Constant-Round Resettable Zero Knowledge with Concurrent Soundness in the Bare Public-Key Model

  • Giovanni Di Crescenzo
  • Giuseppe Persiano
  • Ivan Visconti
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3152)


In the bare public-key model (BPK in short), each verifier is assumed to have deposited a public key in a file that is accessible by all users at all times. In this model, introduced by Canetti et al. [STOC 2000], constant-round black-box concurrent and resettable zero knowledge is possible as opposed to the standard model for zero knowledge. As pointed out by Micali and Reyzin [Crypto 2001], the notion of soundness in this model is more subtle and complex than in the classical model and indeed four distinct notions have been introduced (from weakest to strongest): one-time, sequential, concurrent and resettable soundness.

In this paper we present the first constant-round concurrently sound resettable zero-knowledge argument system in the bare public-key model for \(\mathcal{NP}\). More specifically, we present a 4-round protocol, which is optimal as far as the number of rounds is concerned. Our result solves the main open problem on resettable zero knowledge in the BPK model and improves the previous works of Micali and Reyzin [EuroCrypt 2001] and Zhao et al. [EuroCrypt 2003] since they achieved concurrent soundness in stronger models.


Security Parameter Commitment Scheme Argument System Reference String Random Tape 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Goldwasser, S., Micali, S., Rackoff, C.: The Knowledge Complexity of Interactive Proof-Systems. SIAM J. on Computing 18, 186–208 (1989)zbMATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Dwork, C., Naor, M., Sahai, A.: Concurrent Zero-Knowledge. In: Proceedings of the 30th ACM Symposium on Theory of Computing (STOC 1998), pp. 409–418 (1998)Google Scholar
  3. 3.
    Canetti, R., Goldreich, O., Goldwasser, S., Micali, S.: Resettable Zero-Knowledge. In: Proceedings of the 32nd ACM Symposium on Theory of Computing (STOC 2000), pp. 235–244 (2000)Google Scholar
  4. 4.
    Canetti, R., Kilian, J., Petrank, E., Rosen, A.: Black-Box Concurrent Zero- Knowledge Requires ω(log n) Rounds. In: Proceedings of the 33st ACMSymposium on Theory of Computing (STOC 2001), pp. 570–579 (2001)Google Scholar
  5. 5.
    Barak, B.: How to Go Beyond the Black-Box Simulation Barrier. In: Proceeding of the 42nd Symposium on Foundations of Computer Science (FOCS 2001), pp. 106–115 (2001)Google Scholar
  6. 6.
    Blum, M., De Santis, A., Micali, S., Persiano, G.: Non-Interactive Zero-Knowledge. SIAM J. on Computing 20, 1084–1118 (1991)zbMATHCrossRefGoogle Scholar
  7. 7.
    Micali, S., Reyzin, L.: Soundness in the Public-Key Model. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 542–565. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Barak, B., Goldreich, O., Goldwasser, S., Lindell, Y.: Resettably-Sound Zero- Znowledge and its Applications. In: Proceeding of the 42nd Symposium on Foundations of Computer Science (FOCS 2001), pp. 116–125 (2001)Google Scholar
  9. 9.
    Micali, S., Reyzin, L.: Min-round Resettable Zero-Knowledge in the Public-key Model. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 373–393. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. 10.
    Zhao, Y., Deng, X., Lee, C., Zhu, H.: Resettable Zero-Knowledge in the Weak Public-Key Model. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 123–139. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    Goldreich, O.: Concurrent Zero-Knowledge with Timing, Revisited. In: Proceedings of the 34th ACM Symposium on Theory of Computing (STOC 2002), pp. 332–340. ACM, New York (2002)CrossRefGoogle Scholar
  12. 12.
    Di Crescenzo, G., Ostrovsky, R.: On Concurrent Zero-Knowledge with Preprocessing. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 485–502. Springer, Heidelberg (1999)Google Scholar
  13. 13.
    Damgard, I.: Efficient Concurrent Zero-Knowledge in the Auxiliary String Model. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 418–430. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  14. 14.
    Goldwasser, S., Micali, S.: Probabilistic encryption. J. of Comp. and Sys. Sci. 28, 270–299 (1984)zbMATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10–18. 10–18, Heidelberg (1985)CrossRefGoogle Scholar
  16. 16.
    Feige, U., Lapidot, D., Shamir, A.: Multiple Non-Interactive Zero Knowledge Proofs Under General Assumptions. SIAM J. on Computing 29, 1–28 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    Pass, R.: Simulation in Quasi-Polynomial Time and Its Applications to Protocol Composition. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 160–176. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  18. 18.
    Rompel, J.: One-Way Functions are Necessary and Sufficient for Digital Signatures. In: Proceedings of the 22nd ACM Symposium on Theory of Computing (STOC 1990), pp. 12–19 (1990)Google Scholar
  19. 19.
    Dwork, C., Naor, M.: Zaps and their applications. In: IEEE Symposium on Foundations of Computer Science, pp. 283–293 (2000)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Giovanni Di Crescenzo
    • 1
  • Giuseppe Persiano
    • 2
  • Ivan Visconti
    • 3
  1. 1.Telcordia TechnologiesPiscatawayUSA
  2. 2.Dip. di Informatica ed Appl.Univ. di SalernoBaronissiItaly
  3. 3.Département d’InformatiqueÉcole Normale SupérieureParisFrance

Personalised recommendations