TY - GEN
T1 - The knowledge tightness of parallel zero-knowledge
AU - Chung, Kai Min
AU - Pass, Rafael
AU - Tseng, Wei Lung Dustin
PY - 2012
Y1 - 2012
N2 - We investigate the concrete security of black-box zero- knowledge protocols when composed in parallel. As our main result, we give essentially tight upper and lower bounds (up to logarithmic factors in the security parameter) on the following measure of security (closely related to knowledge tightness): the number of queries made by black-box simulators when zero-knowledge protocols are composed in parallel. As a function of the number of parallel sessions, k, and the round complexity of the protocol, m, the bound is roughly k 1/m. We also construct a modular procedure to amplify simulator-query lower bounds (as above), to generic lower bounds in the black-box concurrent zero-knowledge setting. As a demonstration of our techniques, we give a self-contained proof of the o(logn /loglogn) lower bound for the round complexity of black-box concurrent zero-knowledge protocols, first shown by Canetti, Kilian, Petrank and Rosen (STOC 2002). Additionally, we give a new lower bound regarding constant-round black-box concurrent zero-knowledge protocols: the running time of the black-box simulator must be at least n Ω(logn).
AB - We investigate the concrete security of black-box zero- knowledge protocols when composed in parallel. As our main result, we give essentially tight upper and lower bounds (up to logarithmic factors in the security parameter) on the following measure of security (closely related to knowledge tightness): the number of queries made by black-box simulators when zero-knowledge protocols are composed in parallel. As a function of the number of parallel sessions, k, and the round complexity of the protocol, m, the bound is roughly k 1/m. We also construct a modular procedure to amplify simulator-query lower bounds (as above), to generic lower bounds in the black-box concurrent zero-knowledge setting. As a demonstration of our techniques, we give a self-contained proof of the o(logn /loglogn) lower bound for the round complexity of black-box concurrent zero-knowledge protocols, first shown by Canetti, Kilian, Petrank and Rosen (STOC 2002). Additionally, we give a new lower bound regarding constant-round black-box concurrent zero-knowledge protocols: the running time of the black-box simulator must be at least n Ω(logn).
KW - Concrete Security
KW - Concurrent Zero-Knowledge Lower Bounds
KW - Knowledge Tightness
KW - Zero-Knowledge
UR - http://www.scopus.com/inward/record.url?scp=84858308525&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-28914-9_29
DO - 10.1007/978-3-642-28914-9_29
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:84858308525
SN - 9783642289132
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 512
EP - 529
BT - Theory of Cryptography - 9th Theory of Cryptography Conference, TCC 2012, Proceedings
T2 - 9th Theory of Cryptography Conference, TCC 2012
Y2 - 19 March 2012 through 21 March 2012
ER -