Yi Deng

Resettable cryptography in constant rounds --- the case of zero knowledge

A fundamental question in cryptography deals with understanding the role that randomness plays in cryptographic protocols and to what extent it is necessary. One particular line of works was initiated by Canetti, Goldreich, Goldwasser, and Micali (STOC 2000) who introduced the notion of resettable zero-knowledge, where the protocol must be zero-knowledge even if a cheating verifier can reset the prover and have several interactions in which the prover uses the same random tape. Soon afterwards, Barak, Goldreich, Goldwasser, and Lindell (FOCS 2001) studied the setting where the verifier uses a fixed random tape in multiple interactions. Subsequent to these works, a number of papers studied the notion of resettable protocols in the setting where only one of the participating parties uses a fixed random tape multiple times. The notion of resettable security has been studied in two main models: the plain model and the bare public key model (also introduced in the above paper by Canetti et. al.). In a recent work, Deng, Goyal and Sahai (FOCS 2009) gave the first construction of a simultaneous resettable zero-knowledge protocol where both participants of the protocol can reuse a fixed random tape in any (polynomial) number of executions. Their construction however required O(ne) rounds of interaction between the prover and the verifier. Both in the plain as well as the BPK model, this construction remain the only known simultaneous resettable zero-knowledge protocols. In this work, we study the question of round complexity of simultaneous resettable zero-knowledge in the BPK model. We present a constant round protocol in such a setting based on standard cryptographic assumptions. Our techniques are significantly different from the ones used by Deng, Goyal and Sahai.

Resettable Zero Knowledge with Concurrent Soundness in the Bare Public-Key Model under Standard Assumption

In this paper we present the firstconstant round resettable zero knowledge arguments with concurrent soundness for

Concurrently Non-malleable Black-Box Zero Knowledge in the Bare Public-Key Model

\mathcal{NP}

Magic Adversaries Versus Individual Reduction: Science Wins Either Way

in the bare public-key (BPK for short) model assuming only collision-resistant hash functions against polynomial-timeadversaries. This resolves the problem whether there exist such protocols for

On the Security of Classic Protocols for Unique Witness Relations

\mathcal{NP}

From Attack on Feige-Shamir to Construction of Oblivious Transfer

in BPK model without assuming sub-exponential hardness. In our protocol, the resettable zero knowledge is demonstrated via a black-box simulator, while the concurrent soundness is proved by using the malicious prover strategy in non-black-boxmanner.

Resolving the Simultaneous Resettability Conjecture and a New Non-Black-Box Simulation Strategy

In this paper we study the possibility of reducing the setup assumptions under which concurrent non-malleable zero knowledge protocol can be realized. A natural model choice is the bare public-key (BPK) model of [6], a model with very minimal setup assumptions. Our main contribution is to show in this model the following about constant-round concurrent non-malleable black-box zero-knowledge arguments. They can be constructed from any one-way function for any language in

Non-Malleable Functions and Their Applications

\mathcal{NP}

Concurrently Non-Malleable Zero Knowledge in the Authenticated Public-Key Model

. Here, our construction takes 5 rounds, and we can reduce it to a 4-round (round-optimal) argument under existence of one-way permutations. Under number-theoretic assumptions, they admit a time-efficient instantiation for some specific

KDM Security for Identity-Based Encryption: Constructions and Separations.

\mathcal{NP}