Resettable Statistical Zero Knowledge

  • Sanjam Garg
  • Rafail Ostrovsky
  • Ivan Visconti
  • Akshay Wadia
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7194)


Two central notions of Zero Knowledge that provide strong, yet seemingly incomparable security guarantees against malicious verifiers are those of Statistical Zero Knowledge and Resettable Zero Knowledge. The current state of the art includes several feasibility and impossibility results regarding these two notions separately. However, the question of achieving Resettable Statistical Zero Knowledge (i.e., Resettable Zero Knowledge and Statistical Zero Knowledge simultaneously) for non-trivial languages remained open. In this paper, we show:

  • Resettable Statistical Zero Knowledge with unbounded prover: under the assumption that sub-exponentially hard one-way functions exist, \(\ensuremath{\mathcal{\text{r}SZK}}=\ensuremath{\mathcal{SZK}}\). In other words, every language that admits a Statistical Zero-Knowledge (\(\ensuremath{\mathcal{SZK}}\)) proof system also admits a Resettable Statistical Zero-Knowledge (\(\ensuremath{\mathcal{\text{r}SZK}}\)) proof system. (Further, the result can be re-stated unconditionally provided there exists a sub-exponentially hard language in \(\mathcal{SZK}\)). Moreover, under the assumption that (standard) one-way functions exist, all languages L such that the complement of L is random self reducible, admit a \(\ensuremath{\mathcal{\text{r}SZK}}\); in other words: \(\ensuremath{\mathcal{\text{co-}RSR}} \subseteq \ensuremath{\mathcal{\text{r}SZK}}\).

  • Resettable Statistical Zero Knowledge with efficient prover: efficient-prover Resettable Statistical Zero-Knowledge proof systems exist for all languages that admit hash proof systems (e.g., QNR, QR, \(\mathcal{DDH}\), DCR). Furthermore, for these languages we construct a two-round resettable statistical witness-indistinguishable argument system.

The round complexity of our proof systems is \(\tilde O(\log \kappa)\), where κ is the security parameter, and all our simulators are black-box.


