TY - GEN

T1 - Public-coin concurrent zero-knowledge in the global hash model

AU - Canetti, Ran

AU - Lin, Huijia

AU - Paneth, Omer

N1 - Funding Information:
Supported by an ISF grant, NSF grant 1218461, the Check Point Institute for Information Security and the Center for Reliable Information Systems and Cyber- Security.

PY - 2013

Y1 - 2013

N2 - Public-coin zero-knowledge and concurrent zero-knowledge ( cZK ) are two classes of zero knowledge protocols that guarantee some additional desirable properties. Still, to this date no protocol is known that is both public-coin and cZK for a language outside BPP. Furthermore, it is known that no such protocol can be black-box ZK [Pass et.al, Crypto 09]. We present a public-coin concurrent ZK protocol for any NP language. The protocol assumes that all verifiers have access to a globally specified function, drawn from a collision resistant hash function family. (This model, which we call the Global Hash Function, or GHF model, can be seen as a restricted case of the non-programmable reference string model.) We also show that the impossibility of black-box public-coin cZK extends also to the GHF model. Our protocol assumes CRH functions against quasi-polynomial adversaries and takes O(log 1 + ε n) rounds for any ε > 0, where n is the security parameter. Our techniques combine those for (non-public-coin) black-box cZK with Barak's non-black-box technique for public-coin constant-round ZK. As a corollary we obtain the first simultaneously resettable zero-knowledge protocol with O(log1 + ε n) rounds, in the GHF model.

AB - Public-coin zero-knowledge and concurrent zero-knowledge ( cZK ) are two classes of zero knowledge protocols that guarantee some additional desirable properties. Still, to this date no protocol is known that is both public-coin and cZK for a language outside BPP. Furthermore, it is known that no such protocol can be black-box ZK [Pass et.al, Crypto 09]. We present a public-coin concurrent ZK protocol for any NP language. The protocol assumes that all verifiers have access to a globally specified function, drawn from a collision resistant hash function family. (This model, which we call the Global Hash Function, or GHF model, can be seen as a restricted case of the non-programmable reference string model.) We also show that the impossibility of black-box public-coin cZK extends also to the GHF model. Our protocol assumes CRH functions against quasi-polynomial adversaries and takes O(log 1 + ε n) rounds for any ε > 0, where n is the security parameter. Our techniques combine those for (non-public-coin) black-box cZK with Barak's non-black-box technique for public-coin constant-round ZK. As a corollary we obtain the first simultaneously resettable zero-knowledge protocol with O(log1 + ε n) rounds, in the GHF model.

UR - http://www.scopus.com/inward/record.url?scp=84873942901&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-36594-2_5

DO - 10.1007/978-3-642-36594-2_5

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:84873942901

SN - 9783642365935

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 80

EP - 99

BT - Theory of Cryptography - 10th Theory of Cryptography Conference, TCC 2013, Proceedings

T2 - 10th Theory of Cryptography Conference, TCC 2013

Y2 - 3 March 2013 through 6 March 2013

ER -