TY - GEN

T1 - The knowledge tightness of parallel zero-knowledge

AU - Chung, Kai Min

AU - Pass, Rafael

AU - Tseng, Wei Lung Dustin

PY - 2012

Y1 - 2012

N2 - We investigate the concrete security of black-box zero- knowledge protocols when composed in parallel. As our main result, we give essentially tight upper and lower bounds (up to logarithmic factors in the security parameter) on the following measure of security (closely related to knowledge tightness): the number of queries made by black-box simulators when zero-knowledge protocols are composed in parallel. As a function of the number of parallel sessions, k, and the round complexity of the protocol, m, the bound is roughly k 1/m. We also construct a modular procedure to amplify simulator-query lower bounds (as above), to generic lower bounds in the black-box concurrent zero-knowledge setting. As a demonstration of our techniques, we give a self-contained proof of the o(logn /loglogn) lower bound for the round complexity of black-box concurrent zero-knowledge protocols, first shown by Canetti, Kilian, Petrank and Rosen (STOC 2002). Additionally, we give a new lower bound regarding constant-round black-box concurrent zero-knowledge protocols: the running time of the black-box simulator must be at least n Ω(logn).

AB - We investigate the concrete security of black-box zero- knowledge protocols when composed in parallel. As our main result, we give essentially tight upper and lower bounds (up to logarithmic factors in the security parameter) on the following measure of security (closely related to knowledge tightness): the number of queries made by black-box simulators when zero-knowledge protocols are composed in parallel. As a function of the number of parallel sessions, k, and the round complexity of the protocol, m, the bound is roughly k 1/m. We also construct a modular procedure to amplify simulator-query lower bounds (as above), to generic lower bounds in the black-box concurrent zero-knowledge setting. As a demonstration of our techniques, we give a self-contained proof of the o(logn /loglogn) lower bound for the round complexity of black-box concurrent zero-knowledge protocols, first shown by Canetti, Kilian, Petrank and Rosen (STOC 2002). Additionally, we give a new lower bound regarding constant-round black-box concurrent zero-knowledge protocols: the running time of the black-box simulator must be at least n Ω(logn).

KW - Concrete Security

KW - Concurrent Zero-Knowledge Lower Bounds

KW - Knowledge Tightness

KW - Zero-Knowledge

UR - http://www.scopus.com/inward/record.url?scp=84858308525&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-28914-9_29

DO - 10.1007/978-3-642-28914-9_29

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:84858308525

SN - 9783642289132

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 512

EP - 529

BT - Theory of Cryptography - 9th Theory of Cryptography Conference, TCC 2012, Proceedings

T2 - 9th Theory of Cryptography Conference, TCC 2012

Y2 - 19 March 2012 through 21 March 2012

ER -