Min-round Resettable Zero-Knowledge in the Public-Key Model
In STOC 2000, Canetti, Goldreich, Goldwasser, and Micali put forward the strongest notion of zero-knowledge to date, resettable zero-knowledge (RZK) and implemented it in constant rounds in a new model, where the verifier simply has a public key registered before any interaction with the prover.
To achieve ultimate round efficiency, we advocate a slightly stronger model. Informally, we show that, as long as the honest verifier does not use a given public key more than a fixed-polynomial number of times, there exist 3-round (which we prove optimal) RZK protocols for all of NP.
KeywordsSecurity Parameter Random String Commitment Scheme Pseudorandom Function Oracle Access
- BFM88.M. Blum, P. Feldman, and S. Micali. Non-interactive zero-knowledge and its applications (extended abstract). In Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing, pages 103–112, 1988.Google Scholar
- CGGM00.R. Canetti, O. Goldreich, S. Goldwasser, and S. Micali. Resettable zero-knowledge. In Proceedings of the 32nd Annual ACM Symposium on Theory of Computing, 2000. Updated version available at the Cryptology ePrint Archive, record 1999/022, http://eprint.iacr.org/.
- CKPR01.R. Canetti, J. Kilian, E. Petrank, and A. Rosen. Black-box concurrent zero-knowledge requires Ω̃(log n) rounds. In Proceedings of the Thirty-Second Annual ACM Symposium on Theory of Computing, 6–8 July 2001.Google Scholar
- DDP00.A. De Santis, G. Di Crescenzo, and G. Persiano. Necessary and sufficient assumptions for non-interactive zero-knowledge proofs of knowledge for all np relations. In U. Montanari, J. D. P. Rolim, and E. Welzl, editors, Automata Languages and Programming: 27th International Colloquim (ICALP 2000), volume 1853 of Lecture Notes in Computer Science, pages 451–462. Springer-Verlag, July 9–15 2000.Google Scholar
- DNS98.C. Dwork, M. Naor, and A. Sahai. Concurrent zero knowledge. In 30th Annual ACM Symposium on Theory of Computing, 1998.Google Scholar
- DP92.A. De Santis and G. Persiano. Zero-knowledge proofs of knowledge without interaction. In 33rd Annual Symposium on Foundations of Computer Science, 1992.Google Scholar
- FS89.U. Feige and A. Shamir. Zero knowledge proofs of knowledge in two rounds. In Brassard [Bra89], pages 526–545.Google Scholar
- HM96.S. Halevi and S. Micali. Practical and provably-secure commitment schemes from collision-free hashing. In Neal Koblitz, editor, Advances in Cryptology-CRYPTO '96, volume 1109 of Lecture Notes in Computer Science, pages 201–215. Springer-Verlag, 18–22 August 1996.Google Scholar
- KP00.J. Kilian and E. Petrank. Concurrent zero-knowledge in polylogarithmic rounds. Technical Report 2000/013, Cryptology ePrint Archive, http://eprint.iacr.org, 2000.
- KPR98.J. Kilian, E. Petrank, and C. Rackoff. Lower bounds for zero-knowledge on the Internet. In 39th Annual Symposium on Foundations of Computer Science, pages 484–492, Los Alamitos, California, November 1998. IEEE.Google Scholar
- Mer89.R. C. Merkle. A certified digital signature. In Brassard [Bra89], pages 218–238.Google Scholar
- Mic.Silvio Micali. CS proofs. SIAM Journal on Computing, to appear.Google Scholar
- MR01.S. Micali and L. Reyzin. Soundness in the public-key model. Unpublished manuscript, 2001.Google Scholar
- RK99.R. Richardson and J. Kilian. On the concurrent composition of zero-knowledge proofs. In Jacques Stern, editor, Advances in Cryptology—EUROCRYPT '99, volume 1592 of Lecture Notes in Computer Science, pages 415–431. Springer-Verlag, 2–6 May 1999.Google Scholar