Inaccessible entropy

Iftach Haitner*, Salil Vadhan, Omer Reingold, Hoeteck Wee

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


We put forth a new computational notion of entropy, which measures the (in)feasibility of sampling high entropy strings that are consistent with a given protocol. Specifically, we say that the i'th round of a protocol (A,B) has accessible entropy at most k, if no polynomial-time strategy A* can generate messages for A such that the entropy of its message in the i'th round has entropy greater than k when conditioned both on prior messages of the protocol and on prior coin tosses of Az.ast;. We say that the protocol has inaccessible entropy if the total accessible entropy (summed over the rounds) is noticeably smaller than the real entropy of A's messages, conditioned only on prior messages (but not the coin tosses of A). As applications of this notion, we Give a much simpler and more efficient construction of statistically hiding commitment schemes from arbitrary oneway functions. Prove that constant-round statistically hiding commitments are necessary for constructing constant-round zero-knowledge proof systems for NP that remain secure under parallel composition (assuming the existence of one-way functions).

Original languageEnglish
Title of host publicationSTOC'09 - Proceedings of the 2009 ACM International Symposium on Theory of Computing
Number of pages10
StatePublished - 2009
Externally publishedYes
Event41st Annual ACM Symposium on Theory of Computing, STOC '09 - Bethesda, MD, United States
Duration: 31 May 20092 Jun 2009

Publication series

NameProceedings of the Annual ACM Symposium on Theory of Computing
ISSN (Print)0737-8017


Conference41st Annual ACM Symposium on Theory of Computing, STOC '09
Country/TerritoryUnited States
CityBethesda, MD


  • Commitment schemes
  • Computational complexity
  • Cryptography
  • Interactive hashing
  • One-way functions
  • Zero knowledge


Dive into the research topics of 'Inaccessible entropy'. Together they form a unique fingerprint.

Cite this