Advertisement

A Note on Universal Composable Zero Knowledge in Common Reference String Model

  • Andrew C. C. Yao
  • Frances F. Yao
  • Yunlei Zhao
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4484)

Abstract

Pass observed that universal composable zero-knowledge (UCZK) protocols in the common reference string (CRS) model, where a common reference string is selected trustily by a trusted third party and is known to all players, lose deniability that is a natural property of any ZK protocol in the plain model [33]. An open problem (or, natural query) raised in the literature is: are there any other essential security properties, other than the well-known deniability property, that could be lost by universal composable zero-knowledge in the common reference string model, in comparison with UC security in the plain model? In this work, we answer this open question (or, natural query), by showing that UCZK protocols in the CRS model could lose concurrent general composability (CGC) and proof of knowledge (POK) properties that are very important and essential security implications of UCZK in the plain model. This is demonstrated by concrete attacks.

Keywords

Ideal Functionality Cryptographic Protocol Common Input Cryptology ePrint Archive Common Reference String 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Barak, B., Prabhakaran, M., Sahai, A.: Concurrent Non-Malleable Zero-Knowledge. Cryptology ePrint Archive, Report No. 2006/355. Extended abstract appears in FOCS 2006 (2006)Google Scholar
  2. 2.
    Blum, M.: Coin Flipping by Telephone. In: Proc. IEEE Spring COMPCOM, pp. 133–137 (1982)Google Scholar
  3. 3.
    Blum, M.: How to Prove a Theorem so No One Else can Claim It. In: Proceedings of the International Congress of Mathematicians, Berkeley, California, USA, pp. 1444–1451 (1986)Google Scholar
  4. 4.
    Bellare, M., Goldreich, O.: On Defining Proofs of Knowledge. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 390–420. Springer, Heidelberg (1993)Google Scholar
  5. 5.
    Bellare, M., Goldreich, O.: On Probabilistic versus Deterministic Provers in the Definition of Proofs Of Knowledge. Electronic Colloquium on Computational Complexity 13(136) (2006), Available also from Cryptology ePrint Archive, Report No. 2006/359.Google Scholar
  6. 6.
    Canetti, R.: Universally Composable Security: A New Paradigm for Cryptographic Protocols. In: IEEE Symposium on Foundations of Computer Science, pp. 136–145 (2001)Google Scholar
  7. 7.
    Canetti, R.: Security and Composition of Cryptographic Protocols: A Tutorial. Distributed Computing column of SIGACT News 37(3-4) (2006), Available also from Cryptology ePrint Archive, Report 2006/465.Google Scholar
  8. 8.
    Canetti, R., et al.: Universally Composable Security with Global Setup. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 61–85. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  9. 9.
    Canetti, R., Fischlin, M.: Universal Composable Commitments. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 19–40. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. 10.
    Canetti, R., Kushilevitz, E., Lindell, Y.: On the Limitations of Universal Composition Without Set-Up Assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 68–86. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    Canetti, R., et al.: Universally Composable Two-Party and Multi-Party Secure Computation. In: ACM Symposium on Theory of Computing, pp. 494–503 (2002)Google Scholar
  12. 12.
    Canetti, R., Rabin, T.: Universal Composition with Joint State. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 265–281. Springer, Heidelberg (2003)Google Scholar
  13. 13.
    Cramer, R.: Modular Design of Secure, yet Practical Cryptographic Protocols. PhD Thesis, University of Amsterdam (1996)Google Scholar
  14. 14.
    Cramer, R., Damgard, I., Schoenmakers, B.: Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (1994)Google Scholar
  15. 15.
    Damgard, I.: Efficient Concurrent Zero-Knowledge in the Auxiliary String Model. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 418–430. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  16. 16.
