Independent Zero-Knowledge Sets

  title={Independent Zero-Knowledge Sets},
  author={Rosario Gennaro and Silvio Micali},
  booktitle={International Colloquium on Automata, Languages and Programming},
  • R. GennaroS. Micali
  • Published in
    International Colloquium on…
    10 July 2006
  • Computer Science, Mathematics
We define and construct Independent Zero-Knowledge Sets (ZKS) protocols. In a ZKS protocols, a Prover commits to a set S, and for any x, proves non-interactively to a Verifier if x ∈S or x ∉S without revealing any other information about S. In the independent ZKS protocols we introduce, the adversary is prevented from successfully correlate her set to the one of a honest prover. Our notion of independence in particular implies that the resulting ZKS protocol is non-malleable On the way to… 

Universally composable zero-knowledge sets

The negative result shows that the random oracle has both compression and extraction, which is a pair of paradoxical properties, to the first time this kind of property has been considered.

Zero-Knowledge Sets With Short Proofs

The notion of trapdoor q -mercurial commitments (\ssr qTMCs), a notion of mercurial commitment that allows the sender to commit to an ordered sequence of exactly q messages, rather than to a single one is introduced.

A New Efficient Construction for Non-Malleable Zero-Knowledge Sets

This paper defines the independence property for ZKS in a more flexible way than the definition of Gennaro's and proves that for Z KS, the authors' independence implies non-malleability and vice versa.

Statistically Hiding Sets

A new primitive called Statistically Hiding Sets (SHS), similar to zero-knowledge sets, but providing an information theoretic hiding guarantee, rather than one based on efficient simulation, is presented, and a new knowledge-of-exponent assumption is proved in the generic group model.

Concise Mercurial Vector Commitments and Independent Zero-Knowledge Sets with Short Proofs

This paper describes a new qTMC scheme where hard and short position-wise openings, both, have constant size and shows how this scheme is amenable to constructing independent zero-knowledge sets (i.e., ZKS’s that prevent adversaries from correlating their set to the sets of honest provers, as defined by Gennaro and Micali).

Secure Database Commitments and Universal Arguments of Quasi Knowledge

This work focuses on a simple database commitment functionality where besides the standard security properties, one would like to hide the size of the input of the sender, and achieves the first result where input-size hiding secure computation is achieved for an interesting functionality.

Algebraic Construction for Zero-Knowledge Sets

A new algebraic scheme that is completely different from all the existing ZKS schemes is proposed, which is computationally secure under the standard strong RSA assumption and commits the desired set without any trapdoor information.

Concise ID-based mercurial functional commitments and applications to zero-knowledge sets

The first ID-based mercurial functional commitment is presented which provides more efficient ZKS than Chen et al.

Mercurial Commitments with Applications to Zero-Knowledge Sets

It is demonstrated that a particular instantiation of mercurial commitments has been implicitly used by Micali, Rabin and Kilian to construct zero-knowledge sets.

Polynomial Commitments

The polynomial commitment schemes are useful tools to reduce the communication cost in cryptographic protocols and apply to four problems in cryptography: verifiable secret sharing, zero-knowledge sets, credentials and content extraction signatures.



Non-interactive and reusable non-malleable commitment schemes

It is shown how to construct non-interactive NM commitments that remain non-malleable even if the adversary has access to an arbitrary number of commitments from honest players - rather than one, as in several previous schemes.

Universally Composable Commitments

We propose a new security measure for commitment protocols, called Universally Composable (UC) Commitment. The measure guarantees that commitment protocols behave like an "ideal commitment service,"

Zero-knowledge sets

  • S. MicaliM. RabinJ. Kilian
  • Computer Science, Mathematics
    44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings.
  • 2003
We show how a polynomial-time prover can commit to an arbitrary finite set S of strings so that, later on, he can, for any string x, reveal with a proof whether x /spl isin/ S or x /spl notin/ S,

Mercurial Commitments: Minimal Assumptions and Efficient Constructions

This work provides simple constructions of TMCs from any trapdoor bit commitment scheme, and gives a stronger and yet much simpler definition of mercurial commitments than that of [8], which is met by constructions in the trusted parameters (TP) model.

Multi-trapdoor Commitments and Their Applications to Proofs of Knowledge Secure Under Concurrent Man-in-the-Middle Attacks

The notion of multi-trapdoor commitments is introduced which is a stronger form of trapdoor commitment schemes and the construction of a compiler is constructed that takes any proof of knowledge and transforms it into one which is secure against a concurrent man-in-the-middle attack.

Magic functions

It is shown that three apparently unrelated problems are in fact very closely related, and the Fiat-Shamir Methodology is cryptographic, and addresses a methodology suggested by Fiat and Shamir to construct a (non-interactive) signature scheme from any 3-round (not necessarily zero-knowledge) public-coin identification scheme.

Efficient and Non-interactive Non-malleable Commitment

New constructions of non-malleable commitment schemes, in the public parameter model, based on the discrete logarithm or RSA assumptions, achieve near-optimal communication for arbitrarily-large messages and are noninteractive.

A discrete logarithm implementation of perfect zero-knowledge blobs

The notion of a product blob is introduced, whose favorable properties depend only on at least one of these assumptions holding, and which has the advantage that it leads to proof systems which are perfect zeroknowledge, rather than only almost perfect zero-knowledge.

On Simulation-Sound Trapdoor Commitments

A new, simpler definition for an SSTC scheme is presented that admits more efficient constructions and can be used in a larger set of applications, and how to construct S STC schemes from any one-way functions and based on specific number-theoretic assumptions is shown.

New Generation of Secure and Practical RSA-Based Signatures

Under an appropriate assumption about RSA, the scheme is proven to be not existentially forgeable under adaptively chosen message attacks and presented a digital signature that offers both proven security and practical value.