Lecture 8 : Zero Knowledge – Non - Black - Box
نویسنده
چکیده
We begin by defining witness indistinguishability, or WI for short. A witness indistinguishable proof or argument system requires that the verifier does not learn anything about x after seeing a proof of x ∈ L; however, WI is a weaker property than zero knowledge. If the prover has both y and y′ as witnesses for x ∈ L, then under a WI system, the verifier cannot know whether y or y′ was used to prove x ∈ L. Formally, we have the following definition.
منابع مشابه
Lecture 17 : Zero Knowledge for NP Instructor : Rafael Pass Scribe : Eleanor Birrell 1 Definitions of Zero Knowledge
Perfect zero knowledge is exactly the same except that it requires the two distributions to be identical rather than simply indistinguishable. An alternative definition is to replace V IEWV ∗ with OUTPUTV ∗ . The two definitions are equivalent, since the output is included in the view and since V ∗ could simply output its view. There is also a stronger notion of zero knowledge known as black-bo...
متن کاملOn the Composition of Zero-Knowledge Proof Systems
The wide applicability of zero-knowledge interactive proofs comes from the possibility of using these proofs as subroutines in cryptographic protocols. A basic question concerning this use is whether the (sequential and/or parallel) composition of zero-knowledge protocols is zero-knowledge too. We demonstrate the limitations of the composition of zeroknowledge protocols by proving that the orig...
متن کاملBlack-Box Concurrent Zero-Knowledge Requires (Almost) Logarithmically Many Rounds
We show that any concurrent zero-knowledge protocol for a non-trivial language (i.e., for a language outside BPP), whose security is proven via black-box simulation, must use at least ~ (log n) rounds of interaction. This result achieves a substantial improvement over previous lower bounds, and is the rst bound to rule out the possibility of constant-round concurrent zero-knowledge when proven ...
متن کاملImpossibility and Feasibility Results for Zero Knowledge with Public Keys
In this paper, we continue the study the round complexity of black-box zero knowledge in the bare public-key (BPK, for short) model previously started by Micali and Reyzin in [11]. Specifically we show the impossibility of 3-round concurrent (and thus resettable) black-box zeroknowledge argument systems with sequential soundness for non-trivial languages. In light of the previous state-of-the-a...
متن کاملLectures 3-4 - Non-Malleable Protocols
We consider the execution of two-party protocols in the presence of an adversary that has full control of the communication channel between the parties. The adversary has the power to omit, insert or modify messages at its choice. It has also full control over the scheduling of the messages. The honest parties are not necessarily aware to the existence of the adversary, and are not allowed to u...
متن کامل