulation and Four Message Concurrent Zero Knowledge for NP
, 2013
"... As recent studies show, the notions of program obfuscation and zero knowledge are intimately connected. In this work, we explore this connection further, and prove the following general result. If there exists differing input obfuscation (diO) for the class of all polynomial time Turing machines, th ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
As recent studies show, the notions of program obfuscation and zero knowledge are intimately connected. In this work, we explore this connection further, and prove the following general result. If there exists differing input obfuscation (diO) for the class of all polynomial time Turing machines, then there exists a four message, fully concurrent zeroknowledge proof system for all languages inNP with negligible soundness error. This result is constructive: given diO, our reduction yields an explicit protocol along with an explicit simulator that is “straight line” and runs in strict polynomial time. Our reduction relies on a new nonblackbox simulation technique which does not use the PCP theorem. In addition to assuming diO, our reduction also assumes (standard and polynomial time) cryptographic assumptions such as collisionresistant hash functions. The round complexity of our protocol also sheds new light on the exact round complexity of concurrent zeroknowledge. It shows, for the first time, that in the realm of nonblackbox simulation, concurrent zeroknowledge may not necessarily require more rounds than stand alone zeroknowledge!
ConstantRound Concurrent Zero Knowledge in the Bounded Player Model
"... Abstract. In [18] Goyal et al. introduced the bounded player model for secure computation. In the bounded player model, there are an a priori bounded number of players in the system, however, each player may execute any unbounded (polynomial) number of sessions. They showed that even though the mod ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Abstract. In [18] Goyal et al. introduced the bounded player model for secure computation. In the bounded player model, there are an a priori bounded number of players in the system, however, each player may execute any unbounded (polynomial) number of sessions. They showed that even though the model consists of a relatively mild relaxation of the standard model, it allows for roundefficient concurrent zero knowledge. Their protocol requires a superconstant number of rounds. In this work we show, constructively, that there exists a constantround concurrent zeroknowledge argument in the bounded player model. Our result relies on a new technique where the simulator obtains a trapdoor corresponding to a player identity by putting together information obtained in multiple sessions. Our protocol is only based on the existence of a collisionresistance hashfunction family and comes with a “straightline” simulator. We note that this constitutes the strongest result known on constantround concurrent zero knowledge in the plain model (under well accepted relaxations) and subsumes Barak’s constantround bounded concurrent zeroknowledge result. We view this as a positive step towards getting constant round fully concurrent zeroknowledge in the plain model, without relaxations.
ClientServer Concurrent Zero Knowledge with Constant Rounds and Guaranteed Complexity∗
"... The traditional setting for concurrent zero knowledge considers a server that proves a statement in zeroknowledge to multiple clients in multiple concurrent sessions, where the server’s actions in a session are independent of all other sessions. Persiano and Visconti [ICALP 05] show how keeping a l ..."
Abstract
 Add to MetaCart
The traditional setting for concurrent zero knowledge considers a server that proves a statement in zeroknowledge to multiple clients in multiple concurrent sessions, where the server’s actions in a session are independent of all other sessions. Persiano and Visconti [ICALP 05] show how keeping a limited amount of global state across sessions allows the server to significantly reduce the overall complexity while retaining the ability to interact concurrently with an unbounded number of clients. Specifically, they show a protocol that has only slightly superconstant number of rounds; however the communication complexity in each session of their protocol depends on the number of other sessions and has no apriori bound. This has the drawback that the client has no way to know in advance the amount of resources required for completing a session of the protocol up to the moment where the session is completed. We show a protocol that does not have this drawback. Specifically, in our protocol the client obtains a bound on the communication complexity of each session at the start of the session. Additionally the protocol is constantrounds. Our protocol is fully concurrent, and assumes only collisionresistant hash functions. The proof requires considerably different techniques than those of Persiano and Visconti. Our main technical tool is an adaptation of the “committedsimulator ” technique of Deng et. al [FOCS 09]. 1
PublicCoin Concurrent ZeroKnowledge in Logarithmic Rounds
, 2014
"... We construct O(log 1+ɛ n)round publiccoin concurrent zero knowledge arguments for NP from standard (against any polynomialtime adversary) collisionresistant hash functions for arbitrarily small constant ɛ. Our construction is straightline simulatable. This is the first publiccoin concurrent ..."
Abstract
 Add to MetaCart
We construct O(log 1+ɛ n)round publiccoin concurrent zero knowledge arguments for NP from standard (against any polynomialtime adversary) collisionresistant hash functions for arbitrarily small constant ɛ. Our construction is straightline simulatable. This is the first publiccoin concurrent zero knowledge protocol based on standard/longstudied assumption that (almost) achieves the best known roundcomplexity of its privatecoin counterpart [Prabhakaran et al., FOCS 02]. Previously, such publiccoin constructions require either polynomial number of rounds [Goyal, STOC 13], newlyintroduced assumptions [Chung et al., FOCS 13], or stronger model [Canetti et al., TCC 13]. This result has strong consequences: it yields the first (almost) logarithmic round simultaneously resettable arguments for NP and the first (almost) logarithmic round concurrent multiparty computation in the single input setting. These results significantly improve over the polynomial roundcomplexity of the best known protocols based on standard assumptions in both cases. Our technical contribution is twofold. First, we introduce a simulation strategy called clearance that yields a simulation tree of very special combinatorial structure and enables us to instantiate Barak’s protocol [Barak, FOCS 01] using the recent BenSasson et al.’s quasilinear construction of PCP system [BenSasson et al., STOC 13] to obtain logarithmic roundcomplexity; secondly, we show how to modify Barak’s protocol such that the soundness of overall construction does not rely on the (implicit/explicit) proof of knowledge property of the underlying universal argument/PCP system, which in turn allows us to benefit from progress on short PCP system of more general types without assuming stronger/superpolynomial hardness.