Journal of Cryptology

, Volume 27, Issue 1, pp 109–138

A New Interactive Hashing Theorem

Article

Abstract

Interactive hashing, introduced by Naor, Ostrovsky, Venkatesan, and Yung (J. Cryptol. 11(2):87–108, 1998), plays an important role in many cryptographic protocols. In particular, interactive hashing is a major component in all known constructions of statistically hiding commitment schemes and of statistical zero-knowledge arguments based on general one-way permutations/functions. Interactive hashing with respect to a one-way function f is a two-party protocol that enables a sender who knows y=f(x) to transfer a random hash z=h(y) to a receiver such that the sender is committed to y: the sender cannot come up with x and x′ such that f(x)≠f(x′), but h(f(x))=h(f(x′))=z. Specifically, if f is a permutation and h is a two-to-one hash function, then the receiver does not learn which of the two preimages {y,y′}=h −1(z) is the one the sender can invert with respect to f. This paper reexamines the notion of interactive hashing, and proves the security of a variant of the Naor et al. protocol, which yields a more versatile interactive hashing theorem. When applying our new proof to (an equivalent variant of) the Naor et al. protocol, we get an alternative proof for this protocol that seems simpler and more intuitive than the original one, and achieves better parameters (in terms of how security preserving the reduction is).

Key words

Cryptography Interactive hashing Statistically hiding and computationally binding commitments Statistical zero-knowledge arguments

Notes

Acknowledgements

We are grateful to Moni Naor and Ronen Shaltiel for helpful conversations. We are also grateful to Oded Goldreich and the anonymous referees for their many useful comments and suggestions.

References

1. [1]
G. Brassard, D. Chaum, C. Crépeau, Minimum disclosure proofs of knowledge. J. Comput. Syst. Sci. 37(2), 156–189 (1988)
2. [2]
L.J. Carter, M.N. Wegman, Universal classes of Hash functions. J. Comput. Syst. Sci. 18(2), 143–154 (1979)
3. [3]
O. Goldreich, Foundations of Cryptography: Basic Tools (Cambridge University Press, Cambridge, 2001)
4. [4]
O. Goldreich, S. Goldwasser, N. Linial, Fault-tolerant computation in the full information model. SIAM J. Comput. 27, 447–457 (1998)
5. [5]
I. Haitner, O. Reingold, Statistically hiding commitment from any one-way function, in Proceedings of the 39th Annual ACM Symposium on Theory of Computing (STOC) (2007), pp. 1–10 Google Scholar
6. [6]
I. Haitner, O. Reingold, A new interactive hashing theorem, in Proceedings of the 18th Annual IEEE Conference on Computational Complexity (2007), pp. 319–332 Google Scholar
7. [7]
I. Haitner, J.J. Hoch, O. Reingold, G. Segev, Finding collisions in interactive protocols—a tight lower bound on the round complexity of statistically-hiding commitments, in Proceedings of the 48th Annual Symposium on Foundations of Computer Science (FOCS) (2007), pp. 669–679
8. [8]
I. Haitner, O. Horvitz, J. Katz, C. Koo, R. Morselli, R. Shaltiel, Reducing complexity assumptions for statistically hiding commitment. J. Cryptol. 22(3), 283–310 (2009)
9. [9]
I. Haitner, M. Nguyen, S.J. Ong, O. Reingold, S. Vadhan, Statistically hiding commitments and statistical zero-knowledge arguments from any one-way function. SIAM J. Comput. 39(3), 1153–1218 (2009). Preliminary versions in FOCS’06 and STOC’07
10. [10]
I. Haitner, O. Reingold, S. Vadhan, H. Wee, Inaccessible entropy, in Proceedings of the 41st Annual ACM Symposium on Theory of Computing (STOC) (2009), pp. 611–620
11. [11]
I. Haitner, D. Harnik, O. Reingold, On the power of the randomized iterate. SIAM J. Comput. 40(6), 1486–1528 (2011). Preliminary version in Crypto’06
12. [12]
J. Håstad, R. Impagliazzo, L.A. Levin, M. Luby, A pseudorandom generator from any one-way function. SIAM J. Comput. 28, 1364–1396 (1999). Preliminary versions in STOC’89 and STOC’90
13. [13]
T. Koshiba, Y. Seri, Round-efficient one-way permutation based perfectly concealing bit commitment scheme. Technical Report TR06-093, ECCC (2006). http://eccc.hpi-web.de/report/2006/093/
14. [14]
Y. Lindell, Parallel coin-tossing and constant-round secure two-party computation. J. Cryptol. 16(3), 143–184 (2003)
15. [15]
M. Naor, M. Yung, Universal one-way Hash functions and their cryptographic applications, in Proceedings of the 21st Annual ACM Symposium on Theory of Computing (STOC) (1989), pp. 33–43 Google Scholar
16. [16]
M. Naor, R. Ostrovsky, R. Venkatesan, M. Yung, Perfect zero-knowledge arguments for NP using any one-way permutation. J. Cryptol. 11(2), 87–108 (1998). Preliminary version in CRYPTO’92
17. [17]
M. Nguyen, S.J. Ong, S. Vadhan, Statistical zero-knowledge arguments for NP from any one-way function, in Proceedings of the 47th Annual Symposium on Foundations of Computer Science (FOCS) (2006), pp. 3–14 Google Scholar
18. [18]
R. Ostrovsky, R. Venkatesan, M. Yung, Secure commitment against all powerful adversary, in 9th Annual Symposium on Theoretical Aspects of Computer Science (1992), pp. 439–448 Google Scholar
19. [19]
R. Ostrovsky, R. Venkatesan, M. Yung, Fair games against an all-powerful adversary. AMS DIMACS Ser. Discrete Math. Theor. Comput. Sci. 13, 155–169 (1993). Preliminary version in SEQUENCES’91
20. [20]
R. Ostrovsky, R. Venkatesan, M. Yung, Interactive hashing simplifies zero-knowledge protocol design, in Advances in Cryptology—EUROCRYPT’93 (1993), pp. 267–273 Google Scholar
21. [21]
H. Wee, One-way permutations, interactive hashing and statistically hiding commitments, in Theory of Cryptography, Fourth Theory of Cryptography Conference, TCC 2007 (2007), pp. 419–433 Google Scholar