Lectures 3-4 - Non-Malleable Protocols
نویسنده
چکیده
We consider the execution of two-party protocols in the presence of an adversary that has full control of the communication channel between the parties. The adversary has the power to omit, insert or modify messages at its choice. It has also full control over the scheduling of the messages. The honest parties are not necessarily aware to the existence of the adversary, and are not allowed to use any kind of trusted set-up (such as a common reference string). The above kind of attack is often referred to as a man-in-the-middle attack. It models a natural scenario whose investigation is well motivated. Protocols that retain their security properties in face of a man-in-the-middle are said to be non-malleable. The rigorous treatment of two-party protocols in the man-in-the-middle setting has been initiated in the seminal paper by Dolev, Dwork and Naor [4]. The paper contains definitions of security for the tasks of non-malleable commitment and non-malleable zero-knowledge. It also presents protocols that meet these definitions. The protocols rely on the existence of one-way functions, and require O(log n) rounds of interaction, where n ∈ N is a security parameter. A more recent result by Barak presents constant-round protocols for non-malleable commitment and non-malleable zero-knowledge [2]. This is achieved by constructing a coin-tossing protocol that is secure against a man in the middle, and then using the outcome of this protocol to instantiate known constructions for non-malleable commitment and zero-knowledge in the common reference string model. The proof of security makes use of non black-box techniques and is highly complex. It relies on the existence of trapdoor permutations and hash functions that are collision-resistant against sub-exponential sized circuits. In this lecture we present a construction of new constant-round protocols for non-malleable commitment and non-malleable zero-knowledge by Pass and Rosen [7]. Similarly to the above works, we will refrain from relying on any kind of set-up assumption.
منابع مشابه
4-Round Concurrent Non-Malleable Commitments
The round complexity of non-malleable commitments and non-malleable zero knowledge arguments has been an open question for long time. Very recent results of Pass [TCC 2013] and of Goyal et al. [FOCS 2014, STOC 2016], gave almost definitive answers. In this work we show how to construct round-efficient non-malleable protocols via compilers. Starting from protocols enjoying limited non-malleabili...
متن کاملNon-malleable Condensers for Arbitrary Min-entropy, and Almost Optimal Protocols for Privacy Amplification
Recently, the problem of privacy amplification with an active adversary has received a lot of attention. Given a shared n-bit weak random source X with min-entropy k and a security parameter s, the main goal is to construct an explicit 2-round privacy amplification protocol that achieves entropy loss O(s). Dodis and Wichs [DW09] showed that optimal protocols can be achieved by constructing expl...
متن کاملEfficient and Non-malleable Proofs of Plaintext Knowledge and Applications
We describe very efficient protocols for non-malleable (interactive) proofs of plaintext knowledge for the RSA, Rabin, Paillier, and El-Gamal encryption schemes whose security can be proven in the standard model. We also highlight some important applications of these protocols, where we take care to ensure that our protocols remain secure when run in an asynchronous, concurrent environment: • C...
متن کاملThe Exact Round Complexity of Secure Computation
We revisit the exact round complexity of secure computation in the multi-party and twoparty settings. For the special case of two-parties without a simultaneous message exchange channel, this question has been extensively studied and resolved. In particular, Katz and Ostrovsky (CRYPTO ’04) proved that five rounds are necessary and sufficient for securely realizing every two-party functionality ...
متن کاملDelayed-Input Non-Malleable Zero Knowledge and Multi-Party Coin Tossing in Four Rounds
In this work we start from the following two results in the state-of-the art: 1. 4-round non-malleable zero knowledge (NMZK): Goyal et al. in FOCS 2014 showed the first 4-round one-one NMZK argument from one-way functions (OWFs). Their construction requires the prover to know the instance and the witness already at the 2nd round. 2. 4-round multi-party coin tossing (MPCT): Garg et al. in Eurocr...
متن کامل