TY - GEN
T1 - Public-coin concurrent zero-knowledge in the global hash model
AU - Canetti, Ran
AU - Lin, Huijia
AU - Paneth, Omer
N1 - Funding Information:
Supported by an ISF grant, NSF grant 1218461, the Check Point Institute for Information Security and the Center for Reliable Information Systems and Cyber- Security.
PY - 2013
Y1 - 2013
N2 - Public-coin zero-knowledge and concurrent zero-knowledge ( cZK ) are two classes of zero knowledge protocols that guarantee some additional desirable properties. Still, to this date no protocol is known that is both public-coin and cZK for a language outside BPP. Furthermore, it is known that no such protocol can be black-box ZK [Pass et.al, Crypto 09]. We present a public-coin concurrent ZK protocol for any NP language. The protocol assumes that all verifiers have access to a globally specified function, drawn from a collision resistant hash function family. (This model, which we call the Global Hash Function, or GHF model, can be seen as a restricted case of the non-programmable reference string model.) We also show that the impossibility of black-box public-coin cZK extends also to the GHF model. Our protocol assumes CRH functions against quasi-polynomial adversaries and takes O(log 1 + ε n) rounds for any ε > 0, where n is the security parameter. Our techniques combine those for (non-public-coin) black-box cZK with Barak's non-black-box technique for public-coin constant-round ZK. As a corollary we obtain the first simultaneously resettable zero-knowledge protocol with O(log1 + ε n) rounds, in the GHF model.
AB - Public-coin zero-knowledge and concurrent zero-knowledge ( cZK ) are two classes of zero knowledge protocols that guarantee some additional desirable properties. Still, to this date no protocol is known that is both public-coin and cZK for a language outside BPP. Furthermore, it is known that no such protocol can be black-box ZK [Pass et.al, Crypto 09]. We present a public-coin concurrent ZK protocol for any NP language. The protocol assumes that all verifiers have access to a globally specified function, drawn from a collision resistant hash function family. (This model, which we call the Global Hash Function, or GHF model, can be seen as a restricted case of the non-programmable reference string model.) We also show that the impossibility of black-box public-coin cZK extends also to the GHF model. Our protocol assumes CRH functions against quasi-polynomial adversaries and takes O(log 1 + ε n) rounds for any ε > 0, where n is the security parameter. Our techniques combine those for (non-public-coin) black-box cZK with Barak's non-black-box technique for public-coin constant-round ZK. As a corollary we obtain the first simultaneously resettable zero-knowledge protocol with O(log1 + ε n) rounds, in the GHF model.
UR - http://www.scopus.com/inward/record.url?scp=84873942901&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-36594-2_5
DO - 10.1007/978-3-642-36594-2_5
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:84873942901
SN - 9783642365935
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 80
EP - 99
BT - Theory of Cryptography - 10th Theory of Cryptography Conference, TCC 2013, Proceedings
T2 - 10th Theory of Cryptography Conference, TCC 2013
Y2 - 3 March 2013 through 6 March 2013
ER -