Improved Setup Assumptions for 3-Round Resettable Zero Knowledge

In the bare public-key model, introduced by Canetti et al. [STOC 2000], it is only assumed that each verifier deposits during a setup phase a public key in a file accessible by all users at all times. As pointed out by Micali and Reyzin [Crypto 2001], the notion of soundness in this model is more subtle and complex than in the classical model. Indeed Micali and Reyzin have introduced four different notions which are called (from weaker to stronger): one-time, sequential, concurrent and resettable soundness. In this paper we introduce the counter public-key model (the cPK model for short), an augmentation of the bare public-key model in which each verifier is equipped with a counter and, like in the original bare public-key model, the key of the verifier can be used for any polynomial number of interactions with provers. In the cPK model, we give a three-round concurrently-sound resettable zero-knowledge argument of membership for NP. Previously similar results were obtained by Micali and Reyzin [EuroCrypt 2001] and then improved by Zhao et al. [EuroCrypt 2003] in models in which, roughly speaking, each verifier is still equipped with a counter, but the key of the verifier could only be used for a fixed number of interactions.