Independent Zero-Knowledge Sets

  title={Independent Zero-Knowledge Sets},
  author={Rosario Gennaro and Silvio Micali},
We define and construct Independent Zero-Knowledge Sets (ZKS) protocols. In a ZKS protocols, a Prover commits to a set S, and for any x, proves non-interactively to a Verifier if x ∈S or x ∉S without revealing any other information about S. In the independent ZKS protocols we introduce, the adversary is prevented from successfully correlate her set to the one of a honest prover. Our notion of independence in particular implies that the resulting ZKS protocol is non-malleable On the way to… 

Universally composable zero-knowledge sets

The negative result shows that the random oracle has both compression and extraction, which is a pair of paradoxical properties, to the first time this kind of property has been considered.

Zero-Knowledge Sets With Short Proofs

The notion of trapdoor q -mercurial commitments (\ssr qTMCs), a notion of mercurial commitment that allows the sender to commit to an ordered sequence of exactly q messages, rather than to a single one is introduced.

A New Efficient Construction for Non-Malleable Zero-Knowledge Sets

This paper defines the independence property for ZKS in a more flexible way than the definition of Gennaro's and proves that for Z KS, the authors' independence implies non-malleability and vice versa.

Statistically Hiding Sets

A new primitive called Statistically Hiding Sets (SHS), similar to zero-knowledge sets, but providing an information theoretic hiding guarantee, rather than one based on efficient simulation, is presented, and a new knowledge-of-exponent assumption is proved in the generic group model.

Concise Mercurial Vector Commitments and Independent Zero-Knowledge Sets with Short Proofs

This paper describes a new qTMC scheme where hard and short position-wise openings, both, have constant size and shows how this scheme is amenable to constructing independent zero-knowledge sets (i.e., ZKS’s that prevent adversaries from correlating their set to the sets of honest provers, as defined by Gennaro and Micali).

A New Construction of Zero-Knowledge Sets Secure in Random Oracle Model

  • Rui XueNinghui LiJiangtao Li
  • Computer Science, Mathematics
    The First International Symposium on Data, Privacy, and E-Commerce (ISDPE 2007)
  • 2007
This paper proposes a new algebraic scheme that is completely different from all existing schemes and employs neither mercurial commitments nor tree frame as all previous schemes did.

Secure Database Commitments and Universal Arguments of Quasi Knowledge

This work focuses on a simple database commitment functionality where besides the standard security properties, one would like to hide the size of the input of the sender, and achieves the first result where input-size hiding secure computation is achieved for an interesting functionality.

Concise ID-based mercurial functional commitments and applications to zero-knowledge sets

The first ID-based mercurial functional commitment is presented, which provides more efficient ZKS than Chen et al.

Mercurial Commitments with Applications to Zero-Knowledge Sets

It is demonstrated that a particular instantiation of mercurial commitments has been implicitly used by Micali, Rabin and Kilian to construct zero-knowledge sets.

Polynomial Commitments

The polynomial commitment schemes are useful tools to reduce the communication cost in cryptographic protocols and apply to four problems in cryptography: verifiable secret sharing, zero-knowledge sets, credentials and content extraction signatures.



Non-interactive and reusable non-malleable commitment schemes

It is shown how to construct non-interactive NM commitments that remain non-malleable even if the adversary has access to an arbitrary number of commitments from honest players - rather than one, as in several previous schemes.

Universally Composable Commitments

We propose a new security measure for commitment protocols, called Universally Composable (UC) Commitment. The measure guarantees that commitment protocols behave like an "ideal commitment service,"

Zero-knowledge sets

  • S. MicaliM. RabinJ. Kilian
  • Computer Science, Mathematics
    44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings.
  • 2003
We show how a polynomial-time prover can commit to an arbitrary finite set S of strings so that, later on, he can, for any string x, reveal with a proof whether x /spl isin/ S or x /spl notin/ S,

Multi-trapdoor Commitments and Their Applications to Proofs of Knowledge Secure Under Concurrent Man-in-the-Middle Attacks

The notion of multi-trapdoor commitments is introduced which is a stronger form of trapdoor commitment schemes and the construction of a compiler is constructed that takes any proof of knowledge and transforms it into one which is secure against a concurrent man-in-the-middle attack.

Magic functions

It is shown that three apparently unrelated problems are in fact very closely related, and the Fiat-Shamir Methodology is cryptographic, and addresses a methodology suggested by Fiat and Shamir to construct a (non-interactive) signature scheme from any 3-round (not necessarily zero-knowledge) public-coin identification scheme.

Efficient and Non-interactive Non-malleable Commitment

New constructions of non-malleable commitment schemes, in the public parameter model, based on the discrete logarithm or RSA assumptions, achieve near-optimal communication for arbitrarily-large messages and are noninteractive.

A discrete logarithm implementation of perfect zero-knowledge blobs

The notion of a product blob is introduced, whose favorable properties depend only on at least one of these assumptions holding, and which has the advantage that it leads to proof systems which are perfect zeroknowledge, rather than only almost perfect zero-knowledge.

On Simulation-Sound Trapdoor Commitments

A new, simpler definition for an SSTC scheme is presented that admits more efficient constructions and can be used in a larger set of applications, and how to construct S STC schemes from any one-way functions and based on specific number-theoretic assumptions is shown.

New Generation of Secure and Practical RSA-Based Signatures

Under an appropriate assumption about RSA, the scheme is proven to be not existentially forgeable under adaptively chosen message attacks and presented a digital signature that offers both proven security and practical value.

Nonmalleable Cryptography

The cryptosystem is the first proven to be secure against a strong type of chosen ciphertext attack proposed by Rackoff and Simon, in which the attacker knows the ciphertext she wishes to break and can query the decryption oracle on any ciphertext other than the target.