Generic yet Practical ZK Arguments from any Public-Coin HVZK
نویسندگان
چکیده
In this work, we present a generic yet practical transformation from any public-coin honest-verifier zero-knowledge (HVZK) protocols to normal zero-knowledge (ZK) arguments. By “generic”, we mean that the transformation is applicable to any public-coin HVZK protocol under any one-way function (OWF) admitting Σ-protocols. By “practical” we mean that the transformation does not go through general NP-reductions and only incurs additionally one round (for public-coin HVZK protocols of odd number of rounds that is the normal case in practice). In particular, if the starting public-coin HVZK protocols and the underlying Σ-protocols are practical, the transformed ZK arguments are also practical. In addition, our transformation also preserves statistical/perfect zero-knowledge. To this end, we develop generic yet practical 3-round perfectly-hiding equivocal (string) commitment scheme under any OWF admitting Σ-protocols, which is possibly of independent value. We also show that three rounds is the lower-bound of round-complexity for equivocal commitment schemes.
منابع مشابه
Generic yet Practical (Statistical) Zero-Knowledge from any Public-Coin HVZK
In this work, we present a generic yet practical transformation from any public-coin honestverifier zero-knowledge (HVZK) protocols to normal zero-knowledge (ZK) arguments. By “generic”, we mean that the transformation is applicable to any public-coin HVZK protocol under any one-way function (OWF) admitting Σ-protocols. By “practical” we mean that the transformation does not go through general ...
متن کاملZero-Knowledge Proofs and String Commitments Withstanding Quantum Attacks
The concept of zero-knowledge (ZK) has become of fundamental importance in cryptography. However, in a setting where entities are modeled by quantum computers, classical arguments for proving ZK fail to hold since, in the quantum setting, the concept of rewinding is not generally applicable. Moreover, known classical techniques that avoid rewinding have various shortcomings in the quantum setti...
متن کاملA Transform for NIZK Almost as Efficient and General as the Fiat-Shamir Transform Without Programmable Random Oracles
The Fiat-Shamir (FS) transform uses a hash function to generate, without any further overhead, non-interactive zero-knowledge (NIZK) argument systems from constant-round publiccoin honest-verifier zero-knowledge (public-coin HVZK) proof systems. In the proof of zero knowledge, the hash function is modeled as a programmable random oracle (PRO). In TCC 2015, Lindell embarked on the challenging ta...
متن کاملOn the Implausibility of Constant-Round Public-Coin Zero-Knowledge Proofs
We consider the problem of whether there exist non-trivial constant-round public-coin zero-knowledge (ZK) proofs. To date, in spite of high interest in the above, there is no definite answer to the question. We focus on the type of ZK proofs that admit a universal simulator (which handles all malicious verifiers), and show a connection between the existence of such proof systems and a seemingly...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Electronic Colloquium on Computational Complexity (ECCC)
دوره شماره
صفحات -
تاریخ انتشار 2005