Interactive Hashing Simplifies Zero-Knowledge Protocol Design
نویسندگان
چکیده
Often the core diiculty in designing zero-knowledge protocols arises from having to consider every possible cheating veriier trying to extract additional information. We here consider a compiler which transforms protocols proven secure only with respect to the honest veriier into protocols which are secure against any (even cheating) veriier. Such a compiler, which preserves the zero-knowledge property of a statistically or com-putationally secure protocol was rst proposed in BMO] based on Discrte Logarithm problem. In this paper, we show how such a compiler could be constructed based on any one-way permutation using the recent method of interactive hashing OVY-91]. This applies to both statistically and computationally secure protocols, preserving their respective security. Our result allows us to utilize DES-like permutations for such a compiler.
منابع مشابه
Hashing Functions can Simplify Zero- Knowledge Protocol Design (too)
In Crypto93, Damg̊ard showed that any constant-round protocol in which the verifier sends only independent, random bits and which is zero-knowledge against the honest verifier can be transformed into a protocol (for the same problem) that is zero-knowledge in general. His transformation was based on the interactive hashing technique of Naor, Ostrovsky, Venkatesan and Yung, and thus the resulting...
متن کاملConcurrent Zero-Knowledge: Reducing the Need for Timing Constraints
Abs t r ac t . An interactive proof system (or argument) (i v, V) is concur. rent zero.knowledgeif whenever the prover engages in polynomially many concurrent executions of (P, V), with (possibly distinct) colluding polynomial time bounded verifiers ~ , . . . , ~ v ( , 0 , the entire undertaking is zero-knowledge. Dwork, Naor, and S~,ai recently showed the existence of a large class of concurre...
متن کاملInteractive Hashing Simpli es Zero-Knowledge Protocol Design
Often the core di culty in designing zero-knowledge protocols arises from having to consider every possible cheating veri er trying to extract additional information. We here consider a compiler which transforms protocols proven secure only with respect to the honest veri er into protocols which are secure against any (even cheating) veri er. Such a compiler, which preserves the zero-knowledge ...
متن کاملA Characterization of Non-interactive Instance-Dependent Commitment-Schemes (NIC)
We provide a new characterization of certain zero-knowledge protocols as non-interactive instance-dependent commitment-schemes (NIC). To obtain this result we consider the notion of V-bit protocols, which are very common, and found many applications in zero-knowledge. Our characterization result states that a protocol has a V-bit zero-knowledge protocol if and only if it has a NIC. The NIC inhe...
متن کاملHonest Verifier vs Dishonest Verifier in Public Coin Zero-Knowledge Proofs
This paper presents two transformations of public-coin/Arthur-Merlin proof systems which are zero-knowledge with respect to the honest verifier into (public-coin/ArthurMerlin) proof systems which are zero-knowledge with respect to any verifier. The first transformation applies only to constant-round proof systems. It builds on Damgård’s transformation (see Crypto93), using ordinary hashing func...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 1993