Inaccessible entropy

Iftach Haitner; Salil Vadhan; Omer Reingold; Hoeteck Wee

doi:10.1145/1536414.1536497

Inaccessible entropy

Iftach Haitner, Salil Vadhan, Omer Reingold, Hoeteck Wee

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

We put forth a new computational notion of entropy, which measures the (in)feasibility of sampling high entropy strings that are consistent with a given protocol. Specifically, we say that the i'th round of a protocol (A,B) has accessible entropy at most k, if no polynomial-time strategy A* can generate messages for A such that the entropy of its message in the i'th round has entropy greater than k when conditioned both on prior messages of the protocol and on prior coin tosses of Az.ast;. We say that the protocol has inaccessible entropy if the total accessible entropy (summed over the rounds) is noticeably smaller than the real entropy of A's messages, conditioned only on prior messages (but not the coin tosses of A). As applications of this notion, we Give a much simpler and more efficient construction of statistically hiding commitment schemes from arbitrary oneway functions. Prove that constant-round statistically hiding commitments are necessary for constructing constant-round zero-knowledge proof systems for NP that remain secure under parallel composition (assuming the existence of one-way functions).

Original language	English
Title of host publication	STOC'09 - Proceedings of the 2009 ACM International Symposium on Theory of Computing
Pages	611-620
Number of pages	10
DOIs	https://doi.org/10.1145/1536414.1536497
State	Published - 2009
Externally published	Yes
Event	41st Annual ACM Symposium on Theory of Computing, STOC '09 - Bethesda, MD, United States Duration: 31 May 2009 → 2 Jun 2009

Publication series

Name	Proceedings of the Annual ACM Symposium on Theory of Computing
ISSN (Print)	0737-8017

Conference

Conference	41st Annual ACM Symposium on Theory of Computing, STOC '09
Country/Territory	United States
City	Bethesda, MD
Period	31/05/09 → 2/06/09

Keywords

Commitment schemes
Computational complexity
Cryptography
Interactive hashing
One-way functions
Zero knowledge

Access to Document

10.1145/1536414.1536497

Cite this

@inproceedings{8167cfa6cfe947908cfdf0aa32d73533,

title = "Inaccessible entropy",

abstract = "We put forth a new computational notion of entropy, which measures the (in)feasibility of sampling high entropy strings that are consistent with a given protocol. Specifically, we say that the i'th round of a protocol (A,B) has accessible entropy at most k, if no polynomial-time strategy A* can generate messages for A such that the entropy of its message in the i'th round has entropy greater than k when conditioned both on prior messages of the protocol and on prior coin tosses of Az.ast;. We say that the protocol has inaccessible entropy if the total accessible entropy (summed over the rounds) is noticeably smaller than the real entropy of A's messages, conditioned only on prior messages (but not the coin tosses of A). As applications of this notion, we Give a much simpler and more efficient construction of statistically hiding commitment schemes from arbitrary oneway functions. Prove that constant-round statistically hiding commitments are necessary for constructing constant-round zero-knowledge proof systems for NP that remain secure under parallel composition (assuming the existence of one-way functions).",

keywords = "Commitment schemes, Computational complexity, Cryptography, Interactive hashing, One-way functions, Zero knowledge",

author = "Iftach Haitner and Salil Vadhan and Omer Reingold and Hoeteck Wee",

year = "2009",

doi = "10.1145/1536414.1536497",

language = "אנגלית",

isbn = "9781605585062",

series = "Proceedings of the Annual ACM Symposium on Theory of Computing",

pages = "611--620",

booktitle = "STOC'09 - Proceedings of the 2009 ACM International Symposium on Theory of Computing",

note = "null ; Conference date: 31-05-2009 Through 02-06-2009",

}

Haitner, I, Vadhan, S, Reingold, O & Wee, H 2009, Inaccessible entropy. in STOC'09 - Proceedings of the 2009 ACM International Symposium on Theory of Computing. Proceedings of the Annual ACM Symposium on Theory of Computing, pp. 611-620, 41st Annual ACM Symposium on Theory of Computing, STOC '09, Bethesda, MD, United States, 31/05/09. https://doi.org/10.1145/1536414.1536497

TY - GEN

T1 - Inaccessible entropy

AU - Haitner, Iftach

AU - Vadhan, Salil

AU - Reingold, Omer

AU - Wee, Hoeteck

PY - 2009

Y1 - 2009

N2 - We put forth a new computational notion of entropy, which measures the (in)feasibility of sampling high entropy strings that are consistent with a given protocol. Specifically, we say that the i'th round of a protocol (A,B) has accessible entropy at most k, if no polynomial-time strategy A* can generate messages for A such that the entropy of its message in the i'th round has entropy greater than k when conditioned both on prior messages of the protocol and on prior coin tosses of Az.ast;. We say that the protocol has inaccessible entropy if the total accessible entropy (summed over the rounds) is noticeably smaller than the real entropy of A's messages, conditioned only on prior messages (but not the coin tosses of A). As applications of this notion, we Give a much simpler and more efficient construction of statistically hiding commitment schemes from arbitrary oneway functions. Prove that constant-round statistically hiding commitments are necessary for constructing constant-round zero-knowledge proof systems for NP that remain secure under parallel composition (assuming the existence of one-way functions).

AB - We put forth a new computational notion of entropy, which measures the (in)feasibility of sampling high entropy strings that are consistent with a given protocol. Specifically, we say that the i'th round of a protocol (A,B) has accessible entropy at most k, if no polynomial-time strategy A* can generate messages for A such that the entropy of its message in the i'th round has entropy greater than k when conditioned both on prior messages of the protocol and on prior coin tosses of Az.ast;. We say that the protocol has inaccessible entropy if the total accessible entropy (summed over the rounds) is noticeably smaller than the real entropy of A's messages, conditioned only on prior messages (but not the coin tosses of A). As applications of this notion, we Give a much simpler and more efficient construction of statistically hiding commitment schemes from arbitrary oneway functions. Prove that constant-round statistically hiding commitments are necessary for constructing constant-round zero-knowledge proof systems for NP that remain secure under parallel composition (assuming the existence of one-way functions).

KW - Commitment schemes

KW - Computational complexity

KW - Cryptography

KW - Interactive hashing

KW - One-way functions

KW - Zero knowledge

UR - http://www.scopus.com/inward/record.url?scp=70350668805&partnerID=8YFLogxK

U2 - 10.1145/1536414.1536497

DO - 10.1145/1536414.1536497

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:70350668805

SN - 9781605585062

T3 - Proceedings of the Annual ACM Symposium on Theory of Computing

SP - 611

EP - 620

BT - STOC'09 - Proceedings of the 2009 ACM International Symposium on Theory of Computing

Y2 - 31 May 2009 through 2 June 2009

ER -

Inaccessible entropy

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this