Optimistic Concurrent Zero Knowledge

  • Alon Rosen
  • Abhi Shelat
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6477)


We design cryptographic protocols that recognize best case (optimistic) situations and exploit them. As a case study, we present a new concurrent zero-knowledge protocol that is expected to require only a small constant number of rounds in practice. To prove that our protocol is secure, we identify a weak property of concurrent schedules—called footer-freeness—that suffices for efficient simulation.


concurrent zero-knowledge rational optimistic 


  1. [ASW98]
    Asokan, N., Shoup, V., Waidner, M.: Optimistic fair exchange of digital signatures. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 591–606. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  2. [Bar01]
    Barak, B.: How to go beyond the black-box simulation barrier. In: Proc. 42nd IEEE Symposium on Foundations of Computer Science (FOCS), pp. 106–115 (2001)Google Scholar
  3. [Blu86]
    Blum, M.: How to prove a theorem so no one can claim it. In: Proc. of The International Congress of Mathematicians, pp. 1444–1451 (1986)Google Scholar
  4. [Can06]
    Canetti, R.: Security and composition of cryptographic protocols: A tutorial. Cryptology ePrint Archive, Report 2006/465 (2006)Google Scholar
  5. [CGGM00]
    Canetti, R., Goldreich, O., Goldwasser, S., Micali, S.: Resettable zeroknowledge. In: Proc. 32nd Annual ACM Symposium on Theory of Computing (STOC), pp. 235–244. ACM Press, New York (2000)Google Scholar
  6. [CKP01]
    Cohen, T., Kilian, J., Petrank, E.: Responsive round complexity and concurrent zero-knowledge. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 422–441. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  7. [CKPR01]
    Canetti, R., Kilian, J., Petrank, E., Rosen, A.: Black-box concurrent zeroknowledge requires omega(log n) rounds. In: STOC 2001, pp. 570–579 (2001)Google Scholar
  8. [CKPR02]
    Canetti, R., Kilian, J., Petrank, E., Rosen, A.: Black-box concurrent zero-knowledge requires (almost) logarithmically many rounds. SIAM J. Comput. 32(1), 1–47 (2002)MATHCrossRefMathSciNetGoogle Scholar
  9. [Dam99]
    Damgard, I.: Concurrent zero-knowledge is easy in practice. Available online at Theory of Cryptography Library (June 1999)Google Scholar
  10. [DNS98]
    Dwork, C., Naor, M., Sahai, A.: Concurrent zero knowledge. In: Proc. 30th Annual ACM Symposium on Theory of Computing, STOC (1998)Google Scholar
  11. [DPP93]
    Damgäard, I., Pedersen, T., Pfitzmann, B.: On the existence of statistically hiding bit commitment schemes and fail-stop signatures. In: Crypto 1993, pp. 250–265 (1993)Google Scholar
  12. [DS98]
    Dwork, C., Sahai, A.: Concurrrent zero-knowledge: Reducing the need for timing constraints. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 105–120. Springer, Heidelberg (1998)Google Scholar
  13. [Gol02]
    Goldreich, O.: Concurrent zero-knowledge with timing, revisited. In: STOC 2002, pp. 332–340 (2002)Google Scholar
  14. [KP01]
    Kilian, J., Petrank, E.: Concurrent and resettable zero-knowledge in polylogarithm rounds. In: Proc. 33rd Annual ACM Symposium on Theory of Computing (STOC), pp. 560–569 (2001)Google Scholar
  15. [KPR98]
    Kilian, J., Petrank, E., Rackoff, C.: Lower bounds for zero knowledge on the internet. In: FOCS 1998, pp. 484–492. IEEE, Los Alamitos (1998)Google Scholar
  16. [Lam05]
    Lamport, L.: Fast paxos. Technical Report MSR-TR-2005-112, Microsoft Research (July 2005)Google Scholar
  17. [MP03]
    Micciancio, D., Petrank, E.: Simulatable commitments and efficient concurrent zero-knowledge. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 140–159. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  18. [NY89]
    Naor, M., Yung, M.: Universal one-way hash functions and their cryptographic applications. In: STOC 1989, pp. 33–43 (1989)Google Scholar
  19. [Pas03]
    Pass, R.: Simulation in quasi-polynomial time and its application to protocol composition. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 160–176. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  20. [PPS+08]
    Pandey, O., Pass, R., Sahai, A., Tseng, W.-L.D., Venkitasubramaniam, M.: Precise concurrent zero knowledge. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 397–414. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  21. [PRS02]
    Prabhakaran, M., Rosen, A., Sahai, A.: Concurrent zero-knowledge with logarithmic round complexity. In: FOCS 2002, pp. 366–375 (2002)Google Scholar
  22. [PS04]
    Prabhakaran, M., Sahai, A.: New notions of security: achieving universal composability without trusted setup. In: Symposium on Theory of Computing (STOC), pp. 242–251 (2004)Google Scholar
  23. [PTV10]
    Pass, R., Tseng, W.-L.D., Venkitasubramaniam, M.: Eye for an eye: Efficient concurrent zero-knowledge in the timing model. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 518–534. Springer, Heidelberg (2010)Google Scholar
  24. [PV05]
    Persiano, G., Visconti, I.: Single-prover concurrent zero knowledge in almost constant rounds. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 228–240. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  25. [PV08]
    Pass, R., Venkitasubramaniam, M.: On constant-round concurrent zero-knowledge. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 553–570. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  26. [PK99]
    Richardson, R., Kilian, J.: On the concurrent composition of zero-knowledge proofs. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 311–326. Springer, Heidelberg (1999)Google Scholar
  27. [Ros00]
    Rosen, A.: A note on the round complexity of concurrent zero-knowledge. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 451–468. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  28. [Ros04]
    Rosen, A.: A note on constant round zero knowledge proofs for np. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 191–202. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  29. [Ros06]
    Rosen, A.: Concurrent Zero-Knowledge. Series on Information Security and Cryptography. Springer, Heidelberg (2006)MATHCrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2010

Authors and Affiliations

  • Alon Rosen
    • 1
  • Abhi Shelat
    • 2
  1. 1.IDC HerzileyaIsrael
  2. 2.U. of VirginiaUSA

Personalised recommendations