The knowledge complexity of interactive proof-systems
STOC '85 Proceedings of the seventeenth annual ACM symposium on Theory of computing
Minimum disclosure proofs of knowledge
Journal of Computer and System Sciences - 27th IEEE Conference on Foundations of Computer Science October 27-29, 1986
The knowledge complexity of interactive proof systems
SIAM Journal on Computing
Universal one-way hash functions and their cryptographic applications
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Witness indistinguishable and witness hiding protocols
STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
On the existence of statistically hiding bit commitment schemes and fail-stop signatures
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
On the Composition of Zero-Knowledge Proof Systems
SIAM Journal on Computing
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
Resettable zero-knowledge (extended abstract)
STOC '00 Proceedings of the thirty-second annual ACM symposium on Theory of computing
Concurrent and resettable zero-knowledge in poly-loalgorithm rounds
STOC '01 Proceedings of the thirty-third annual ACM symposium on Theory of computing
Black-box concurrent zero-knowledge requires \tilde {Ω} (logn) rounds
STOC '01 Proceedings of the thirty-third annual ACM symposium on Theory of computing
On Concurrent Zero-Knowledge with Pre-processing
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
A Note on the Round-Complexity of Concurrent Zero-Knowledge
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
Concurrent Zero-Knowledge: Reducing the Need for Timing Constraints
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Lower Bounds for Zero Knowledge on the Internet
FOCS '98 Proceedings of the 39th Annual Symposium on Foundations of Computer Science
FOCS '00 Proceedings of the 41st Annual Symposium on Foundations of Computer Science
How to Go Beyond the Black-Box Simulation Barrier
FOCS '01 Proceedings of the 42nd IEEE symposium on Foundations of Computer Science
On the cunning power of cheating verifiers: Some observations about zero knowledge proofs
SFCS '87 Proceedings of the 28th Annual Symposium on Foundations of Computer Science
On the concurrent composition of zero-knowledge proofs
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Efficient concurrent zero-knowledge in the auxiliary string model
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Eye for an eye: efficient concurrent zero-knowledge in the timing model
TCC'10 Proceedings of the 7th international conference on Theory of Cryptography
Hi-index | 0.00 |
The number of communication rounds is a classic complexity measure for protocols; reducing round complexity is a major goal in protocol design. However, when the communication time is inconstant, and in particular, when one of the parties intentionally delays its messages, the round complexity measure may become meaningless. For example, if one of the rounds takes longer than the rest of the protocol, then it does not matter if the round complexity is bounded by a constant or by a polynomial. In this paper, we propose a complexity measure called responsive round complexity. Loosely speaking, a protocol has responsive round complexity m with respect to Party A, if it makes the following guarantee. If A's longest delay in responding to a message in a run of the protocol is t, then, in that run, the overall communication time is at most mċ t. The logic behind this definition is that if a party responds quickly to a message, whether it has a good connection or it just chooses not to delay its messages, then this party deserves to get an overall quicker running time. Responsive round complexity is particularly interesting in a setting where a party may gain something by delaying its messages. In this case, the delaying party does not deserve the same response time as another party that behaves nicely. We demonstrate the significance of responsive round complexity by presenting a new protocol for concurrent zero-knowledge. The new protocol is a black-box concurrent zero knowledge proof for all languages in NP with round complexity Õ(log2 n) but responsive round complexity Õ(log n). While the round complexity of the new protocol is similar to what is known from previous works, its responsive round complexity is a significant improvement: all known concurrent zero-knowledge protocols require Õ(log2 n) rounds. Furthermore, in light of the known lower bounds, the responsive round complexity of this protocol is basically optimal.