# Concurrent zero-knowledge

@article{Dwork2004ConcurrentZ, title={Concurrent zero-knowledge}, author={Cynthia Dwork and Moni Naor and Amit Sahai}, journal={IACR Cryptol. ePrint Arch.}, year={2004}, volume={1999}, pages={23} }

Concurrent executions of a zero-knowledge protocol by a single prover (with one or more verifiers) may leak information and may not be zero-knowledge <i>in toto</i>. In this article, we study the problem of maintaining zero-knowledge.We introduce the notion of an (α, β) <i>timing constraint</i>: for any two processors <i>P</i><sub>1</sub> and <i>P</i><sub>2</sub>, if <i>P</i><sub>1</sub> measures α elapsed time on its local clock and <i>P</i><sub>2</sub> measures β elapsed time on its local…

## 102 Citations

### Concurrent Non-Malleable Zero Knowledge

- Computer Science, Mathematics2006 47th Annual IEEE Symposium on Foundations of Computer Science (FOCS'06)
- 2006

This work provides the first construction of a concurrent and non-malleable zero knowledge argument for every language in NP and proves that there exists some functionality F (a combination of zero knowledge and oblivious transfer) such that it is impossible to obtain a concurrent non- malleable protocol for F in this model.

### Restricted-Verifier Precise Bounded-Concurrent Zero-Knowledge

- Computer Science, Mathematics2007 International Conference on Computational Intelligence and Security Workshops (CISW 2007)
- 2007

This work shows the existence of O(1)- round bounded-concurrent zero-knowledge arguments with polynomial precision for NP and assumes that the ratio of running-time of any adversarial verifier on any two different views in bounded-Concurrent execution of the protocol is bounded by na, where a is any predeterminate constant.

### The Knowledge Tightness of Parallel Zero-Knowledge

- Computer Science, MathematicsTCC
- 2012

The concrete security of black-box zero- knowledge protocols when composed in parallel is investigated and essentially tight upper and lower bounds are given on the following measure of security: the number of queries made by black- box simulators when zero-knowledge protocols are composed in Parallel.

### The Round-Complexity of Black-Box Concurrent Zero-Knowledge

- Computer Science
- 2003

This thesis closes the gap between these upper and lower bounds of any cZK proof system for a language outside BPP, whosecZK property is proved using black-box simulation, requires (log n= log log n) rounds of interaction.

### Adaptive Security of Concurrent Non-Malleable Zero-Knowledge

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2011

A zero-knowledge protocol allows a prover to convince a verifier of the correctness of a statement without disclosing any other information to the verifier. It is a basic tool and widely used in many…

### On the Concurrent Composition of Quantum Zero-Knowledge

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2020

The extraction mechanism simultaneously allows for extraction probability to be negligibly close to acceptance probability and also ensures that the provers' state after extraction is statistically close to the prover's state after interacting with the verifier (simulatability).

### Efficient Zero Knowledge on the Internet

- Computer Science, MathematicsICALP
- 2006

A transformation is shown that, for any language L admitting a Σ-protocol, produces a 4-round concurrent zero-knowledge argument system with concurrent soundness in the bare public-key (BPK) model.

### On Round-Optimal Zero Knowledge in the Bare Public-Key Model

- Computer Science, MathematicsEUROCRYPT
- 2012

This paper revisits previous work in the BPK model and points out subtle problems concerning security proofs of concurrent and resettable zero knowledge (cƵƘ and r-protocol, for short) and shows a protocol ΠrƵxt� that is round-optimal and concurrently sound r-Protocol for NP under standard complexity-theoretic assumptions.

### On Deniability in the Common Reference String and Random Oracle Model

- Computer Science, MathematicsCRYPTO
- 2003

It is shown that there exist a specific natural security property that is not captured by these definitions of zero-knowledge, and the notion of deniable zero- knowledge is formally defined in these models.

### Leakage-Resilient Zero Knowledge

- Computer Science, MathematicsCRYPTO
- 2011

A meaningful definition of leakage-resilient zero knowledge (LR-ZK) proof system, that intuitively guarantees that the protocol does not yield anything beyond the validity of the statement and the leakage obtained by the verifier, and a construction of a universally composable multiparty computation protocol in the leaky token model.

## References

SHOWING 1-10 OF 73 REFERENCES

### Concurrent zero-knowledge

- Computer Science, MathematicsSTOC '98
- 1998

Concurrent executions of a zero-knowledge protocol by a ainSle prover (with one or more verifiers) may leak information and may not be zero-knowledge in toto; for example, in the case of…

### Concurrent and resettable zero-knowledge in poly-loalgorithm rounds

- Computer Science, MathematicsSTOC '01
- 2001

This paper presents a concurrent zero-knowledge proof for all languages in NP with a poly-logarithmic round complexity: specifically, ω(log^2 <italic>k</italic>) rounds given at most k concurrent proofs, and shows that a simple modification of the proof is a resettable zero- knowledge proof for NP.

### Concurrent Zero-Knowledge: Reducing the Need for Timing Constraints

- Computer Science, MathematicsCRYPTO
- 1998

A preprocessing protocol is designed, making use of timing, to simulate the trusted center for the purposes of achieving concurrent zero-knowledge, and any polynomial number of subsequent executions of a rich class of protocols will be concurrentZeroknowledge.

### On Concurrent Zero-Knowledge with Pre-processing

- Computer Science, MathematicsCRYPTO
- 1999

This paper shows an efficient constant-round concurrent zero-knowledge protocol with preprocessing for all languages in NP, where both the preprocessing phase and the proof phase each require 3 rounds of interaction.

### Concurrent Zero-Knowledge in Poly-logarithmic Rounds

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2000

This paper presents a concurrent zero-knowledge proof for all languages in NP with a drastically improved complexity: the proof requires only a poly-logarithmic, specifically, ω(log2 k) number of rounds.

### Completeness theorems for non-cryptographic fault-tolerant distributed computation

- Computer ScienceSTOC '88
- 1988

Every function of <italic>n</italic> inputs can be efficiently computed by a complete network of <italic>n</italic> processors in such a way that:<list><item>If no faults occur, no set of size…

### A Note on the Round-Complexity of Concurrent Zero-Knowledge

- Computer Science, MathematicsCRYPTO
- 2000

It is shown that in the context of Concurrent Zero-Knowledge, at least eight rounds of interaction are essential for black-box simulation of non-trivial proof systems (i.e., systems for languages that are not in BPP).

### Concurrent zero knowledge with logarithmic round-complexity

- Computer Science, MathematicsThe 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings.
- 2002

It is shown that every language in NP has a (black-box) concurrent zero-knowledge proof system using O/spl tilde/(log n) rounds of interaction, and the zero- knowledge property of the main protocol is proved under the assumption that there exists a collection of claw free functions.

### Black-Box Concurrent Zero-Knowledge Requires (Almost) Logarithmically Many Rounds

- Computer Science, MathematicsSIAM J. Comput.
- 2002

It is shown that any concurrent zero-knowledge protocol for a nontrivial language must use at least $\tilde\Omega(\log n)$ rounds of interaction, which is the first bound to rule out the possibility of constant-round concurrentzero-knowledge when proven via black-box simulation.

### On the Composition of Zero-Knowledge Proof Systems

- Mathematics, Computer ScienceICALP
- 1990

It is proved that three-round interactive proofs and constant-round Arthur--Merlin proofs that are black-box simulation zero-knowledge exist only for languages in BPP, and it follows that the "parallel versions" of the first interactive proofs systems presented for quadratic residuosity, graph isomorphism, and any language in NP, are not black- box simulationzero-knowledge, unless the corresponding languages are in B PP.