A Characterization of Non-interactive Instance-Dependent Commitment-Schemes (NIC)
نویسندگان
چکیده
We provide a new characterization of certain zero-knowledge protocols as non-interactive instance-dependent commitment-schemes (NIC). To obtain this result we consider the notion of V-bit protocols, which are very common, and found many applications in zero-knowledge. Our characterization result states that a protocol has a V-bit zero-knowledge protocol if and only if it has a NIC. The NIC inherits its hiding property from the zero-knowledge property of the protocol, and vice versa. Our characterization result yields a framework that strengthens and simplifies many zero-knowledge protocols in various settings. For example, applying this framework to the result of Micciancio et al. [19] (who showed that some problems, including GRAPH-NONISOMORPHISM and QUADRATIC-RESIDUOUSITY, unconditionally have a concurrent zero-knowledge proof) we easily get that arbitrary, monotone boolean formulae over a large class of problems (which contains, e.g., the complement of any random self-reducible problem) unconditionally have a concurrent zero-knowledge proof.
منابع مشابه
A framework for non-interactive instance-dependent commitment schemes (NIC)
Zero-knowledge protocols are often studied through specific problems, like GRAPH-ISOMORPHISM. In many cases this approach prevents an important level of abstraction and leads to limited results, whereas in fact the constructions apply to a wide variety of problems. We propose to address this issue with a formal framework of non-interactive instance-dependent commitment schemes (NIC). We define ...
متن کاملInstance-Dependent Commitment Schemes and the Round Complexity of Perfect Zero-Knowledge Proofs
We study the question whether the number of rounds in public-coin perfect zero-knowledge (PZK) proofs can be collapsed to a constant. Despite extensive research into the round complexity of interactive and zero-knowledge protocols, there is no indication how to address this question. Furthermore, the main tool to tackle this question is instance-dependent commitments, but currently such schemes...
متن کاملEecient and Non-interactive Non-malleable Commitment
We present new constructions of non-malleable commitment schemes, in the public parameter model (where a trusted party makes parameters available to all parties), based on the discrete logarithm or RSA assumptions. The main features of our schemes are: they achieve near-optimal communication for arbitrarily-large messages and are non-interactive. Previous schemes either required (several rounds...
متن کاملAn Equivalence Between Zero Knowledge and Commitments
We show that a language in NP has a zero-knowledge protocol if and only if the language has an “instance-dependent” commitment scheme. An instance-dependent commitment schemes for a given language is a commitment scheme that can depend on an instance of the language, and where the hiding and binding properties are required to hold only on the YES and NO instances of the language, respectively. ...
متن کاملNon-interactive Distributed-Verifier Proofs and Proving Relations among Commitments
A commitment multiplication proof, CMP for short, allows a player who is committed to secrets s, s and s = s ·s, to prove, without revealing s, s or s, that indeed s = ss. CMP is an important building block for secure general multi-party computation as well as threshold cryptography. In the standard cryptographic model, a CMP is typically done interactively using zero-knowledge protocols. In th...
متن کامل