Limits of provable security from standard assumptions
Proceedings of the forty-third annual ACM symposium on Theory of computing
Resettable cryptography in constant rounds --- the case of zero knowledge
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Counterexamples to hardness amplification beyond negligible
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
Resettable statistical zero knowledge
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
Simultaneously resettable arguments of knowledge
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
Nearly simultaneously resettable black-box zero knowledge
ICALP'12 Proceedings of the 39th international colloquium conference on Automata, Languages, and Programming - Volume Part I
Public-Coin concurrent zero-knowledge in the global hash model
TCC'13 Proceedings of the 10th theory of cryptography conference on Theory of Cryptography
On the (in)security of fischlin’s paradigm
TCC'13 Proceedings of the 10th theory of cryptography conference on Theory of Cryptography
Implementing resettable UC-Functionalities with untrusted tamper-proof hardware-tokens
TCC'13 Proceedings of the 10th theory of cryptography conference on Theory of Cryptography
Non-black-box simulation in the fully concurrent setting
Proceedings of the forty-fifth annual ACM symposium on Theory of computing
Non-black-box simulation from one-way functions and applications to resettable security
Proceedings of the forty-fifth annual ACM symposium on Theory of computing
On the impossibility of approximate obfuscation and applications to resettable cryptography
Proceedings of the forty-fifth annual ACM symposium on Theory of computing
Hi-index | 0.00 |
Canetti, Goldreich, Goldwasser, and Micali (STOC 2000) introduced the notion of resettable zero-knowledge proofs, where the protocol must be zero-knowledge even if a cheating verifier can reset the prover and have several interactions in which the prover uses the same random tape. Soon afterwards, Barak, Goldreich, Goldwasser, and Lindell (FOCS 2001) studied the closely related notion of resettable soundness, where the soundness condition of the protocol must hold even if the cheating prover can reset the verifier to have multiple interactions with the same verifier's random tape. The main problem left open by this work was whether it is possible to have a single protocol that is simultaneously resettable zero knowledge and resettably sound. We resolve this question by constructing such a protocol. At the heart of our construction is a new non-black-box simulation strategy, which we believe to be of independent interest. This new strategy allows for simulators which "marry'' recursive rewinding techniques (common in the context of concurrent simulation) with non-black-box simulation. Previous non-black-box strategies led to exponential blowups in computational complexity in such circumstances, which our new strategy is able to avoid.