Concurrent zero-knowledge

  title={Concurrent zero-knowledge},
  author={Cynthia Dwork and Moni Naor and Amit Sahai},
  journal={IACR Cryptol. ePrint Arch.},
Concurrent executions of a zero-knowledge protocol by a single prover (with one or more verifiers) may leak information and may not be zero-knowledge <i>in toto</i>. In this article, we study the problem of maintaining zero-knowledge.We introduce the notion of an (α, β) <i>timing constraint</i>: for any two processors <i>P</i><sub>1</sub> and <i>P</i><sub>2</sub>, if <i>P</i><sub>1</sub> measures α elapsed time on its local clock and <i>P</i><sub>2</sub> measures β elapsed time on its local… 

Figures from this paper

Concurrent Non-Malleable Zero Knowledge
This work provides the first construction of a concurrent and non-malleable zero knowledge argument for every language in NP and proves that there exists some functionality F (a combination of zero knowledge and oblivious transfer) such that it is impossible to obtain a concurrent non- malleable protocol for F in this model.
Restricted-Verifier Precise Bounded-Concurrent Zero-Knowledge
  • Ning Ding, Dawu Gu
  • Computer Science, Mathematics
    2007 International Conference on Computational Intelligence and Security Workshops (CISW 2007)
  • 2007
This work shows the existence of O(1)- round bounded-concurrent zero-knowledge arguments with polynomial precision for NP and assumes that the ratio of running-time of any adversarial verifier on any two different views in bounded-Concurrent execution of the protocol is bounded by na, where a is any predeterminate constant.
The Knowledge Tightness of Parallel Zero-Knowledge
The concrete security of black-box zero- knowledge protocols when composed in parallel is investigated and essentially tight upper and lower bounds are given on the following measure of security: the number of queries made by black- box simulators when zero-knowledge protocols are composed in Parallel.
Concurrent Zero Knowledge: Simplifications and Generalizations
This work provides an arguably simpler and more general analysis of the oblivious simulation technique of Kilian and Petrank while achieving the same bounds as Prabhakaran, Rosen and Sahai (FOCS’02).
The Round-Complexity of Black-Box Concurrent Zero-Knowledge
This thesis closes the gap between these upper and lower bounds of any cZK proof system for a language outside BPP, whosecZK property is proved using black-box simulation, requires (log n= log log n) rounds of interaction.
Concurrent Non-Malleable Zero Knowledge Proofs
The results close the gap between concurrent ZK protocols and concurrent NMZK protocols (in terms of feasibility, round complexity, hardness assumptions, and tightness of the security reduction).
Adaptive Security of Concurrent Non-Malleable Zero-Knowledge
A zero-knowledge protocol allows a prover to convince a verifier of the correctness of a statement without disclosing any other information to the verifier. It is a basic tool and widely used in many
On Constant-Round Concurrent Zero-Knowledge from a Knowledge Assumption
This work obtains the first constant round concurrent zero-knowledge argument for NP in the plain model based on a new variant of knowledge of exponent assumption, and shows that the assumption holds in the generic group model.
On the Concurrent Composition of Quantum Zero-Knowledge
The extraction mechanism simultaneously allows for extraction probability to be negligibly close to acceptance probability and also ensures that the provers' state after extraction is statistically close to the prover's state after interacting with the verifier (simulatability).
Efficient Zero Knowledge on the Internet
A transformation is shown that, for any language L admitting a Σ-protocol, produces a 4-round concurrent zero-knowledge argument system with concurrent soundness in the bare public-key (BPK) model.


Concurrent zero-knowledge
Concurrent executions of a zero-knowledge protocol by a ainSle prover (with one or more verifiers) may leak information and may not be zero-knowledge in toto; for example, in the case of
Concurrent and resettable zero-knowledge in poly-loalgorithm rounds
This paper presents a concurrent zero-knowledge proof for all languages in NP with a poly-logarithmic round complexity: specifically, ω(log^2 <italic>k</italic>) rounds given at most k concurrent proofs, and shows that a simple modification of the proof is a resettable zero- knowledge proof for NP.
Concurrent Zero-Knowledge: Reducing the Need for Timing Constraints
A preprocessing protocol is designed, making use of timing, to simulate the trusted center for the purposes of achieving concurrent zero-knowledge, and any polynomial number of subsequent executions of a rich class of protocols will be concurrentZeroknowledge.
On Concurrent Zero-Knowledge with Pre-processing
This paper shows an efficient constant-round concurrent zero-knowledge protocol with preprocessing for all languages in NP, where both the preprocessing phase and the proof phase each require 3 rounds of interaction.
Concurrent Zero-Knowledge in Poly-logarithmic Rounds
This paper presents a concurrent zero-knowledge proof for all languages in NP with a drastically improved complexity: the proof requires only a poly-logarithmic, specifically, ω(log2 k) number of rounds.
Completeness theorems for non-cryptographic fault-tolerant distributed computation
Every function of <italic>n</italic> inputs can be efficiently computed by a complete network of <italic>n</italic> processors in such a way that:<list><item>If no faults occur, no set of size
A Note on the Round-Complexity of Concurrent Zero-Knowledge
It is shown that in the context of Concurrent Zero-Knowledge, at least eight rounds of interaction are essential for black-box simulation of non-trivial proof systems (i.e., systems for languages that are not in BPP).
Concurrent zero knowledge with logarithmic round-complexity
It is shown that every language in NP has a (black-box) concurrent zero-knowledge proof system using O/spl tilde/(log n) rounds of interaction, and the zero- knowledge property of the main protocol is proved under the assumption that there exists a collection of claw free functions.
Black-Box Concurrent Zero-Knowledge Requires (Almost) Logarithmically Many Rounds
It is shown that any concurrent zero-knowledge protocol for a nontrivial language must use at least $\tilde\Omega(\log n)$ rounds of interaction, which is the first bound to rule out the possibility of constant-round concurrentzero-knowledge when proven via black-box simulation.
On the Composition of Zero-Knowledge Proof Systems
It is proved that three-round interactive proofs and constant-round Arthur--Merlin proofs that are black-box simulation zero-knowledge exist only for languages in BPP, and it follows that the "parallel versions" of the first interactive proofs systems presented for quadratic residuosity, graph isomorphism, and any language in NP, are not black- box simulationzero-knowledge, unless the corresponding languages are in B PP.