Results 1 
7 of
7
Obfuscationbased Nonblackbox Simulation and Four Message Concurrent Zero Knowledge for NP
, 2013
"... As recent studies show, the notions of program obfuscation and zero knowledge are intimately connected. In this work, we explore this connection further, and prove the following general result. If there exists differing input obfuscation (diO) for the class of all polynomial time Turing machines, th ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
As recent studies show, the notions of program obfuscation and zero knowledge are intimately connected. In this work, we explore this connection further, and prove the following general result. If there exists differing input obfuscation (diO) for the class of all polynomial time Turing machines, then there exists a four message, fully concurrent zeroknowledge proof system for all languages inNP with negligible soundness error. This result is constructive: given diO, our reduction yields an explicit protocol along with an explicit simulator that is “straight line” and runs in strict polynomial time. Our reduction relies on a new nonblackbox simulation technique which does not use the PCP theorem. In addition to assuming diO, our reduction also assumes (standard and polynomial time) cryptographic assumptions such as collisionresistant hash functions. The round complexity of our protocol also sheds new light on the exact round complexity of concurrent zeroknowledge. It shows, for the first time, that in the realm of nonblackbox simulation, concurrent zeroknowledge may not necessarily require more rounds than stand alone zeroknowledge!
ON NONBLACKBOX SIMULATION AND THE IMPOSSIBILITY OF APPROXIMATE OBFUSCATION ∗
"... Abstract. The introduction of a nonblackbox simulation technique by Barak (FOCS 2001) has been a major landmark in cryptography, breaking the previous barriers of blackbox impossibility. Barak’s technique has given rise to various powerful applications and it is a key component in all known proto ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract. The introduction of a nonblackbox simulation technique by Barak (FOCS 2001) has been a major landmark in cryptography, breaking the previous barriers of blackbox impossibility. Barak’s technique has given rise to various powerful applications and it is a key component in all known protocols with nonblackbox simulation. We present the first nonblackbox simulation technique that does not rely on Barak’s technique (or on nonstandard assumptions). Invoking this technique, we obtain new and improved protocols resilient to various resetting attacks. These improvements include weaker computational assumptions and better round complexity. A prominent feature of our technique is its compatibility with rewinding techniques from classic blackbox zeroknowledge protocols. The combination of rewinding with nonblackbox simulation has proven instrumental in coping with challenging goals as: simultaneouslyresettable zeroknowledge, proofs of knowledge, and resettablesecurity from oneway functions. While previous works required tailored modifications to Barak’s technique, we give a general recipe for combining our technique with rewinding. This yields simplified resettable protocols in the above settings, as well as improvements in round complexity and required computational assumptions. The main ingredient in our technique is a new impossibility result for general program obfuscation. The results extend the impossibility result of Barak et al. (CRYPTO 2001) to the case of obfuscation with approximate functionality; thus, settling a question left open by Barak et al.. In the converse direction, we show a generic transformation
ConstantRound BlackBox Construction of Composable MultiParty Computation Protocol
, 2013
"... We present the first general MPC protocol that satisfies the following: (1) the construction is blackbox, (2) the protocol is universally composable in the plain model, and (3) the number of rounds is constant. The security of our protocol is proven in angelbased UC security under the assumption o ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
We present the first general MPC protocol that satisfies the following: (1) the construction is blackbox, (2) the protocol is universally composable in the plain model, and (3) the number of rounds is constant. The security of our protocol is proven in angelbased UC security under the assumption of the existence of oneway functions that are secure against subexponentialtime adversaries and constantround semihonest oblivious transfer protocols that are secure against quasipolynomialtime adversaries. We obtain the MPC protocol by constructing a constantround CCAsecure commitment scheme in a blackbox way under the assumption of the existence of oneway functions that are secure against subexponentialtime adversaries. To justify the use of such a subexponential hardness assumption in obtaining our constantround CCAsecure commitment scheme, we show that if blackbox reductions are used, there does not exist any constantround CCAsecure commitment scheme under any falsifiable polynomialtime hardness assumptions.
Concurrent Secure Computation via NonBlack Box Simulation
"... Abstract. Recently, Goyal (STOC’13) proposed a new nonblack box simulation techniques for fully concurrent zero knowledge with straightline simulation. Unfortunately, so far this technique is limited to the setting of concurrent zero knowledge. The goal of this paper is to study what can be achiev ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. Recently, Goyal (STOC’13) proposed a new nonblack box simulation techniques for fully concurrent zero knowledge with straightline simulation. Unfortunately, so far this technique is limited to the setting of concurrent zero knowledge. The goal of this paper is to study what can be achieved in the setting of concurrent secure computation using nonblack box simulation techniques, building upon the work of Goyal. The main contribution of our work is a secure computation protocol in the fully concurrent setting with a straightline simulator, that allows us to achieve several new results: – We give first positive results for concurrent blind signatures and verifiable random functions in the plain model as per the ideal/real world security definition. Our positive result is somewhat surprising in light of the impossibility result of Lindell (STOC’03) for blackbox simulation. We circumvent this impossibility using nonblack box simulation. This gives us a quite natural example of a functionality in concurrent
An Alternative Approach to Nonblackbox Simulation in Fully Concurrent Setting
, 2015
"... We give a new proof of the existence of publiccoin concurrent zeroknowledge arguments for NP in the plain model under standard assumptions (the existence of onetoone oneway functions and collisionresistant hash functions), which was originally proven by Goyal (STOC’13). In the proof, we use a ..."
