On Deniability in the Common Reference String and Random Oracle Model

نویسنده

  • Rafael Pass
چکیده

We revisit the definitions of zero-knowledge in the Common Reference String (CRS) model and the Random Oracle (RO) model. We argue that even though these definitions syntactically mimic the standard zero-knowledge definition, they loose some of its spirit. In particular, we show that there exist a specific natural security property that is not captured by these definitions. This is the property of deniability. We formally define the notion of deniable zero-knowledge in these models and investigate the possibility of achieving it. Our results are different for the two models: – Concerning the CRS model, we rule out the possibility of achieving deniable zero-knowledge protocols in “natural” settings where such protocols cannot already be achieved in plain model. – In the RO model, on the other hand, we construct an efficient 2round deniable zero-knowledge argument of knowledge, that preserves both the zero-knowledge property and the proof of knowledge property under concurrent executions (concurrent zero-knowledge and concurrent proof-of knowledge).

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

A Note on Universal Composable Zero Knowledge in Common Reference String Model

Pass observed that universal composable zero-knowledge (UCZK) protocols in the common reference string (CRS) model, where a common reference string is selected trustily by a trusted third party and is known to all players, lose deniability that is a natural property of any ZK protocol in the plain model [33]. An open problem (or, natural query) raised in the literature is: are there any other e...

متن کامل

An Efficient Transform from Sigma Protocols to NIZK with a CRS and Non-programmable Random Oracle

In this short paper, we present a Fiat-Shamir type transform that takes any Sigma protocol for a relation R and outputs a non-interactive zero-knowledge proof (not of knowledge) for the associated language LR, in the common reference string model. As in the Fiat-Shamir transform, we use a hash function H. However, zero-knowledge is achieved under standard assumptions in the common reference str...

متن کامل

(Password) Authenticated Key Establishment: From 2-Party to Group

A protocol compiler is described, that transforms any provably secure authenticated 2-party key establishment into a provably secure authenticated group key establishment with 2 more rounds of communication. The compiler introduces neither idealizing assumptions nor high-entropy secrets, e. g., for signing. In particular, applying the compiler to a password-authenticated 2-party key establishme...

متن کامل

Provably secure and efficient identity-based key agreement protocol for independent PKGs using ECC

Key agreement protocols are essential for secure communications in open and distributed environments. Recently, identity-based key agreement protocols have been increasingly researched because of the simplicity of public key management. The basic idea behind an identity-based cryptosystem is that a public key is the identity (an arbitrary string) of a user, and the corresponding private key is ...

متن کامل

Universally Composable Commitments Using Random Oracles

In the setting of universal composability [Can01], commitments cannot be implemented without additional assumptions such as that of a publicly available common reference string [CF01]. Here, as an alternative to the commitments in the common reference string model, the use of random oracles to achieve universal composability of commitment protocols is motivated. Special emphasis is put on the s...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2003