    Damgard, I.: Lecture Notes on Cryptographic Protocol Theory. BRICS, Aarhus University (2003)Google Scholar
  17. 17.
    Dolev, D., Dwork, C., Naor, M.: Non-Malleable Cryptography. SIAM Journal on Computing 30(2), 391–437 (2000), Preliminary version in ACM Symposium on Theory of Computing, pp. 542–552 (1991)zbMATHCrossRefMathSciNetGoogle Scholar
  18. 18.
    Garay, J.A., MacKenzie, P., Yang, K.: Strengthening Zero-Knowledge Protocols Using Signatures. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 177–194. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  19. 19.
    Goldreich, O.: Foundation of Cryptography-Basic Tools. Cambridge University Press, Cambridge (2001)Google Scholar
  20. 20.
    Goldreich, O., Micali, S., Wigderson, A.: Proofs that Yield Nothing but Their Validity and a Methodology of Cryptographic Protocol Design. In: IEEE Symposium on Foundations of Computer Science, pp. 174–187 (1986)Google Scholar
  21. 21.
    Goldreich, O., Micali, S., Wigderson, A.: How to Prove All NP-Statements in Zero-Knowledge and a Methodology of Cryptographic Protocol Design. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 171–185. Springer, Heidelberg (1987)Google Scholar
  22. 22.
    Goldreich, O., Micali, S., Wigderson, A.: Proofs that Yield Nothing But Their Validity or All language in \(\mathcal{NP}\) Have Zero-Knowledge Proof Systems. Journal of the Association for Computing Machinery 38(1), 691–729 (1991), Preliminary version appears in IEEE Symposium on Foundations of Computer Science, pp. 174–187 (1986), and Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 171–185. Springer, Heidelberg (1987)zbMATHMathSciNetGoogle Scholar
  23. 23.
    Goldwasser, S., Micali, S., Rackoff, C.: The Knowledge Complexity of Interactive Proof-Systems. In: ACM Symposium on Theory of Computing, pp. 291–304 (1985)Google Scholar
  24. 24.
    Goldwasser, S., Micali, S., Rivest, R.L.: A Digital Signature Scheme Secure Against Adaptive Chosen Message Attacks. SIAM Journal on Computing 17(2), 281–308 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  25. 25.
    Guillou, L., Quisquater, J.J.: A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing both Transmission and Memory. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 123–128. Springer, Heidelberg (1988)Google Scholar
  26. 26.
    Hastad, J., et al.: Construction of a Pseudorandom Generator from Any One-Way Function. SIAM Journal on Computing 28(4), 1364–1396 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  27. 27.
    Katz, J.: Efficient and Non-Malleable Proofs of Plaintext Knowledge and Applications. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 211–228. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  28. 28.
    Kilian, J.: Uses of Randomness in Algorithms and Protocols. MIT Press, Cambridge (1990)Google Scholar
  29. 29.
    Lindell, Y.: General Composition and Universal Composability in Secure Multi-Party Computation. In: IEEE Symposium on Foundations of Computer Science, pp. 394–403 (2003)Google Scholar
  30. 30.
    Lindell, Y.: Parallel Coin-Tossing and Constant-Round Secure Two-Party Computation. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 171–189. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  31. 31.
    Lindell, Y.: Lower Bounds for Concurrent Self Composition. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 203–222. Springer, Heidelberg (2004)Google Scholar
  32. 32.
    Naor, M.: Bit Commitment Using Pseudorandomness. Journal of Cryptology 4(2), 151–158 (1991)zbMATHCrossRefGoogle Scholar
  33. 33.
    Pass, R.: On Deniabililty in the Common Reference String and Random Oracle Models. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 316–337. Springer, Heidelberg (2003)Google Scholar
  34. 34.
    Schnorr, C.: Efficient Signature Generation by Smart Cards. Journal of Cryptology 4(3), 24 (1991)CrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Andrew C. C. Yao
    • 1
  • Frances F. Yao
    • 2
  • Yunlei Zhao
    • 3
  1. 1.Center of Advanced Study, Tsinghua University, BeijingChina
  2. 2.Department of Computer Science, City University of Hong Kong, Hong KongChina
  3. 3.Software School, Fudan University, Shanghai 200433China

Personalised recommendations