Results 1 
2 of
2
ConstantRound Concurrent Zero Knowledge in the Bounded Player Model
"... Abstract. In [18] Goyal et al. introduced the bounded player model for secure computation. In the bounded player model, there are an a priori bounded number of players in the system, however, each player may execute any unbounded (polynomial) number of sessions. They showed that even though the mod ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Abstract. In [18] Goyal et al. introduced the bounded player model for secure computation. In the bounded player model, there are an a priori bounded number of players in the system, however, each player may execute any unbounded (polynomial) number of sessions. They showed that even though the model consists of a relatively mild relaxation of the standard model, it allows for roundefficient concurrent zero knowledge. Their protocol requires a superconstant number of rounds. In this work we show, constructively, that there exists a constantround concurrent zeroknowledge argument in the bounded player model. Our result relies on a new technique where the simulator obtains a trapdoor corresponding to a player identity by putting together information obtained in multiple sessions. Our protocol is only based on the existence of a collisionresistance hashfunction family and comes with a “straightline” simulator. We note that this constitutes the strongest result known on constantround concurrent zero knowledge in the plain model (under well accepted relaxations) and subsumes Barak’s constantround bounded concurrent zeroknowledge result. We view this as a positive step towards getting constant round fully concurrent zeroknowledge in the plain model, without relaxations.
PublicCoin Concurrent ZeroKnowledge in Logarithmic Rounds
, 2014
"... We construct O(log 1+ɛ n)round publiccoin concurrent zero knowledge arguments for NP from standard (against any polynomialtime adversary) collisionresistant hash functions for arbitrarily small constant ɛ. Our construction is straightline simulatable. This is the first publiccoin concurrent ..."
Abstract
 Add to MetaCart
We construct O(log 1+ɛ n)round publiccoin concurrent zero knowledge arguments for NP from standard (against any polynomialtime adversary) collisionresistant hash functions for arbitrarily small constant ɛ. Our construction is straightline simulatable. This is the first publiccoin concurrent zero knowledge protocol based on standard/longstudied assumption that (almost) achieves the best known roundcomplexity of its privatecoin counterpart [Prabhakaran et al., FOCS 02]. Previously, such publiccoin constructions require either polynomial number of rounds [Goyal, STOC 13], newlyintroduced assumptions [Chung et al., FOCS 13], or stronger model [Canetti et al., TCC 13]. This result has strong consequences: it yields the first (almost) logarithmic round simultaneously resettable arguments for NP and the first (almost) logarithmic round concurrent multiparty computation in the single input setting. These results significantly improve over the polynomial roundcomplexity of the best known protocols based on standard assumptions in both cases. Our technical contribution is twofold. First, we introduce a simulation strategy called clearance that yields a simulation tree of very special combinatorial structure and enables us to instantiate Barak’s protocol [Barak, FOCS 01] using the recent BenSasson et al.’s quasilinear construction of PCP system [BenSasson et al., STOC 13] to obtain logarithmic roundcomplexity; secondly, we show how to modify Barak’s protocol such that the soundness of overall construction does not rely on the (implicit/explicit) proof of knowledge property of the underlying universal argument/PCP system, which in turn allows us to benefit from progress on short PCP system of more general types without assuming stronger/superpolynomial hardness.