Abstract
We define and construct simulatable commitments. These are commitment schemes such that there is an efficient interactive proof system to show that a given string c is a legitimate commitment on a given value v, and furthermore, this proof is efficiently simulatable given any proper pair (c, v). Our construction is provably secure based on the Decisional Diffie-Hellman (DDH) assumption.
Using simulatable commitments, we show how to efficiently transform any public coin honest verifier zero knowledge proof system into a proof system that is concurrent zero-knowledge with respect to any (possibly cheating) verifier via black box simulation. By efficient we mean that our transformation incurs only an additive overhead (both in terms of the number of rounds and the computational and communication complexity of each round), and the additive term is close to optimal (for black box simulation): only ω(log n) additional rounds, and ω(log n) additional public key operations for each round of the original protocol, where n is a security parameter, and ω(log n) can be any superlogarithmic function of n independent of the complexity of the original protocol. The transformation preserves (up to negligible additive terms) the soundness and completeness error probabilities, and the new proof system is proved secure based on the DDH assumption, in the standard model of computation, i.e., no random oracles, shared random strings, or public key infrastructure is assumed.
This research was supported in part by NSF Career Award CCR-0093029.
This research was supported by the Technion V.P.R. Fund — N. Haar and R. Zinn Research Fund.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
B. Barak. How to Go Beyond The Black-Box Simulation Barrier. In Proceedings of the 42nd Annual Symposium on Foundations of Computer Science — FOCS 2001, pages 106–115, Las Vegas, Nevada, USA, Oct. 2001. IEEE.
M. Ben-Or, O. Goldreich, S. Goldwasser, J. Håstad, J. Kilian, S. Micali, and P. Rogaway. Everything provable is provable in zero-knowledge. In S. Goldwasser, editor, Advances in cryptology — CRYPTO’ 88, Proceedings, volume 403 of Lecture Notes in Computer Science, pages 37–56, Santa Barbara, California, USA, Aug. 1988. Springer-Verlag.
G. Brassard, D. Chaum, and C. Crépeau. Minimum Disclosure Proofs of Knowledge. Journal of Computer and System Sciences, 37(2):156–189, Oct. 1988.
R. Canetti, O. Goldreich, S. Goldwasser, and S. Micali. Resettable zero-knowledge. Report TR99-042 (Revision 1), Electronic Colloquium on Computational Complexity (ECCC), Available at URL ftp://ftp.eccc.uni-trier.de/pub/eccc, 2000. Preliminary version in Proc. of STOC 2000.
R. Canetti, J. Kilian, E. Petrank, and A. Rosen. Black-box concurrent zeroknowledge requires \( \tilde \Omega \) (log n) rounds. In Proceedings of the thirty-third Annual ACM Symposium on Theory of Computing — STOC 2001, pages 570–579, Heraklion, Crete, Greece, July 2001. ACM.
D. Chaum, I. Damgård, and J. van de Graaf. Multiparty computations ensuring secrecy of each party’s input and correctness of the result. In C. Pomerance, editor, Advances in cryptology — CRYPTO’ 87, Proceedings, volume 293 of Lecture Notes in Computer Science, pages 87–119, Santa Barbara, California, USA, Aug. 1987. Springer-Verlag.
T. Cohen, J. Kilian, and E. Petrank. Responsive round complexity and concurrent Zero-Knowledge. In C. Boyd, editor, Advances in Cryptology — ASIACRYPT 2001, Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security, volume 2248 of Lecture Notes in Computer Science, pages 422–441, Gold Coast, Australia, Dec. 2001. Springer-Verlag.
I. Damgård and R. Cramer. On monotone function closure of statistical zeroknowledge. Technical Report 1996/003, IACR Cryptology ePrint Archive, Available at URL http://eprint.iacr.org/, 1996.
I. Damgård. Efficient concurrent zero-knowledge in the auxiliary string model. In B. Preneel, editor, Advances in Cryptology-EUROCRYPT 2000, Proceedings of the Internarional Conference on the Theory and Application of Cryptographic Techniques, volume 1807 of Lecture Notes in Computer Science, pages 418–430, Bruges, Belgium, May 2000. Springer-Verlag.
I. Damgård, T. P. Pedersen, and B. Pfitzmann. On the existence of statistically hiding bit commitment schemes and fail-stop signatures. Journal of Cryptology, 10(3):163–194, 1997. Preliminary version in Proc. of CRYPTO 93.
A. De Santis, G. Di Crescenzo, G. Persiano, and M. Yung. On monotone formula closure of SZK. In Proceedings of the 35th Annual Symposium on Foundations of Computer Science 1994 — FOCS’ 94, pages 454–465, Santa Fe, New Mexico, USA, Nov. 1994. IEEE.
G. Di Crescenzo and R. Ostrovsky. On Concurrent Zero-Knowledge with Preprocessing. In M. J. Wiener, editor, Advances in Cryptology — CRYPTO’ 99, Proceedings of the 19th Annual International Cryptology Conference, volume 1666 of Lecture Notes in Computer Science, pages 485–502, Santa Barbara, California, USA, Aug. 1999. Springer-Verlag.
C. Dwork, M. Naor, and A. Sahai. Concurrent zero-knowledge. In Proceedings of the thirtieth Annual ACM Symposium on Theory of Computing — STOC’ 98, pages 409–418, Dallas, Texas, USA, May 1998. ACM.
