Jain Scribe : Arka Rai Choudhuri 1 Non - Interactive Zero Knowledge
نویسنده
چکیده
So far we have discussed the case of interactive zero-knowledge proofs. But what if Alice has the resource to send only a single message to Bob? This proof will now become “non-interactive”. But 1-message zero-knowledge is only possible for languages in BPP. This is because any simulator that can simulate the “single” message can use this as a witness for x. But this is pretty useless, at the very least we want to be able to prove statements for languages in NP. Fortunately, our savior is a “random string in the sky”. This means that both Alice and Bob have access to a common random string that was honestly generated by someone they both trust. This string is something beyond the influence of either participant. While this is a departure from the model we have been considering, how can we hope to prove statements non-interactively using the common random string? Let us start by formally defining non-interactive proofs,
منابع مشابه
Lecture 10 : Zero Knowledge Proofs ( II )
Definition 1 (Zero-knowledge) An interactive proof (P,V) for a language L with witness relation R is said to be zero-knowledge if for every non-uniform PPT adversary V∗, there exists a PPT simulator S such that for every non-uniform PPT distinguisher D, there exists a negligible function ν(·) such that for every x ∈ L,w ∈ R(x), z ∈ {0, 1}∗, D distinguishes between the following distributions wi...
متن کاملA New Approach to Round-Optimal Secure Multiparty Computation
We present a new approach towards constructing round-optimal secure multiparty computation (MPC) protocols against malicious adversaries without trusted setup assumptions. Our approach builds on ideas previously developed in the context of covert multiparty computation [Chandran et al., FOCS’07] even though we do not seek covert security. Using our new approach, we obtain the following results:...
متن کاملAn Incentivized Approach for Fair Participation in Wireless Ad hoc Networks
In Wireless Ad hoc networks (WANETs), nodes separated by considerable distance communicate with each other by relaying their messages through other nodes. However, it might not be in the best interests of a node to forward the message of another node due to power constraints. In addition, all nodes being rational, some nodes may be selfish, i.e. they might not relay data from other nodes so as ...
متن کاملDifferential Cryptanalysis of Salsa and ChaCha - An Evaluation with a Hybrid Model
While Salsa and ChaCha are well known software oriented stream ciphers, since the work of Aumasson et al in FSE 2008 there aren’t many significant results against them. The basic model of their attack was to introduce differences in the IV bits, obtain biases after a few forward rounds, as well as to look at the Probabilistic Neutral Bits (PNBs) while reverting back. In this paper we first cons...
متن کاملCryptographic Protocols Notes for Lecture 3 Scribe : Sandro
About the notes: These notes serve as written reference for the topics not covered by the papers that are handed out during the lecture. The material contained therein is thus a strict subset of what is relevant for the final exam. This week, the notes discuss the definition of (perfect) zero-knowledge and a proof that the three-move protocols we have encountered so far (graph isomorphism, Fiat...
متن کامل