On Deniability in the Common Reference String and Random Oracle Model

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2729)


We revisit the definitions of zero-knowledge in the Common Reference String (CRS) model and the Random Oracle (RO) model. We argue that even though these definitions syntactically mimic the standard zero-knowledge definition, they loose some of its spirit. In particular, we show that there exist a specific natural security property that is not captured by these definitions. This is the property of deniability. We formally define the notion of deniable zero-knowledge in these models and investigate the possibility of achieving it. Our results are different for the two models:

  • Concerning the CRS model, we rule out the possibility of achieving deniable zero-knowledge protocols in “natural” settings where such protocols cannot already be achieved in plain model.

  • In the RO model, on the other hand, we construct an efficient 2-round deniable zero-knowledge argument of knowledge, that preserves both the zero-knowledge property and the proof of knowledge property under concurrent executions (concurrent zero-knowledge and concurrent proof-of knowledge).


Random Oracle Commitment Scheme Random Oracle Model Common Reference String Springer LNCS 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Barak, B., Lindell, Y.: Strict Polynomial-Time in Simulation and Extraction. In: 34th STOC, pp. 484–493 (2002)Google Scholar
  2. 2.
    Bellare, M., Rogaway, P.: Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. In: 1st ACM Conf. on Computer and Communications Security, pp. 62–73 (1993)Google Scholar
  3. 3.
    Blum, M.: How to prove a Theorem So No One Else Can Claim It. In: Proc. of the International Congress of Mathematicians, Berekeley, California, USA, pp. 1444–1451 (1986)Google Scholar
  4. 4.
    Blum, M.: Coin Flipping by Telephone. In: Crypto 1981, ECE Report 82-04, ECE Dept., UCSB, pp. 11–15 (1982)Google Scholar
  5. 5.
    Blum, M., Feldman, P., Micali, S.: Non-Interactive Zero-Knowledge and Its Applications. In: 20th STOC, pp. 103–112 (1988)Google Scholar
  6. 6.
    Canetti, R.: Universally Composable Security: A New Paradigm for Cryptographic Protocols. In: 34th STOC, pp. 494–503 (2002)Google Scholar
  7. 7.
    Canetti, R., Fischlin, M.: Universally Composable Commitments. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 19–40. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Canetti, R., Goldreich, O., Halevi, S.: The Random Oracle Methodology, Revisited. In: 30th STOC, pp. 209–218 (1998)Google Scholar
  9. 9.
    Canetti, R., Kilian, J., Petrank, E., Rosen, A.: Black-Box Concurrent Zero- Knowledge Requires (almost) Logarithmically Many Rounds. SIAM Jour. on Computing 32(1), 1–47 (2002)zbMATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally Composable Two- Party and Multy-Party Computation. In: 34th STOC, pp. 494–503 (2002)Google Scholar
  11. 11.
    Chaum, D., van Antwerpen, H.: Undeniable signatures. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 212–216. Springer, Heidelberg (1990)Google Scholar
  12. 12.
    Cramer, R., Damgård, I., Schoenmakers, B.: Proof of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (1994)Google Scholar
  13. 13.
    De Santis, A., Di Crescenzo, G., Ostrovsky, R., Persiano, G., Sahai, A.: Robust Non-interactive Zero Knowledge. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 566–598. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  14. 14.
    Dwork, C., Naor, M., Sahai, A.: Concurrent Zero-Knowledge. In: 30th STOC, pp. 409–418 (1998)Google Scholar
  15. 15.
    Feige, U., Lapidot, D., Shamir, A.: Multiple Noninteractive Zero Knowledge Proofs under General Assumptions. Siam Jour. on Computing  29(1), 1–28 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    Feige, U., Shamir, A.: Witness Indistinguishability and Witness Hiding Protocols. In: 22nd STOC, pp. 416–426 (1990)Google Scholar
  17. 17.
    Feige, U., Shamir, A.: Zero Knowledge Proofs of Knowledge in Two Rounds. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 526–544. Springer, Heidelberg (1990)Google Scholar
