Achieving Constant Round Leakage-Resilient Zero-Knowledge

Recently there has been a huge emphasis on constructing cryptographic protocols that maintain their security guarantees even in the presence of side channel attacks. Such attacks exploit the physical characteristics of a cryptographic device to learn useful information about the internal state of the device. Designing protocols that deliver meaningful security even in the presence of such leakage attacks is a challenging task. The recent work of Garg, Jain, and Sahai formulates a meaningful notion of zero-knowledge in presence of leakage; and provides a construction which satisfies a weaker variant of this notion called (1 + )leakage-resilient-zero-knowledge, for every constant > 0. In this weaker variant, roughly speaking, if the verifier learns bits of leakage during the interaction, then the simulator is allowed to access (1 + ) · bits of leakage. The round complexity of their protocol is n . In this work, we present the first construction of leakage-resilient zeroknowledge satisfying the ideal requirement of = 0. While our focus is on a feasibility result for = 0, our construction also enjoys a constant number of rounds. At the heart of our construction is a new “public-coin preamble” which allows the simulator to recover arbitrary information from a (cheating) verifier in a “straight line.” We use non-black-box simulation techniques to accomplish this goal.