A randomized protocol for signing contracts
Communications of the ACM
How to construct pseudorandom permutations from pseudorandom functions
SIAM Journal on Computing - Special issue on cryptography
Limits on the provable consequences of one-way permutations
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Perfect zero-knowledge in constant rounds
STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
Journal of the ACM (JACM)
Adaptive zero knowledge and computational equivocation (extended abstract)
STOC '96 Proceedings of the twenty-eighth annual ACM symposium on Theory of computing
Universally composable two-party and multi-party secure computation
STOC '02 Proceedings of the thiry-fourth annual ACM symposium on Theory of computing
Universally Composable Commitments
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Zero Knowledge Proofs of Knowledge in Two Rounds
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Adaptively Secure Oblivious Transfer
ASIACRYPT '98 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
Limits on the Efficiency of One-Way Permutation-Based Hash Functions
FOCS '99 Proceedings of the 40th Annual Symposium on Foundations of Computer Science
The relationship between public key encryption and oblivious transfer
FOCS '00 Proceedings of the 41st Annual Symposium on Foundations of Computer Science
On the Impossibility of Basing Trapdoor Functions on Trapdoor Predicates
FOCS '01 Proceedings of the 42nd IEEE symposium on Foundations of Computer Science
Foundations of Cryptography: Volume 2, Basic Applications
Foundations of Cryptography: Volume 2, Basic Applications
An Unconditional Study of Computational Zero Knowledge
FOCS '04 Proceedings of the 45th Annual IEEE Symposium on Foundations of Computer Science
One-way functions are essential for complexity based cryptography
SFCS '89 Proceedings of the 30th Annual Symposium on Foundations of Computer Science
The Random Oracle Model and the Ideal Cipher Model Are Equivalent
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Concurrent zero knowledge without complexity assumptions
TCC'06 Proceedings of the Third conference on Theory of Cryptography
Adaptively Secure Two-Party Computation with Erasures
CT-RSA '09 Proceedings of the The Cryptographers' Track at the RSA Conference 2009 on Topics in Cryptology
The equivalence of the random oracle model and the ideal cipher model, revisited
Proceedings of the forty-third annual ACM symposium on Theory of computing
Leakage-resilient zero knowledge
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Constant-round adaptive zero-knowledge proofs for NP
Information Sciences: an International Journal
Hi-index | 0.00 |
In the setting of secure computation, a set of parties wish to securely compute some function of their inputs, in the presence of an adversary. The adversary in question may be static (meaning that it controls a predetermined subset of the parties) or adaptive (meaning that it can choose to corrupt parties during the protocol execution and based on what it sees). In this paper, we study two fundamental questions relating to the basic zero-knowledge and oblivious transfer protocol problems: Adaptive zero-knowledge proofs: We ask whether it is possible to construct adaptive zero-knowledge proofs (with unconditional soundness). Beaver (STOC 1996) showed that known zero-knowledge proofs are not adaptively secure, and in addition showed how to construct zero-knowledge arguments (with computational soundness). Adaptively secure oblivious transfer: All known protocols for adaptively secure oblivious transfer rely on seemingly stronger hardness assumptions than for the case of static adversaries. We ask whether this is inherent, and in particular, whether it is possible to construct adaptively secure oblivious transfer from enhanced trapdoor permutations alone. We provide surprising answers to the above questions, showing that achieving adaptive security is sometimes harder than achieving static security, and sometimes not. First, we show that assuming the existence of one-way functions only, there exist adaptive zero-knowledge proofs for all languages in $\cal {NP}$. In order to prove this, we overcome the problem that all adaptive zero-knowledge protocols known until now used equivocal commitments (which would enable an all-powerful prover to cheat). Second, we prove a black-box separation between adaptively secure oblivious transfer and enhanced trapdoor permutations. As a corollary, we derive a black-box separation between adaptively and statically securely oblivious transfer. This is the first black-box separation to relate to adaptive security and thus the first evidence that it is indeed harder to achieve security in the presence of adaptive adversaries than in the presence of static adversaries.