Concurrent Non-Malleable Zero Knowledge Proofs

  • Huijia Lin
  • Rafael Pass
  • Wei-Lung Dustin Tseng
  • Muthuramakrishnan Venkitasubramaniam
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6223)


Concurrent non-malleable zero-knowledge (NMZK) considers the concurrent execution of zero-knowledge protocols in a setting where the attacker can simultaneously corrupt multiple provers and verifiers. Barak, Prabhakaran and Sahai (FOCS’06) recently provided the first construction of a concurrent NMZK protocol without any set-up assumptions. Their protocol, however, is only computationally sound (a.k.a., a concurrent NMZK argument). In this work we present the first construction of a concurrent NMZK proof without any set-up assumptions. Our protocol requires poly(n) rounds assuming one-way functions, or \(\tilde{O}(\log n)\) rounds assuming collision-resistant hash functions.

As an additional contribution, we improve the round complexity of concurrent NMZK arguments based on one-way functions (from poly(n) to \(\tilde O(\log n)\)), and achieve a near linear (instead of cubic) security reductions. Taken together, our results close the gap between concurrent ZK protocols and concurrent NMZK protocols (in terms of feasibility, round complexity, hardness assumptions, and tightness of the security reduction).


Commitment Scheme Interactive Proof Negligible Probability Security Reduction Round Complexity 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [AH91]
    Aiello, W., Håstad, J.: Statistical zero-knowledge languages can be recognized in two rounds. J. Comput. Syst. Sci. 42(3), 327–345 (1991)zbMATHCrossRefGoogle Scholar
  2. [BCC88]
    Brassard, G., Chaum, D., Crépeau, C.: Minimum disclosure proofs of knowledge. J. Comput. Syst. Sci. 37(2), 156–189 (1988)zbMATHCrossRefGoogle Scholar
  3. [Blu86]
    Blum, M.: How to prove a theorem so no one else can claim it. In: Proc. of the International Congress of Mathematicians, pp. 1444–1451 (1986)Google Scholar
  4. [BPS06]
    Barak, B., Prabhakaran, M., Sahai, A.: Concurrent non-malleable zero knowledge. In: FOCS, pp. 345–354 (2006)Google Scholar
  5. [CGGM00]
    Canetti, R., Goldreich, O., Goldwasser, S., Micali, S.: Resettable zero-knowledge (extended abstract). In: STOC 2000, pp. 235–244 (2000)Google Scholar
  6. [CKPR01]
    Canetti, R., Kilian, J., Petrank, E., Rosen, A.: Black-box concurrent zero-knowledge requires \(\tilde\omega(\log n)\) rounds. In: STOC 2001, pp. 570–579 (2001)Google Scholar
  7. [DDN00]
    Dolev, D., Dwork, C., Naor, M.: Nonmalleable cryptography. SIAM Journal on Computing 30(2), 391–437 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  8. [DN02]
    Damgård, I., Nielsen, J.B.: Perfect hiding and perfect binding universally composable commitment schemes with constant expansion factor. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 581–596. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  9. [DNS04]
    Dwork, C., Naor, M., Sahai, A.: Concurrent zero-knowledge. J. ACM 51(6), 851–898 (2004)zbMATHCrossRefMathSciNetGoogle Scholar
  10. [GK96]
    Goldreich, O., Kahan, A.: How to construct constant-round zero-knowledge proof systems for NP. Journal of Cryptology 9(3), 167–190 (1996)zbMATHCrossRefMathSciNetGoogle Scholar
  11. [GMR89]
    Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM Journal on Computing 18(1), 186–208 (1989)zbMATHCrossRefMathSciNetGoogle Scholar
  12. [GMW91]
    Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems. J. ACM 38(3), 690–728 (1991)CrossRefMathSciNetGoogle Scholar
  13. [Gol01]
    Goldreich, O.: Foundations of Cryptography — Basic Tools. Cambridge University Press, Cambridge (2001)zbMATHCrossRefGoogle Scholar
  14. [HNO+09]
    Haitner, I., Nguyen, M.-H., Ong, S.J., Reingold, O., Vadhan, S.P.: Statistically hiding commitments and statistical zero-knowledge arguments from any one-way function. SIAM J. Comput. 39(3), 1153–1218 (2009)zbMATHCrossRefMathSciNetGoogle Scholar
  15. [KP01]
    Kilian, J., Petrank, E.: Concurrent and resettable zero-knowledge in poly-loalgorithm rounds. In: STOC 2001, pp. 560–569 (2001)Google Scholar
  16. [LP09]
    Lin, H., Pass, R.: Non-malleability amplification. In: STOC 2009, pp. 189–198 (2009)Google Scholar
  17. [LPV08]
    Lin, H., Pass, R., Venkitasubramaniam, M.: Concurrent non-malleable commitments from any one-way function. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 571–588. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  18. [LPV09]
    Lin, H., Pass, R., Venkitasubramaniam, M.: A unified framework for concurrent security: universal composability from stand-alone non-malleability. In: STOC 2009, pp. 179–188 (2009)Google Scholar
  19. [MOSV06]
    Micciancio, D., Ong, S.J.J., Sahai, A., Vadhan, S.: Concurrent zero knowledge without complexity assumptions. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 1–20. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  20. [MP06]
    Micali, S., Pass, R.: Local zero knowledge. In: STOC 2006, pp. 306–315 (2006)Google Scholar
  21. [OPV08]
    Ostrovsky, R., Persiano, G., Visconti, I.: Constant-round concurrent non-malleable zero knowledge in the bare public-key model. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008, Part II. LNCS, vol. 5126, pp. 548–559. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  22. [OPV10]
    Ostrovsky, R., Pandey, O., Visconti, I.: Efficiency preserving transformations for concurrent non-malleable zero knowledge. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 535–552. Springer, Heidelberg (2010)Google Scholar
  23. [Pas03]
    Pass, R.: Simulation in quasi-polynomial time, and its application to protocol composition. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 160–176. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  24. [PPS+08]
    Pandey, O., Pass, R., Sahai, A., Tseng, W.-L.D., Venkitasubramaniam, M.: Precise concurrent zero knowledge. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 397–414. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  25. [PR03]
    Pass, R., Rosen, A.: Bounded-concurrent secure two-party computation in a constant number of rounds. In: FOCS, p. 404 (2003)Google Scholar
  26. [PR05]
    Pass, R., Rosen, A.: New and improved constructions of non-malleable cryptographic protocols. In: STOC 2005, pp. 533–542 (2005)Google Scholar
  27. [PRS02]
    Prabhakaran, M., Rosen, A., Sahai, A.: Concurrent zero knowledge with logarithmic round-complexity. In: FOCS 2002, pp. 366–375 (2002)Google Scholar
  28. [PTV08]
    Pass, R., Tseng, W.-L.D., Venkitasubramaniam, M.: Concurrent zero knowledge: Simplifications and generalizations (2008) (manuscript),
  29. [RK99]
    Richardson, R., Kilian, J.: On the concurrent composition of zero-knowledge proofs. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 415–432. Springer, Heidelberg (1999)Google Scholar
  30. [SCO+01]
    De Santis, A., Di Crescenzo, G., Ostrovsky, R., Persiano, G., Sahai, A.: Robust non-interactive zero knowledge. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 566–598. Springer, Heidelberg (2001)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Huijia Lin
    • 1
  • Rafael Pass
    • 1
  • Wei-Lung Dustin Tseng
    • 1
  • Muthuramakrishnan Venkitasubramaniam
    • 1
  1. 1.Cornell University 

Personalised recommendations