Minimum disclosure proofs of knowledge
Journal of Computer and System Sciences - 27th IEEE Conference on Foundations of Computer Science October 27-29, 1986
The knowledge complexity of interactive proof systems
SIAM Journal on Computing
Witness indistinguishable and witness hiding protocols
STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
Journal of the ACM (JACM)
On the Composition of Zero-Knowledge Proof Systems
SIAM Journal on Computing
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
Foundations of Cryptography: Basic Tools
Foundations of Cryptography: Basic Tools
Black-Box Concurrent Zero-Knowledge Requires (Almost) Logarithmically Many Rounds
SIAM Journal on Computing
Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
General Composition and Universal Composability in Secure Multi-Party Computation
FOCS '03 Proceedings of the 44th Annual IEEE Symposium on Foundations of Computer Science
Simulation in quasi-polynomial time, and its application to protocol composition
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Hi-index | 0.00 |
In [16], Pass generalized the definition of zero knowledge proof and defined n O (*** (n ))-simulatable proof which can be simulated by a simulator in n O (*** (n )) time. Assuming the existence of one-way permutation secure against sub-exponential circuits and 2-round perfect hiding commitment scheme, an efficient 4-round perfect n poly (logn )-simulatable argument of knowledge was presented there. In this paper, we construct an efficient concurrent n poly (logn )-simulatable argument of knowledge under more general assumption. The new scheme is 5-round and is based on the existence of one-way permutation secure against sub-exponential circuits. However, for the scheme in [16], if using ordinary Σ -protocol for the corresponding statement as sub-protocol, instead of Σ -protocol with honest verifier perfect zero knowledge, the resulting protocol is not necessarily closed under concurrent composition.