Proof System Commitment Scheme Pseudorandom Function Overwhelming Probability Random Tape 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Barak, B., Goldreich, O., Goldwasser, S., Lindell, Y.: Resettably-sound zero-knowledge and its applications. In: FOCS, pp. 116–125 (2001), full version,
  2. 2.
    Barak, B., Lindell, Y., Vadhan, S.: Lower bounds for non-black-box zero knowledge. In: FOCS 2003, pp. 384–393 (2003)Google Scholar
  3. 3.
    Bellare, M., Micali, S., Ostrovsky, R.: The (true) complexity of statistical zero knowledge. In: STOC, pp. 494–502 (1990)Google Scholar
  4. 4.
    Brassard, G., Chaum, D., Crépeau, C.: Minimum disclosure proofs of knowledge. J. Comput. Syst. Sci. 37(2), 156–189 (1988)CrossRefzbMATHGoogle Scholar
  5. 5.
    Canetti, R., Goldreich, O., Goldwasser, S., Micali, S.: Resettable zero-knowledge (extended abstract). In: STOC, pp. 235–244 (2000)Google Scholar
  6. 6.
    Canetti, R., Kilian, J., Petrank, E., Rosen, A.: Black-box concurrent zero-knowledge requires (almost) logarithmically many rounds. SIAM J. Comput. 32(1), 1–47 (2002)MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Chailloux, A., Ciocan, D.F., Kerenidis, I., Vadhan, S.P.: Interactive and Noninteractive Zero Knowledge are Equivalent in the Help Model. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 501–534. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  8. 8.
    Cho, C., Ostrovsky, R., Scafuro, A., Visconti, I.: Simultaneously Resettable Arguments of Knowledge. In: Cramer, R. (ed.) TCC 2012. LNCS, pp. 530–547. Springer, Heidelberg (2012)Google Scholar
  9. 9.
    Cook, J., Etesami, O., Miller, R., Trevisan, L.: Goldreich’s One-Way Function Candidate and Myopic Backtracking Algorithms. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 521–538. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  10. 10.
    Cramer, R., Shoup, V.: Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 45–64. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  11. 11.
    Damgård, I., Fazio, N., Nicolosi, A.: Non-interactive Zero-Knowledge from Homomorphic Encryption. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 41–59. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  12. 12.
    Deng, Y., Goyal, V., Sahai, A.: Resolving the simultaneous resettability conjecture and a new non-black-box simulation strategy. In: FOCS (2009)Google Scholar
  13. 13.
    Di Crescenzo, G., Persiano, G., Visconti, I.: Constant-Round Resettable Zero Knowledge with Concurrent Soundness in the Bare Public-Key Model. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 237–253. Springer, Heidelberg (2004)Google Scholar
  14. 14.
    Dolev, D., Dwork, C., Naor, M.: Non-Malleable Cryptography. SIAM J. on Computing 30(2), 391–437 (2000)MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    Dwork, C., Naor, M.: Zaps and their applications. In: FOCS, pp. 283–293 (2000)Google Scholar
  16. 16.
    Dwork, C., Naor, M., Sahai, A.: Concurrent zero-knowledge. In: STOC, pp. 409–418 (1998)Google Scholar
  17. 17.
    Garg, S., Ostrovsky, R., Visconti, I., Wadia, A.: Resettable statistical zero knowledge. Cryptology ePrint Archive, Report 2011/457 (2011),
  18. 18.
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game - a completeness theorem for protocols with honest majority. In: STOC, pp. 218–229 (1987)Google Scholar
  19. 19.
    Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof-systems. SIAM J. on Computing 18(6), 186–208 (1989)MathSciNetCrossRefzbMATHGoogle Scholar
  20. 20.
    Goyal, V., Moriarty, R., Ostrovsky, R., Sahai, A.: Concurrent Statistical Zero-Knowledge Arguments for NP from One Way Functions. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 444–459. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  21. 21.
    Groth, J., Ostrovsky, R., Sahai, A.: Non-interactive Zaps and New Techniques for NIZK. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 97–111. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  22. 22.
    Itoh, T., Ohta, Y., Shizuya, H.: A language-dependent cryptographic primitive. J. Cryptology 10(1), 37–50 (1997)MathSciNetCrossRefzbMATHGoogle Scholar
  23. 23.
    Lindell, Y.: Bounded-concurrent secure two-party computation without setup assumptions. In: STOC, pp. 683–692. ACM (2003)Google Scholar
  24. 24.
    Micali, S., Reyzin, L.: Soundness in the Public-Key Model. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 542–565. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  25. 25.
    Micciancio, D., Ong, S.J., Sahai, A., Vadhan, S.P.: Concurrent Zero Knowledge Without Complexity Assumptions. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 1–20. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  26. 26.
    Micciancio, D., Yilek, S.: The Round-Complexity of Black-Box Zero-Knowledge: A Combinatorial Characterization. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 535–552. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  27. 27.
    Naor, M., Yung, M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: STOC 1990, pp. 427–437 (1990)Google Scholar
  28. 28.
    Ong, S.J., Vadhan, S.P.: An Equivalence Between Zero Knowledge and Commitments. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 482–500. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  29. 29.
    Ostrovsky, R.: One-way functions, hard on average problems, and statistical zero-knowledge proofs. In: Structure in Complexity Theory Conference, pp. 133–138 (1991)Google Scholar
  30. 30.
    Pass, R., Tseng, W.L.D., Venkitasubramaniam, M.: Concurrent zero knowledge: Simplifications and generalizations. Technical Report (2008),
  31. 31.
    Pass, R., Wee, H.: Constant-Round Non-malleable Commitments from Sub-exponential One-Way Functions. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 638–655. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  32. 32.
    Prabhakaran, M., Rosen, A., Sahai, A.: Concurrent zero knowledge with logarithmic round-complexity. In: FOCS, pp. 366–375 (2002)Google Scholar
  33. 33.
    Sahai, A., Vadhan, S.P.: A complete problem for statistical zero knowledge. J. ACM 50(2), 196–249 (2003)MathSciNetCrossRefGoogle Scholar
  34. 34.
    Santis, A.D., Crescenzo, G.D., Persiano, G., Yung, M.: On monotone formula closure of szk. In: FOCS, pp. 454–465 (1994)Google Scholar
  35. 35.
    Scafuro, A., Visconti, I.: On round-optimal zero knowledge in the bare public-key model. In: EUROCRYPT. LNCS. Springer, Heidelberg (2012)Google Scholar
  36. 36.
    Tompa, M., Woll, H.: Random self-reducibility and zero knowledge interactive proofs of possession of information. In: FOCS, pp. 472–482 (1987)Google Scholar
  37. 37.
    Vadhan, S.: A Study of Statistical Zero-Knowledge Proofs. Ph.D. thesis. MIT (1999)Google Scholar
  38. 38.
    Wee, H.: Black-box, round-efficient secure computation via non-malleability amplification. In: FOCS (2010)Google Scholar
  39. 39.
    Yung, M., Zhao, Y.: Generic and Practical Resettable Zero-Knowledge in the Bare Public-Key Model. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 129–147. Springer, Heidelberg (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Sanjam Garg
    • 1
  • Rafail Ostrovsky
    • 1
    • 2
  • Ivan Visconti
    • 3
  • Akshay Wadia
    • 1
  1. 1.Department of Computer ScienceUCLAUSA
  2. 2.Department of MathematicsUCLAUSA
  3. 3.Dipartimento di InformaticaUniversity of SalernoItaly

Personalised recommendations