Concurrent zero-knowledge

@article{Dwork2004ConcurrentZ,
  title={Concurrent zero-knowledge},
  author={Cynthia Dwork and Moni Naor and Amit Sahai},
  journal={J. ACM},
  year={2004},
  volume={51},
  pages={851-898}
}
Concurrent executions of a zero-knowledge protocol by a single prover (with one or more verifiers) may leak information and may not be zero-knowledge <i>in toto</i>. In this article, we study the problem of maintaining zero-knowledge.We introduce the notion of an (α, β) <i>timing constraint</i>: for any two processors <i>P</i><sub>1</sub> and <i>P</i><sub>2</sub>, if <i>P</i><sub>1</sub> measures α elapsed time on its local clock and <i>P</i><sub>2</sub> measures β elapsed time on its local… 

Figures from this paper

Advances in Cryptology – EUROCRYPT 2019
TLDR
The Future of Privacy and the People’s Data: An IACR DISTINGUISHED LECTURE looks at the future of privacy and data protection in the age of social media.
The Joint Signature and Encryption Revisited
TLDR
This study identifies weaknesses in those paradigms which impose the use of expensive encryption (as a building block) in order to meet a reasonable security level and proposes some optimizations which annihilate the found weaknesses and allow consequently cheap encryption without compromising the overall security.
Information Security and Cryptology
Threshold cryptography aims at enhancing the availability and security of decryption and signature schemes by splitting private keys into several (say n) shares (typically, each of size comparable to
Cross-layer power allocation scheme for cellular network using cooperative diversity
  • Qiusi Lin, Song Meina
  • Business, Computer Science
    5th International Conference on Pervasive Computing and Applications
  • 2010
TLDR
The implementation of the cross-layer algorithm and the convergence analysis is given to show that the algorithm can converge and it can provide significant network performance improvement in terms of power consumption due to the using of cooperative diversity techniques.
A Novel Non-interactive Deniable Authentication Protocol with Designated Verifier on elliptic curve cryptosystem
TLDR
The Fiat-Shamir heuristic method is used to propose a new ECC-based NIDA protocol which not only can achieve full deniability but also is more efficient than all of the proposed schemes due to the inheritent property of elliptic curve cryptosystem.
Eye for an Eye: Efficient Concurrent Zero-Knowledge in the Timing Model
TLDR
This work presents new and efficient concurrent zero-knowledge protocols in the timing model that essentially only delay messages based on the actual response time of each verifier.
A Secure and Efficient Deniable Authentication Protocol
TLDR
The proposed scheme can be proved to be secure against forgery attack, impersonation attack, compromised session secret attack and key compromise impersonation (KCI) attack.
An Enhanced Deniable Authentication Protocol
TLDR
In the new protocol, the random is used to generate the session secret and the new scheme is secure against forgery attack, impersonation attack, compromised session secret attack and KCI attack.
SZK Proofs for Black-Box Group Problems
TLDR
A randomized algorithm for sampling short presentations of solvable permutation groups and it is shown that permutation group isomorphism for solvable groups is in PZK and that the complement of all the above problems have concurrent zero knowledge proofs.
A note on the Dwork-Naor timed deniable authentication
...
...

References

SHOWING 1-10 OF 74 REFERENCES
Bit commitment using pseudorandomness
  • M. Naor
  • Computer Science, Mathematics
    Journal of Cryptology
  • 2004
We show how a pseudorandom generator can provide a bit-commitment protocol. We also analyze the number of bits communicated when parties commit to many bits simultaneously, and show that the
On the Composition of Zero-Knowledge Proof Systems
TLDR
It is proved that three-round interactive proofs and constant-round Arthur--Merlin proofs that are black-box simulation zero-knowledge exist only for languages in BPP, and it follows that the "parallel versions" of the first interactive proofs systems presented for quadratic residuosity, graph isomorphism, and any language in NP, are not black- box simulationzero-knowledge, unless the corresponding languages are in B PP.
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
  • P. Kocher
  • Computer Science, Mathematics
    CRYPTO
  • 1996
By carefully measuring the amount of time required tm perform private key operalions, attackers may be able to find fixed Diffie-Hellman exponents, factor RSA keys, and break other cryptosystems.
Universally composable security: a new paradigm for cryptographic protocols
  • R. Canetti
  • Computer Science, Mathematics
    Proceedings 2001 IEEE International Conference on Cluster Computing
  • 2001
TLDR
It is shown how to formulate universally composable definitions of security for practically any cryptographic task, and it is demonstrated that practically any such definition can be realized using known techniques, as long as only a minority of the participants are corrupted.
Definitions and properties of zero-knowledge proof systems
TLDR
It is shown that randomness of both the verifier and the prover, and nontriviality of the interaction are essential properties of (nontrivial) auxiliary-input zero-knowledge proofs.
Cryptographically Strong Undeniable Signatures, Unconditionally Secure for the Signer
We present the first undeniable signature schemes where signers are unconditionally secure. In the efficient variants, the security for the recipients relies on a discrete logarithm assumption or on
Zero-knowledge proofs of identity
TLDR
This paper defines the definition of unrestricted input zero- knowledge proofs of knowledge in which the prover demonstrates possession of knowledge without revealing any computational information whatsoever (not even the one bit revealed in zero-knowledge proofs of assertions).
Pricing via Processing or Combatting Junk Mail
We present a computational technique for combatting junk mail in particular and controlling access to a shared resource in general. The main idea is to require a user to compute a moderately hard,
...
...