One-way accumulators: a decentralized alternative to digital signatures
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Signature schemes based on the strong RSA assumption
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Separability and Efficiency for Generic Group Signature Schemes
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
On the Existence of 3-Round Zero-Knowledge Protocols
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
An Efficient Dynamic and Distributed Cryptographic Accumulator
ISC '02 Proceedings of the 5th International Conference on Information Security
A Practical and Provably Secure Coalition-Resistant Group Signature Scheme
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
FOCS '03 Proceedings of the 44th Annual IEEE Symposium on Foundations of Computer Science
A New Construction of Zero-Knowledge Sets Secure in Random Oracle Model
ISDPE '07 Proceedings of the The First International Symposium on Data, Privacy, and E-Commerce
Universal Accumulators with Efficient Nonmembership Proofs
ACNS '07 Proceedings of the 5th international conference on Applied Cryptography and Network Security
Collision-free accumulators and fail-stop signature schemes without trees
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Secure hash-and-sign signatures without the random oracle
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Zero-knowledge sets with short proofs
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Independent zero-knowledge sets
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
Updatable zero-knowledge databases
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Hidden pairings and trapdoor DDH groups
ANTS'06 Proceedings of the 7th international conference on Algorithmic Number Theory
Mercurial commitments with applications to zero-knowledge sets
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Pairings on elliptic curves over finite commutative rings
IMA'05 Proceedings of the 10th international conference on Cryptography and Coding
Mercurial commitments: minimal assumptions and efficient constructions
TCC'06 Proceedings of the Third conference on Theory of Cryptography
Proceedings of the 3rd Innovations in Theoretical Computer Science Conference
Concise mercurial vector commitments and independent zero-knowledge sets with short proofs
TCC'10 Proceedings of the 7th international conference on Theory of Cryptography
| Hi-index | 0.00 |
Zero-knowledge set is a primitive introduced by Micali, Rabin, and Kilian (FOCS 2003) which enables a prover to commit a set to a verifier, without revealing even the size of the set. Later the prover can give zero-knowledge proofs to convince the verifier of membership/non-membership of elements in/not in the committed set. We present a new primitive called Statistically Hiding Sets (SHS), similar to zero-knowledge sets, but providing an information theoretic hiding guarantee, rather than one based on efficient simulation. Then we present a new scheme for statistically hiding sets, which does not fit into the "Merkle-tree/mercurial-commitment" paradigm that has been used for all zero-knowledge set constructions so far. This not only provides efficiency gains compared to the best schemes in that paradigm, but also lets us provide statistical hiding; previous approaches required the prover to maintain growing amounts of state with each new proof for such a statistical security. Our construction is based on an algebraic tool called trapdoor DDH groups (TDG), introduced recently by Dent and Galbraith (ANTS 2006). However the specific hardness assumptions we associate with TDG are different, and of a strong nature -- strong RSA and a knowledge-of-exponent assumption. Our new knowledge-of-exponent assumption may be of independent interest. We prove this assumption in the generic group model.