  18. 18.
    Fiat, A., Shamir, A.: How to Prove Yourself: Practical Solutions to Identification and Signature Problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 181–187. Springer, Heidelberg (1987)Google Scholar
  19. 19.
    Goldreich, O.: Foundations of Cryptography – Basic Tools. Cambridge University Press, Cambridge (2001)zbMATHCrossRefGoogle Scholar
  20. 20.
    Goldreich, O.: Zero-knowledge twenty years after their invention. Weizmann Institute (2002)Google Scholar
  21. 21.
    Goldreich, O., Goldwasser, S., Micali, S.: How to Construct Random Functions. JACM 33(4), 210–217 (1986)CrossRefMathSciNetGoogle Scholar
  22. 22.
    Goldreich, O., Krawczyk, H.: On the Composition of Zero-Knowledge Proof Systems. SIAM Jour. on Computing 25(1), 169–192 (1996)zbMATHCrossRefMathSciNetGoogle Scholar
  23. 23.
    Goldreich, O., Micali, S., Wigderson, A.: Proofs that Yield Nothing But Their Validity or All Languages in NP Have Zero-Knowledge Proof Systems. JACM 38(1), 691–729 (1991)zbMATHMathSciNetGoogle Scholar
  24. 24.
    Goldreich, O., Micali, S., Wigderson, A.: How to Play any Mental Game – A Completeness Theorem for Protocols with Honest Majority. In: 19th STOC, pp. 218–229 (1987)Google Scholar
  25. 25.
    Goldreich, O., Oren, Y.: Definitions and Properties of Zero-Knowledge Proof Systems. Jour. of Cryptology 7(1), 1–32 (1994)zbMATHMathSciNetGoogle Scholar
  26. 26.
    Goldwasser, S., Micali, S., Rackoff, C.: The Knowledge Complexity of Interactive Proof Systems. SIAM Jour. on Computing 18(1), 186–208 (1989)zbMATHCrossRefMathSciNetGoogle Scholar
  27. 27.
    Goh, E., Jarecki, S.: A Signature Scheme as Secure as the Diffie-Hellman Problem. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 401–415. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  28. 28.
    Guillou, L.C., Quisquater, J.: A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Trasmission and Memory. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 123–128. Springer, Heidelberg (1988)Google Scholar
  29. 29.
    Håstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: Construction of Pseudorandom Generator from any One-Way Function. SIAM Jour. on Computing 28(4), 1364–1396 (1999)zbMATHCrossRefGoogle Scholar
  30. 30.
    Jakobsson, M., Sako, K., Impagliazzo, R.: Designated Verifier Proofs and Their Applications. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 143–154. Springer, Heidelberg (1996)Google Scholar
  31. 31.
    Lindell, Y.: Parallel Coin-Tossing and Constant-Round Secure Two-Party Computation. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 171–189. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  32. 32.
    Lindell, Y.: Bounded-Concurrent Secure Two-Party Computation Without Setup Assumptions. To appear in 34th STOC (2003)Google Scholar
  33. 33.
    Naor, M.: Bit Commitment using Pseudorandomness. Jour. of Cryptology 4, 151–158 (1991)zbMATHMathSciNetGoogle Scholar
  34. 34.
    Naor, M., Yung, M.: Universal One-Way Hash Functions and their Cryptographic Applications. In: 21st STOC, pp. 33–43 (1989)Google Scholar
  35. 35.
    Pass, R.: Simulation in Quasi-polynomial Time and its Application to Protocol Composition. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 160–176. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  36. 36.
    Pass, R., Rosen, A.: Bounded-Concurrent Two-Party Computation in Constant Number of Rounds (submitted)Google Scholar
  37. 37.
    Sahai, A.: Non-Malleable Non-Interactive Zero Knowledge and Adaptive Chosen- Ciphertext Security. In: 40th FOCS, pp. 543–553 (1999)Google Scholar
  38. 38.
    Schnorr, C.P.: Efficient Identification and Signatures for Smart Cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 235–251. Springer, Heidelberg (1990)Google Scholar
  39. 39.
    Stern, J., Pointcheva, D.: Security Arguments for Digital Signatures and Blind Signatures. Jour. of Cryptology 13(3), 361–396 (2000)zbMATHCrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  1. 1.Department of Numerical Analysis and Computer ScienceRoyal Institute of TechnologyStockholmSweden

Personalised recommendations