## Abstract

We introduce the notion of Resettable Zero-Knowledge (rZK), a new security measure for cryptographic protocols which strengthens the classical notion of zero-knowledge. In essence, an rZK protocol is one that remains zero knowledge even if an adversary can interact with the prover many times, each time resetting the prover to its initial state and forcing it to use the same random tape. All known examples of zero-knowledge proofs and arguments are trivially breakable in this setting. Moreover, by definition, all zero-knowledge proofs of knowledge are breakable in this setting. Under general complexity assumptions, which hold for example if the Discrete Logarithm Problem is hard, we construct: • Resettable Zero-Knowledge proof-systems for NP with non-constant number of rounds. • Five-round Resettable Witness-Indistinguishable proofsystems for NP. • Four-round Resettabie Zero-Knowledge arguments for NP in the public key model: where verifiers have fixed, public keys associated with them. In addition to shedding new light on what makes zero knowledge possible (by constructing ZK protocols that use randomness in a dramatically weaker way than before), rZK has great relevance to applications. Firstly, rZK protocols are closed under parallel and concurrent execution and thus are guaranteed to be secure when implemented in fully asynchronous networks, even if an adversary schedules the arrival of every message sent so as to foil security. Secondly, rZK protocols enlarge the range of physical ways in which provers of ZK protocols can be securely implemented, including devices which cannot reliably toss coins on line, nor keep state between invocations. (For instance, because ordinary smart cards with secure hardware are resettable, they could not be used to implement securely the provers of classical ZK protocols, but can now be used to implement securely the provers of rZK protocols.).

Original language | English |
---|---|

Title of host publication | Proceedings of the 32nd Annual ACM Symposium on Theory of Computing, STOC 2000 |

Pages | 235-244 |

Number of pages | 10 |

DOIs | |

State | Published - 2000 |

Externally published | Yes |

Event | 32nd Annual ACM Symposium on Theory of Computing, STOC 2000 - Portland, OR, United States Duration: 21 May 2000 → 23 May 2000 |

### Publication series

Name | Proceedings of the Annual ACM Symposium on Theory of Computing |
---|---|

ISSN (Print) | 0737-8017 |

### Conference

Conference | 32nd Annual ACM Symposium on Theory of Computing, STOC 2000 |
---|---|

Country/Territory | United States |

City | Portland, OR |

Period | 21/05/00 → 23/05/00 |

## Keywords

- concurrent zero-knowledge
- identification schemes
- public-key cryptography
- smart cards
- witness-indistinguisable proofs
- zero-knowledge