Abstract
 Add to MetaCart
(Show Context)
We give a new proof of the existence of publiccoin concurrent zeroknowledge arguments for NP in the plain model under standard assumptions (the existence of onetoone oneway functions and collisionresistant hash functions), which was originally proven by Goyal (STOC’13). In the proof, we use a new variant of the nonblackbox simulation technique of Barak (FOCS’01). An important property of our simulation technique is that the simulator runs in a straightline manner in the fully concurrent setting. Compared with the simulation technique of Goyal, which also has such a property, the analysis of our simulation technique is (arguably) simpler. This article is a minor revision of the version that appears in the proceedings of TCC 2015. 1
ClientServer Concurrent Zero Knowledge with Constant Rounds and Guaranteed Complexity∗
"... The traditional setting for concurrent zero knowledge considers a server that proves a statement in zeroknowledge to multiple clients in multiple concurrent sessions, where the server’s actions in a session are independent of all other sessions. Persiano and Visconti [ICALP 05] show how keeping a l ..."
Abstract
 Add to MetaCart
The traditional setting for concurrent zero knowledge considers a server that proves a statement in zeroknowledge to multiple clients in multiple concurrent sessions, where the server’s actions in a session are independent of all other sessions. Persiano and Visconti [ICALP 05] show how keeping a limited amount of global state across sessions allows the server to significantly reduce the overall complexity while retaining the ability to interact concurrently with an unbounded number of clients. Specifically, they show a protocol that has only slightly superconstant number of rounds; however the communication complexity in each session of their protocol depends on the number of other sessions and has no apriori bound. This has the drawback that the client has no way to know in advance the amount of resources required for completing a session of the protocol up to the moment where the session is completed. We show a protocol that does not have this drawback. Specifically, in our protocol the client obtains a bound on the communication complexity of each session at the start of the session. Additionally the protocol is constantrounds. Our protocol is fully concurrent, and assumes only collisionresistant hash functions. The proof requires considerably different techniques than those of Persiano and Visconti. Our main technical tool is an adaptation of the “committedsimulator ” technique of Deng et. al [FOCS 09]. 1
PublicCoin Concurrent ZeroKnowledge in Logarithmic Rounds
, 2014
"... We construct O(log 1+ɛ n)round publiccoin concurrent zero knowledge arguments for NP from standard (against any polynomialtime adversary) collisionresistant hash functions for arbitrarily small constant ɛ. Our construction is straightline simulatable. This is the first publiccoin concurrent ..."
Abstract
 Add to MetaCart
(Show Context)
We construct O(log 1+ɛ n)round publiccoin concurrent zero knowledge arguments for NP from standard (against any polynomialtime adversary) collisionresistant hash functions for arbitrarily small constant ɛ. Our construction is straightline simulatable. This is the first publiccoin concurrent zero knowledge protocol based on standard/longstudied assumption that (almost) achieves the best known roundcomplexity of its privatecoin counterpart [Prabhakaran et al., FOCS 02]. Previously, such publiccoin constructions require either polynomial number of rounds [Goyal, STOC 13], newlyintroduced assumptions [Chung et al., FOCS 13], or stronger model [Canetti et al., TCC 13]. This result has strong consequences: it yields the first (almost) logarithmic round simultaneously resettable arguments for NP and the first (almost) logarithmic round concurrent multiparty computation in the single input setting. These results significantly improve over the polynomial roundcomplexity of the best known protocols based on standard assumptions in both cases. Our technical contribution is twofold. First, we introduce a simulation strategy called clearance that yields a simulation tree of very special combinatorial structure and enables us to instantiate Barak’s protocol [Barak, FOCS 01] using the recent BenSasson et al.’s quasilinear construction of PCP system [BenSasson et al., STOC 13] to obtain logarithmic roundcomplexity; secondly, we show how to modify Barak’s protocol such that the soundness of overall construction does not rely on the (implicit/explicit) proof of knowledge property of the underlying universal argument/PCP system, which in turn allows us to benefit from progress on short PCP system of more general types without assuming stronger/superpolynomial hardness.