C. Dwork and A. Sahai. Concurrent zero-knowledge: Reducing the need for timing constraints. In H. Krawczyk, editor, Advances in Cryptology — CRYPTO’ 98, Proceedings of the 18th Annual International Cryptology Conference, volume 1462 of Lecture Notes in Computer Science, pages 442–457, Santa Barbara, California, USA, Aug. 1998. Springer-Verlag.
U. Feige. Alternative Models for Zero Knowledge Interactive Proofs. PhD thesis, Weizmann Institute of Science, Rehovot, Israel, 1990.
U. Feige, D. Lapidot, and A. Shamir. Multiple noninteractive zero knowledge proofs under general assumptions. SIAM Journal on Computing, 29(1):1–28, 1999. Preliminary version in Proc. of FOCS’ 90.
U. Feige and A. Shamir. Zero knowledge proofs of knowledge in two rounds. In G. Brassard, editor, Advances in cryptology — CRYPTO’ 89, Proceedings, volume 435 of Lecture Notes in Computer Science, pages 526–544, Santa Barbara, California, USA, Aug. 1989. Springer-Verlag.
O. Goldreich. Foundation of Cryptography — Basic Tools. Cambridge University Press, 2001.
O. Goldreich and A. Kahan. How to construct constant-round zero-knowledge proof systems for NP. Journal of Cryptology, 9(3):167–190, 1996.
O. Goldreich, S. Micali, and A. Wigderson. Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems. Journal of the ACM, 38(3):691–729, July 1991.
O. Goldreich, A. Sahai, and S. Vadhan. Honest-verifier statistical zero-knowledge equals general statistical zero-knowledge. In Proceedings of the thirtieth Annual ACM Symposium on Theory of Computing — STOC’ 98, pages 399–408, Dallas, Texas, USA, May 1998. ACM.
S. Goldwasser, S. Micali, and C. Rackoff. The knowledge complexity of interactive proof systems. SIAM Journal on Computing, 18(1):186–208, 1989. Preliminary version in Proc. of STOC’ 85.
R. Impagliazzo and M. Yung. Direct minimum-knowledge computations. In C. Pomerance, editor, Advances in cryptology — CRYPTO’ 87, Proceedings, volume 293 of Lecture Notes in Computer Science, pages 40–51, Santa Barbara, California, USA, Aug. 1987. Springer-Verlag.
J. Kilian. Achieving zero-knowledge robustly. In A. Menezes and S. A. Vanstone, editors, Advances in Cryptology — CRYPTO’ 90, Proceedings, volume 537 of Lecture Notes in Computer Science, pages 313–325, Santa Barbara, California, USA, Aug. 1990. Springer-Verlag.
J. Kilian and E. Petrank. An efficient noninteractive zero-knowledge proof system for NP with general assumptions. Journal of Cryptology, 11(1):1–27, 1998.
J. Kilian and E. Petrank. Concurrent and resettable zero-knowledge in polyloalgorithm rounds. In Proceedings of the thirty-third Annual ACM Symposium on Theory of Computing — STOC 2001, pages 560–569, Heraklion, Crete, Greece, July 2001. ACM.
J. Kilian, E. Petrank, and C. Rackoff. Lower bounds for zero knowledge on the internet. In Proceedings of the 39th Annual Symposium on Foundations of Computer Science — FOCS’ 98, pages 484–492, Palo Alto, California, USA, Nov. 1998. IEEE.
M. Naor. Bit commitment using pseudorandomness. Journal of Cryptology, 4(2):151–158, 1991. Preliminary version in Proc. of CRYPTO’ 89.
T. P. Pedersen. Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing. In J. Feigenbaum, editor, Advances in Cryptology — CRYPTO’ 91, Proceedings, volume 576 of Lecture Notes in Computer Science, pages 129–140, Santa Barbara, California, USA, Aug. 1991. Springer-Verlag.
M. Prabhakaran, A. Rosen, and A. Sahai. Concurrent zero knowledge with logarithmic round-complexity. In Proceedings of the 43rd Annual Symposium on Foundations of Computer Science — FOCS 2002, pages 366–375, Vancouver, British Columbia, Canada, Nov. 2002. IEEE.
R. Richardson and J. Kilian. On the concurrent composition of zero-knowledge proofs. In J. Stern, editor, Advances in Cryptology — EUROCRYPT’ 99, Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques, volume 1592 of Lecture Notes in Computer Science, pages 415–431, Prague, Czech Republic, May 1999. Springer-Verlag.
A. Rosen. A note on the round-complexity of concurrent zero-knowledge. In M. Bellare, editor, Advances in Cryptology — CRYPTO 2000, Proceedings of the 20th annual international Cryptology conference, volume 1880 of Lecture Notes in Computer Science, Santa Barbara, California, USA, Aug. 2000. Springer-Verlag.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 International Association for Cryptologic Research
About this paper
Cite this paper
Micciancio, D., Petrank, E. (2003). Simulatable Commitments and Efficient Concurrent Zero-Knowledge. In: Biham, E. (eds) Advances in Cryptology — EUROCRYPT 2003. EUROCRYPT 2003. Lecture Notes in Computer Science, vol 2656. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-39200-9_9
Download citation
DOI: https://doi.org/10.1007/3-540-39200-9_9
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-14039-9
Online ISBN: 978-3-540-39200-2
eBook Packages: Springer Book Archive