Generic and Practical Resettable Zero-Knowledge in the Bare Public-Key Model

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4515)


We present a generic construction for constant-round concurrsound resettable zero-knowledge (rZK-CS) arguments for \(\mathcal{NP}\) in the bare public-key (BPK) model under any (sub-exponentially strong) one-way function (OWF), which is a traditional assumption in this area. The generic construction in turn allows round-optimal implementation for \(\mathcal{NP}\) still under general assumptions, and can be converted into a highly practical instantiation (under specific number-theoretic assumptions) for any language admitting Σ-protocols. Further, the rZK-CS arguments developed in this work also satisfy a weak (black-box) concurrent knowledge-extractability property as proofs of knowledge, in which case some super-polynomial-time assumption is intrinsic.


Hamiltonian Cycle Security Parameter Commitment Scheme Common Input Hiding Property 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Barak, B., Goldreich, O., Goldwasser, S., Lindell, Y.: Resettably-Sound Zero-Knowledge and Its Applications. In: IEEE Symposium on Foundations of Computer Science, pp. 116–125 (2001)Google Scholar
  2. 2.
    Bellare, M., Fischlin, M., Goldwasser, S., Micali, S.: Identification protocols secure against reset attacks. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 495–511. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Blum, M.: How to Prove a Theorem so No One Else can Claim It. In: Proceedings of the International Congress of Mathematicians, pp. 1444–1451 (1986)Google Scholar
  4. 4.
    Brassard, G., Chaum, D., Crepeau, C.: Minimum Disclosure Proofs of Knowledge. Journal of Computer Systems and Science 37(2), 156–189 (1988)CrossRefMathSciNetzbMATHGoogle Scholar
  5. 5.
    Canetti, R., Goldreich, O., Goldwasser, S., Micali, S.: Resettable Zero-Knowledge. In: ACM Symposium on Theory of Computing, pp. 235–244 (2000)Google Scholar
  6. 6.
    Canetti, R., Kilian, J., Petrank, E., Rosen, A.: Black-Box Concurrent Zero-Knowledge Requires (Almost) Logarithmically Many Rounds. SIAM Journal on Computing 32(1), 1–47 (2002)CrossRefMathSciNetzbMATHGoogle Scholar
  7. 7.
    Cramer, R., Damgard, I., Schoenmakers, B.: Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (1994)Google Scholar
  8. 8.
    Damgard, I.: Lecture Notes on Cryptographic Protocol Theory. Aarhus UniversityGoogle Scholar
  9. 9.
    Di Crescenzo, G., Persiano, G., Visconti, I.: Constant-Round Resettable Zero-Knowledge with Concurrent Soundness in the Bare Public-Key Model. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 237–253. Springer, Heidelberg (2004)Google Scholar
  10. 10.
    Dwork, C., Naor, M., Sahai, A.: Concurrent Zero-Knowledge. In: ACM Symposium on Theory of Computing, pp. 409–418 (1998)Google Scholar
  11. 11.
    Feige, U., Shamir, A.: Zero Knowledge Proofs of Knowledge in Two Rounds. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 526–544. Springer, Heidelberg (1990)Google Scholar
  12. 12.
    Goldreich, O.: Foundation of Cryptography-Basic Tools. Cambridge University Press, Cambridge (2001)CrossRefGoogle Scholar
  13. 13.
    Goldwasser, S., Micali, S., Rackoff, C.: The Knowledge Complexity of Interactive Proof-Systems. In: ACM Symposium on Theory of Computing, pp. 291–304 (1985)Google Scholar
  14. 14.
    Guillou, L.C., Quisquater, J.-J.: A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 123–128. Springer, Heidelberg (1988)Google Scholar
  15. 15.
    Lapidot, D., Shamir, A.: Publicly-Verifiable Non-Interactive Zero-Knowledge Proofs. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 353–365. Springer, Heidelberg (1991)Google Scholar
  16. 16.
    Micali, S., Reyzin, L.: Soundness in the Public-Key Model. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 542–565. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  17. 17.
    Naor, M.: Bit Commitment Using Pseudorandomness. Journal of Cryptology 4(2), 151–158 (1991)CrossRefzbMATHGoogle Scholar
  18. 18.
    Naor, M., Reingold, O.: Number-Theoretic Constructions of Efficient Pseudo-Random Functions. Journal of the ACM 1(2), 231–262 (2004)CrossRefMathSciNetGoogle Scholar
  19. 19.
    Okamoto, T.: Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 31–53. Springer, Heidelberg (1993)Google Scholar
  20. 20.
    Schnorr, C.: Efficient Signature Generation by Smart Cards. Journal of Cryptology 4(3), 24 (1991)CrossRefMathSciNetGoogle Scholar
  21. 21.
    Yao, A.C.C., Yung, M., Zhao, Y.: Concurrent Knowledge-Extraction in the Public-Key Model. Manuscript (2007)Google Scholar
  22. 22.
    Zhao, Y., Deng, X., Lee, C.H., Zhu, H.: Resettable Zero-Knowledge in the Weak Public-Key Model. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 123–140. Springer, Heidelberg (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  1. 1.RSA Laboratories and Department of Computer ScienceColumbia UniversityNew YorkUSA
  2. 2.Software SchoolFudan UniversityShanghaiChina

Personalised recommendations