We introduce the notion of Resettable Zero-Knowledge (rZK), a new security measure for cryptographic protocols which strengthens the classical notion of zero-knowledge. In essence, an rZK protocol is one that remains zero knowledge even if an adversary can interact with the prover many times, each time resetting the prover to its initial state and forcing it to use the same random tape. All known examples of zero-knowledge proofs and arguments are trivially breakable in this setting. Moreover, by definition, all zero-knowledge proofs of knowledge are breakable in this setting. Under general complexity assumptions, which hold for example if the Discrete Logarithm Problem is hard, we construct: ffl Resettable Zero-Knowledge proof-systems for NP with non-constant number of rounds. ffl Five-round Resettable Witness-Indistinguishable proof-systems for NP. ffl Four-round Resettable Zero-Knowledge arguments for NP in the public key model: where verifiers have fixed, public keys associated with them. In addition to shedding new light on what makes zero knowledge possible (by constructing ZK protocols that use randomness in a dramatically weaker way than before), rZK has great relevance
|
844
|
Probabilistic encryption
– Goldwasser, Micali
- 1984
|
|
692
|
The Knowledge Complexity of Interactive Proof-Systems (Extended Abstract
– Goldwasser, Micali, et al.
- 1985
|
|
610
|
A digital signature scheme secure against adaptive chosen-message attacks
– Goldwasser, Micali, et al.
- 1988
|
|
552
|
How to prove yourself: Practical solutions to identification and signature problems
– Fiat, Shamir
- 1986
|
|
480
|
How to construct random functions
– Goldreich, Goldwasser, et al.
- 1986
|
|
474
|
A pseudorandom generator from any one-way function
– stad, Impagliazzo, et al.
- 1999
|
|
466
|
How to generate Cryptographically Strong Sequences of Pseudo-Random Bits
– Blum, Micali
- 1984
|
|
415
|
Theory and applications of trapdoor functions
– Yao
- 1982
|
|
355
|
Nonmalleable cryptography
– Dolev, Dwork, et al.
|
|
263
|
Zero Knowledge Proofs of Identity
– Fiege, Fiat, et al.
- 1987
|
|
241
|
Proofs that Yield Nothing But Their Validity or All Languages in NP Have Zero-Knowledge Proof Systems
– Goldreich, Micali, et al.
- 1991
|
|
219
|
Minimum disclosure proofs of knowledge
– Brassard, Chaum, et al.
- 1988
|
|
164
|
Foundations of Cryptography (Fragments of a Book). Weizmann institute of science
– Goldreich
- 1995
|
|
138
|
On the composition of zero-knowledge proof systems
– Goldreich, Krawczyk
- 1996
|
|
132
|
Witness indistinguishable and witness hiding protocols
– Feige, Shamir
|
|
122
|
Concurrent zero-knowledge
– Dwork, Naor, et al.
- 1998
|
|
113
|
Multiple non-interactive zero knowledge proofs under general assumptions
– Feige, Lapidot, et al.
- 1999
|
|
111
|
How to construct constant-round zeroknowledge proof systems for NP
– Goldreich, Kahan
- 1996
|
|
81
|
Definitions and Properties of Zero-Knowledge Proof Systems
– Goldreich, Oren
- 1994
|
|
77
|
One-way functions are essential for complexity based cryptography
– Impagliazzo, Luby
- 1989
|
|
77
|
On the concurrent composition of zero-knowledge proofs
– Richardson, Kilian
- 1999
|
|
75
|
Efficient concurrent zero-knowledge in the auxiliary string model
– Damgard
- 2000
|
|
74
|
Non-Interactive Zero-Knowledge and Its Applications
– Blum, Feldman, et al.
- 1988
|
|
67
|
Random self-reducibility and zero knowledge interactive proofs of possession of information
– Tompa, Woll
- 1987
|
|
57
|
A uniform-complexity treatment of encryption and zero-knowledge
– Goldreich
- 1993
|
|
56
|
A hard-core predicate to any one-way function
– Goldreich, Levin
- 2002
|
|
52
|
A.Sahai: Concurrent Zero-Knowledge: Reducing the Need for Timing Constraints
– Dwork
|
|
48
|
Non-interactive zeroknowledge proof systems
– Santis, Micali, et al.
- 1990
|
|
42
|
Lower Bounds for Zero Knowledge on the Internet
– Kilian, Petrank, et al.
- 1998
|
|
40
|
Coin Flipping by Phone
– Blum
- 1982
|
|
39
|
Bit Commitment using Pseudorandom Generators
– Naor
- 1991
|
|
36
|
On the existence of 3-round zero-knowledge protocols
– Hada, Tanaka
- 1998
|
|
30
|
A Discrete Logarithm Implementation of Perfect ZeroKnowledge Blobs
– Boyar, Kurtz, et al.
- 1990
|
|
23
|
A Note on the Round-Complexity of Concurrent Zero-Knowledge
– Rosen
- 2000
|
|
21
|
An Efficient Non-Interactive Zero-Knowledge Proof System for NP with General Assumptions
– Kilian, Petrank
- 1998
|
|
16
|
Does Parallel Repetition Lower the Error
– Bellare, Impagliazzo, et al.
- 1997
|
|
9
|
Concurrent zero-knowledge in poly-logarithmic rounds
– Kilian, Petrank
- 2000
|
|
7
|
Concurrent Zero-Knowledge in Easy in Practice. Theory of Cryptography Library
– Damgard
- 1999
|
|
4
|
Also available from the Theory of Cryptography Library
– Goldreich, Goldwasser, et al.
- 1999
|
|
3
|
Proofs of Computational Ability. Crypto '92
– Bellare, Goldreich
- 1992
|
|
