How to prove yourself: practical solutions to identification and signature problems
Proceedings on Advances in cryptology---CRYPTO '86
The knowledge complexity of interactive proof systems
SIAM Journal on Computing
Witness indistinguishable and witness hiding protocols
STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
On the Composition of Zero-Knowledge Proof Systems
SIAM Journal on Computing
Multiple NonInteractive Zero Knowledge Proofs Under General Assumptions
SIAM Journal on Computing
Foundations of Cryptography: Basic Tools
Foundations of Cryptography: Basic Tools
On the (Im)possibility of Obfuscating Programs
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Separating Random Oracle Proofs from Complexity Theoretic Proofs: The Non-committing Encryption Case
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Universally Composable Security: A New Paradigm for Cryptographic Protocols
FOCS '01 Proceedings of the 42nd IEEE symposium on Foundations of Computer Science
On the (In)security of the Fiat-Shamir Paradigm
FOCS '03 Proceedings of the 44th Annual IEEE Symposium on Foundations of Computer Science
The random oracle methodology, revisited
Journal of the ACM (JACM)
On obfuscating point functions
Proceedings of the thirty-seventh annual ACM symposium on Theory of computing
On the Impossibility of Obfuscation with Auxiliary Input
FOCS '05 Proceedings of the 46th Annual IEEE Symposium on Foundations of Computer Science
Obfuscated databases and group privacy
Proceedings of the 12th ACM conference on Computer and communications security
Random oracles and auxiliary input
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Communication-efficient non-interactive proofs of knowledge with online extractors
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
ZQL: a compiler for privacy-preserving data processing
SEC'13 Proceedings of the 22nd USENIX conference on Security
Hi-index | 0.00 |
We revisit previous formulations of zero knowledge in the random oracle model due to Bellare and Rogaway (CCS '93) and Pass (Crypto '03), and present a hierarchy for zero knowledge that includes both of these formulations. The hierarchy relates to the programmability of the random oracle, previously studied by Nielsen (Crypto '02). We establish a subtle separation between the Bellare-Rogaway formulation and a weaker formulation, which yields a finer distinction than the separation in Nielsen's work. We show that zero-knowledge according to each of these formulations is not preserved under sequential composition. We introduce stronger definitions wherein the adversary may receive auxiliary input that depends on the random oracle (as in Unruh (Crypto '07)) and establish closure under sequential composition for these definitions. We also present round-optimal protocols for NP satisfying the stronger requirements. Motivated by our study of zero knowledge, we introduce a new definition of proof of knowledge in the random oracle model that accounts for oracle-dependent auxiliary input. We show that two rounds of interaction are necessary and sufficient to achieve zero-knowledge proofs of knowledge according to this new definition, whereas one round of interaction is sufficient in previous definitions. Extending our work on zero knowledge, we present a hierarchy for circuit obfuscation in the random oracle model, the weakest being that achieved in the work of Lynn, Prabhakaran and Sahai (Eurocrypt '04). We show that the stronger notions capture precisely the class of circuits that is efficiently and exactly learnable under membership queries.