# A New Interactive Hashing Theorem

- 566 Downloads
- 1 Citations

## Abstract

Interactive hashing, introduced by Naor, Ostrovsky, Venkatesan, and Yung (J. Cryptol. 11(2):87–108, 1998), plays an important role in many cryptographic protocols. In particular, interactive hashing is a major component in all known constructions of statistically hiding commitment schemes and of statistical zero-knowledge arguments based on general one-way permutations/functions. Interactive hashing with respect to a one-way function *f* is a two-party protocol that enables a sender who knows *y*=*f*(*x*) to transfer a random hash *z*=*h*(*y*) to a receiver such that the sender is committed to *y*: the sender cannot come up with *x* and *x*′ such that *f*(*x*)≠*f*(*x*′), but *h*(*f*(*x*))=*h*(*f*(*x*′))=*z*. Specifically, if *f* is a permutation and *h* is a two-to-one hash function, then the receiver does not learn which of the two preimages {*y*,*y*′}=*h* ^{−1}(*z*) is the one the sender can invert with respect to *f*. This paper reexamines the notion of interactive hashing, and proves the security of a variant of the Naor et al. protocol, which yields a more versatile interactive hashing theorem. When applying our new proof to (an equivalent variant of) the Naor et al. protocol, we get an alternative proof for this protocol that seems simpler and more intuitive than the original one, and achieves better parameters (in terms of how security preserving the reduction is).

## Key words

Cryptography Interactive hashing Statistically hiding and computationally binding commitments Statistical zero-knowledge arguments## Notes

### Acknowledgements

We are grateful to Moni Naor and Ronen Shaltiel for helpful conversations. We are also grateful to Oded Goldreich and the anonymous referees for their many useful comments and suggestions.

## References

- [1]G. Brassard, D. Chaum, C. Crépeau, Minimum disclosure proofs of knowledge.
*J. Comput. Syst. Sci.***37**(2), 156–189 (1988) CrossRefzbMATHGoogle Scholar - [2]L.J. Carter, M.N. Wegman, Universal classes of Hash functions.
*J. Comput. Syst. Sci.***18**(2), 143–154 (1979) CrossRefzbMATHMathSciNetGoogle Scholar - [3]O. Goldreich,
*Foundations of Cryptography: Basic Tools*(Cambridge University Press, Cambridge, 2001) CrossRefGoogle Scholar - [4]O. Goldreich, S. Goldwasser, N. Linial, Fault-tolerant computation in the full information model.
*SIAM J. Comput.***27**, 447–457 (1998) MathSciNetGoogle Scholar - [5]I. Haitner, O. Reingold, Statistically hiding commitment from any one-way function, in
*Proceedings of the 39th Annual ACM Symposium on Theory of Computing (STOC)*(2007), pp. 1–10 Google Scholar - [6]I. Haitner, O. Reingold, A new interactive hashing theorem, in
*Proceedings of the 18th Annual IEEE Conference on Computational Complexity*(2007), pp. 319–332 Google Scholar - [7]I. Haitner, J.J. Hoch, O. Reingold, G. Segev, Finding collisions in interactive protocols—a tight lower bound on the round complexity of statistically-hiding commitments, in
*Proceedings of the 48th Annual Symposium on Foundations of Computer Science (FOCS)*(2007), pp. 669–679 CrossRefGoogle Scholar - [8]I. Haitner, O. Horvitz, J. Katz, C. Koo, R. Morselli, R. Shaltiel, Reducing complexity assumptions for statistically hiding commitment.
*J. Cryptol.***22**(3), 283–310 (2009) CrossRefzbMATHMathSciNetGoogle Scholar - [9]I. Haitner, M. Nguyen, S.J. Ong, O. Reingold, S. Vadhan, Statistically hiding commitments and statistical zero-knowledge arguments from any one-way function.
*SIAM J. Comput.***39**(3), 1153–1218 (2009). Preliminary versions in*FOCS’06*and*STOC’07*CrossRefzbMATHMathSciNetGoogle Scholar - [10]I. Haitner, O. Reingold, S. Vadhan, H. Wee, Inaccessible entropy, in
*Proceedings of the 41st Annual ACM Symposium on Theory of Computing (STOC)*(2009), pp. 611–620 CrossRefGoogle Scholar - [11]I. Haitner, D. Harnik, O. Reingold, On the power of the randomized iterate.
*SIAM J. Comput.***40**(6), 1486–1528 (2011). Preliminary version in*Crypto’06*CrossRefzbMATHMathSciNetGoogle Scholar - [12]J. Håstad, R. Impagliazzo, L.A. Levin, M. Luby, A pseudorandom generator from any one-way function.
*SIAM J. Comput.***28**, 1364–1396 (1999). Preliminary versions in*STOC’89*and*STOC’90*CrossRefzbMATHMathSciNetGoogle Scholar - [13]T. Koshiba, Y. Seri, Round-efficient one-way permutation based perfectly concealing bit commitment scheme. Technical Report TR06-093, ECCC (2006). http://eccc.hpi-web.de/report/2006/093/
- [14]Y. Lindell, Parallel coin-tossing and constant-round secure two-party computation.
*J. Cryptol.***16**(3), 143–184 (2003) CrossRefzbMATHMathSciNetGoogle Scholar - [15]M. Naor, M. Yung, Universal one-way Hash functions and their cryptographic applications, in
*Proceedings of the 21st Annual ACM Symposium on Theory of Computing (STOC)*(1989), pp. 33–43 Google Scholar - [16]M. Naor, R. Ostrovsky, R. Venkatesan, M. Yung, Perfect zero-knowledge arguments for NP using any one-way permutation.
*J. Cryptol.***11**(2), 87–108 (1998). Preliminary version in*CRYPTO’92*CrossRefzbMATHMathSciNetGoogle Scholar - [17]M. Nguyen, S.J. Ong, S. Vadhan, Statistical zero-knowledge arguments for NP from any one-way function, in
*Proceedings of the 47th Annual Symposium on Foundations of Computer Science (FOCS)*(2006), pp. 3–14 Google Scholar - [18]R. Ostrovsky, R. Venkatesan, M. Yung, Secure commitment against all powerful adversary, in
*9th Annual Symposium on Theoretical Aspects of Computer Science*(1992), pp. 439–448 Google Scholar - [19]R. Ostrovsky, R. Venkatesan, M. Yung, Fair games against an all-powerful adversary.
*AMS DIMACS Ser. Discrete Math. Theor. Comput. Sci.***13**, 155–169 (1993). Preliminary version in*SEQUENCES’91*MathSciNetGoogle Scholar - [20]R. Ostrovsky, R. Venkatesan, M. Yung, Interactive hashing simplifies zero-knowledge protocol design, in
*Advances in Cryptology—EUROCRYPT’93*(1993), pp. 267–273 Google Scholar - [21]H. Wee, One-way permutations, interactive hashing and statistically hiding commitments, in
*Theory of Cryptography, Fourth Theory of Cryptography Conference, TCC 2007*(2007), pp. 419–433 Google Scholar