TY - GEN
T1 - Inaccessible entropy
AU - Haitner, Iftach
AU - Vadhan, Salil
AU - Reingold, Omer
AU - Wee, Hoeteck
PY - 2009
Y1 - 2009
N2 - We put forth a new computational notion of entropy, which measures the (in)feasibility of sampling high entropy strings that are consistent with a given protocol. Specifically, we say that the i'th round of a protocol (A,B) has accessible entropy at most k, if no polynomial-time strategy A* can generate messages for A such that the entropy of its message in the i'th round has entropy greater than k when conditioned both on prior messages of the protocol and on prior coin tosses of Az.ast;. We say that the protocol has inaccessible entropy if the total accessible entropy (summed over the rounds) is noticeably smaller than the real entropy of A's messages, conditioned only on prior messages (but not the coin tosses of A). As applications of this notion, we Give a much simpler and more efficient construction of statistically hiding commitment schemes from arbitrary oneway functions. Prove that constant-round statistically hiding commitments are necessary for constructing constant-round zero-knowledge proof systems for NP that remain secure under parallel composition (assuming the existence of one-way functions).
AB - We put forth a new computational notion of entropy, which measures the (in)feasibility of sampling high entropy strings that are consistent with a given protocol. Specifically, we say that the i'th round of a protocol (A,B) has accessible entropy at most k, if no polynomial-time strategy A* can generate messages for A such that the entropy of its message in the i'th round has entropy greater than k when conditioned both on prior messages of the protocol and on prior coin tosses of Az.ast;. We say that the protocol has inaccessible entropy if the total accessible entropy (summed over the rounds) is noticeably smaller than the real entropy of A's messages, conditioned only on prior messages (but not the coin tosses of A). As applications of this notion, we Give a much simpler and more efficient construction of statistically hiding commitment schemes from arbitrary oneway functions. Prove that constant-round statistically hiding commitments are necessary for constructing constant-round zero-knowledge proof systems for NP that remain secure under parallel composition (assuming the existence of one-way functions).
KW - Commitment schemes
KW - Computational complexity
KW - Cryptography
KW - Interactive hashing
KW - One-way functions
KW - Zero knowledge
UR - http://www.scopus.com/inward/record.url?scp=70350668805&partnerID=8YFLogxK
U2 - 10.1145/1536414.1536497
DO - 10.1145/1536414.1536497
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:70350668805
SN - 9781605585062
T3 - Proceedings of the Annual ACM Symposium on Theory of Computing
SP - 611
EP - 620
BT - STOC'09 - Proceedings of the 2009 ACM International Symposium on Theory of Computing
T2 - 41st Annual ACM Symposium on Theory of Computing, STOC '09
Y2 - 31 May 2009 through 2 June 2009
ER -