We present constant-round \emph{concurrently knowledge-extractable} black-box resettable zero-knowledge (rZK-CKE) arguments for NP in the bare public-key (BPK) model. We give minimal (sub-exponential) hardness assumption based protocols as well as round-optimal protocols (still under general hardness assumptions). To our knowledge, our protocols are the first ZK protocols that provably provide both resettable/concurrent prover security and concurrent verifier security in public-key models. Here, the notion of {\em concurrent knowledge-extractability} roughly means that no malicious polynomial-time prover can convince an honest verifier of any (whether false or true) statement without ``knowing" a corresponding NP-witness even by concurrently interleaving interactions in public-key models when verifiers register public-keys. We show that concurrent
knowledge-extractability is \emph{strictly} stronger than ``concurrent soundness" (under any sub-exponentially strong one-way permutation) for concurrently proving NP statements to honest verifiers with public-keys. In particular, we show that previous concurrent zero-knowledge protocols in the BPK model that achieved concurrent soundness security and are also traditional arguments of knowledge actually fail to satisfy this stronger security notion (this is demonstrated by concrete attacks). Our work deepens the understanding of the subtleties of concurrent verifier security in public-key settings, and may serve as building blocks in designing other round-efficient concurrently secure protocols in public-key models that use, in particular, argument of knowledge (AOK) protocols as building blocks.
We present constant-round concurrently secure (sound) resettable
zero-knowledge (rZK-CS) arguments with real bare public-keys (i.e.,
public keys based on reduced complexity assumptions). In
particular, for general NP ZK-arguments we give round-optimal protocols as well as minimal hardness assumption based protocols. We also give highly efficient ZK-arguments for number-theoretic languages. Our constructions employ a number of new techniques/tools which are of possibly independent interest.
We present constant-round concurrently secure (sound) resettable
zero-knowledge (rZK-CS) arguments in the bare public-key (BPK)
model. Our constructions deal with general NP ZK-arguments as well
as with highly efficient ZK-arguments for number-theoretic
languages, most relevant to identification scenarios. These are the
first constant-round protocols of this type in the original
real BPK model, where nothing is assured about public-keys
generated by malicious verifiers. As part of this work, we
develop a one-round trapdoor commitment scheme that is based on any
one-way permutation, which is of independent interest and, in
particular, can be used to reduce the round-complexity of other
cryptographic protocols involving trapdoor commitments.
We present constant-round concurrently secure (sound) resettable
zero-knowledge (rZK-CS) arguments in the bare public-key (BPK)
model. Our constructions deal with general NP ZK-arguments as well
as with highly efficient ZK-arguments for number-theoretic
languages, most relevant to identification scenarios. These are the
first constant-round protocols of this type in the original
\emph{real} BPK model, where nothing is assured about public-keys
generated by malicious verifiers. As part of this work, we
develop a one-round trapdoor commitment scheme that is based on any
one-way permutation, which is of independent interest and, in
particular, can be used to reduce the round-complexity of other
cryptographic protocols involving trapdoor commitments.