Foundations of cryptography: a primer
Foundations and Trends® in Theoretical Computer Science
An Efficient Protocol for Secure Two-Party Computation in the Presence of Malicious Adversaries
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
Universally composable security with global setup
TCC'07 Proceedings of the 4th conference on Theory of cryptography
Obtaining universally compoable security: towards the bare bones of trust
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Efficient fully-simulatable oblivious transfer
CT-RSA'08 Proceedings of the 2008 The Cryptopgraphers' Track at the RSA conference on Topics in cryptology
Which languages have 4-round zero-knowledge proofs?
TCC'08 Proceedings of the 5th conference on Theory of cryptography
The round-complexity of black-box zero-knowledge: a combinatorial characterization
TCC'08 Proceedings of the 5th conference on Theory of cryptography
Studies in complexity and cryptography
Handling expected polynomial-time strategies in simulation-based security proofs
TCC'05 Proceedings of the Second international conference on Theory of Cryptography
A unified framework for UC from only OT
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Hi-index | 0.00 |
The notion of efficient computation is usually identified in cryptography and complexity with (strict) probabilistic polynomial-time. However, until recently, in order to obtain \emph{constant-round} zero-knowledge proofs and proofs of knowledge, one had to allow simulators and knowledge extractors to run in time that is only polynomial on the average (i.e., expected polynomial-time). Recently Barak gave the first constant-round zero-knowledge argument with a strict (in contrast to expected) polynomial-time simulator. The simulator in his protocol is a nonblack-box simulator (i.e., it makes inherent use of the description of the code of the verifier).In this paper, we further address the question of strict polynomial-time in constant-round zero-knowledge proofs and arguments of knowledge. First, we show that there exists a constant-round zero-knowledge argument of knowledge with a strict polynomial-time knowledge extractor. As in the simulator of Barak's zero-knowledge protocol, the extractor for our argument of knowledge is not black-box and makes inherent use of the code of the prover. On the negative side, we show that nonblack-box techniques are essential for both strict polynomial-time simulation and extraction. That is, we show that no (nontrivial) constant-round zero-knowledge proof or argument can have a strict polynomial-time black-box simulator. Similarly, we show that no (nontrivial) constant-round zero-knowledge proof or argument of knowledge can have a strict polynomial-time black-box knowledge extractor.