Learn More
We study the problem of searching on data that is encrypted using a public key system. Consider user Bob who sends email to user Alice encrypted under Alice's public key. An email gateway wants to test whether the email contains the keyword " urgent " so that it could route the email accordingly. Alice, on the other hand does not wish to give the gateway(More)
We consider the following pebble motion problem. We are given a tree T with n vertices and two arrangements $\cal R$ and $\cal S$ of k<n distinct pebbles numbered 1, . . ., k on distinct vertices of the tree. Pebbles can move along edges of T provided that at any given time at most one pebble is traveling along an edge and each vertex of T contains at most(More)
We investigate the possibility of disposing of interaction between Prover and Veriier in a zero-knowledge proof if they share beforehand a short random string. Without any assumption, we prove that non-interactive zero-knowledge proofs exist for some number theoretic languages for which no eecient algorithm is known. If deciding quadratic residuosity(More)
Non-Interactive Zero Knowledge (NIZK), introduced by Blum, Feld-man, and Micali in 1988, is a fundamental cryptographic primitive which has attracted considerable attention in the last decade and has been used throughout modern cryptography in several essential ways. For example, NIZK plays a central role in building provably secure public-key cryptosystems(More)
We investigate structural properties of statistical zero knowledge (SZK) both in the interactive and in the non-interactive model. Speciically, we look into the closure properties of SZK languages under monotone logical formula composition. This gives rise to new protocol techniques. We show that interactive SZK for random self re-ducible languages (RSR)(More)
In the bare public-key model (BPK in short), each verifier is assumed to have deposited a public key in a file that is accessible by all users at all times. In this model, introduced by Canetti et al. [STOC 2000], constant-round black-box concurrent and resettable zero knowledge is possible as opposed to the standard model for zero knowledge. As pointed out(More)