Weizmann Logo
Electronic Colloquium on Computational Complexity

Under the auspices of the Computational Complexity Foundation (CCF)

Login | Register | Classic Style



TR12-164 | 17th November 2012 14:16

Simultaneous Resettability from Collision Resistance


Authors: Rafail Ostrovsky, Ivan Visconti
Publication: 24th November 2012 20:21
Downloads: 2255


In FOCS 2001, Barak, Goldreich, Goldwasser and Lindell conjectured that the existence of ZAPs, introduced by Dwork and Naor in FOCS 2000, could lead to the design of a zero-knowledge proof system that is secure against both resetting provers and resetting verifiers. Their conjecture has been proven true by Deng, Goyal and Sahai in FOCS 2009 where both ZAPs and collision-resistant hash functions (CRHFs, for short) play a fundamental role.

In this paper, we present a new technique that allows us to prove that simultaneously resettable zero knowledge can be achieved by relying on CRHFs only. Our construction therefore goes beyond the conjecture of Barak et al. bypassing the (demanding) use of ZAPs, that in turn require double enhanced trapdoor permutations (DTPs, for short).

More specifically, we present the following results:

1. We construct the first resettably-sound resettable witness indistinguishable (rsrWI, for short) argument for NP based on CRHFs. Our construction exploits a new technique that we call “soundness upgrade”. In order to upgrade stand-alone soundness to resettable soundness, we use the lower bound proved by Rosen in CRYPTO 2000 on the round complexity of black-box concurrent zero knowledge. Moreover our rsrWI argument is an argument of knowledge (AoK, for short).

2. As an application of the above result, we obtain the main theorem of this work: we prove (constructively) the existence of an argument system that is both resettable zero knowledge and resettably sound under the sole assumption that CRHFs exist.

Our results improve the state-of-the-art, and, perhaps even more importantly, provide a novel tool for the design of resettably-secure protocols. We also show a novel way to use protocol lower bounds in constructive protocol design.

ISSN 1433-8092 | Imprint