Public-Coin Concurrent Zero-Knowledge in the Global Hash Model

  • Ran Canetti
  • Huijia Lin
  • Omer Paneth
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7785)


Public-coin zero-knowledge and concurrent zero-knowledge (cZK) are two classes of zero knowledge protocols that guarantee some additional desirable properties. Still, to this date no protocol is known that is both public-coin and cZK for a language outside BPP. Furthermore, it is known that no such protocol can be black-box ZK [Pass, Crypto 09].

We present a public-coin concurrent ZK protocol for any NP language. The protocol assumes that all verifiers have access to a globally specified function, drawn from a collision resistant hash function family. (This model, which we call the Global Hash Function, or GHF model, can be seen as a restricted case of the non-programmable reference string model.) We also show that the impossibility of black-box public-coin cZK extends also to the GHF model.

Our protocol assumes CRH functions against quasi-polynomial adversaries and takes O(log1 + εn) rounds for any ε > 0, where n is the security parameter. Our techniques combine those for (non-public-coin) black-box cZK with Barak’s non-black-box technique for public-coin constant-round ZK. As a corollary we obtain the first simultaneously resettable zero-knowledge protocol with O(log1 + εn) rounds, in the GHF model.


  1. 1.
    Barak, B.: How to go beyond the black-box simulation barrier. In: FOCS (2001)Google Scholar
  2. 2.
    Barak, B., Goldreich, O.: Universal arguments and their applications. SIAM J. Comput. (2008)Google Scholar
  3. 3.
    Ben-Sasson, E., Chiesa, A., Genkin, D., Tromer, E.: On the concrete-efficiency threshold of probabilistically-checkable proofs. In: Electronic Colloquium on Computational Complexity, ECCC (2012)Google Scholar
  4. 4.
    Bitansky, N., Canetti, R., Halevi, S.: Leakage-Tolerant Interactive Protocols. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 266–284. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  5. 5.
    Blum, M., Feldman, P., Micali, S.: Non-interactive zero-knowledge and its applications (extended abstract). In: STOC (1988)Google Scholar
  6. 6.
    Canetti, R., Fischlin, M.: Universally composable commitments. IACR Cryptology ePrint Archive (2001)Google Scholar
  7. 7.
    Canetti, R., Kilian, J., Petrank, E., Rosen, A.: Black-box concurrent zero-knowledge requires (almost) logarithmically many rounds. SIAM J. Comput. (2002)Google Scholar
  8. 8.
    Canetti, R., Lin, H., Paneth, O.: Public-coins concurrent zero-knowledge in the global hash model. IACR Cryptology ePrint Archive (2013)Google Scholar
  9. 9.
    Deng, Y., Feng, D., Goyal, V., Lin, D., Sahai, A., Yung, M.: Resettable Cryptography in Constant Rounds – The Case of Zero Knowledge. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 390–406. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  10. 10.
    Deng, Y., Goyal, V., Sahai, A.: Resolving the simultaneous resettability conjecture and a new non-black-box simulation strategy. In: FOCS (2009)Google Scholar
  11. 11.
    Dwork, C., Naor, M., Sahai, A.: Concurrent zero-knowledge. In: STOC (1998)Google Scholar
  12. 12.
    Garg, S., Jain, A., Sahai, A.: Leakage-Resilient Zero Knowledge. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 297–315. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  13. 13.
    Goldreich, O., Kahan, A.: How to construct constant-round zero-knowledge proof systems for NP. Journal of Cryptology (1996)Google Scholar
  14. 14.
    Goldreich, O., Krawczyk, H.: On the composition of zero-knowledge proof systems. SIAM J. Comput. (1996)Google Scholar
  15. 15.
    Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity for all languages in np have zero-knowledge proof systems. J. ACM (1991)Google Scholar
  16. 16.
    Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof-systems (extended abstract). In: STOC (1985)Google Scholar
  17. 17.
    Kilian, J., Petrank, E.: Concurrent and resettable zero-knowledge in poly-loalgorithm rounds. In: STOC (2001)Google Scholar
  18. 18.
    Pandey, O., Pass, R., Sahai, A., Tseng, W.-L.D., Venkitasubramaniam, M.: Precise Concurrent Zero Knowledge. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 397–414. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  19. 19.
    Pass, R., Rosen, A.: Concurrent non-malleable commitments. In: FOCS (2005)Google Scholar
  20. 20.
    Pass, R., Rosen, A., Tseng, W.: Public-coin parallel zero-knowledge for np. Journal of Cryptology (2011)Google Scholar
  21. 21.
    Pass, R., Tseng, W.-L.D., Wikström, D.: On the Composition of Public-Coin Zero-Knowledge Protocols. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 160–176. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  22. 22.
    Prabhakaran, M., Rosen, A., Sahai, A.: Concurrent zero knowledge with logarithmic round-complexity. In: FOCS (2002)Google Scholar
  23. 23.
    Richardson, R., Kilian, J.: On the Concurrent Composition of Zero-Knowledge Proofs. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 415–431. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  24. 24.
    Rogaway, P.: Formalizing Human Ignorance. In: Nguyên, P.Q. (ed.) VIETCRYPT 2006. LNCS, vol. 4341, pp. 211–228. Springer, Heidelberg (2006)CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2013

Authors and Affiliations

  • Ran Canetti
    • 1
    • 2
  • Huijia Lin
    • 1
    • 3
  • Omer Paneth
    • 1
  1. 1.Boston UniversityUSA
  2. 2.Tel Aviv UniversityIsrael
  3. 3.MITUSA

Personalised recommendations