Cryptology ePrint Archive: Report 2008/541

Resettably-Sound Resettable Zero Knowledge Arguments for NP

Yi Deng

Abstract: We construct resettably-sound resettable zero knowledge arguments for NP based on standard hardness assumption (the existence of claw-free permutations) in the plain model. This proves the simultaneous resettability conjecture posed by Barak et al. in [FOCS 2001].

\setlength{\parindent}{2em} Our construction, inspired by the paradigm for designing concurrent zero knowledge protocols, makes crucial use of a tool called instance-dependent resettably-sound resettable WI argument of knowledge (\textsf{IDWIAOK} (and a special-purpose variant), introduced recently by Deng and Lin in [Eurocrypt 2007]).Roughly speaking, for a NP statement of the form $x_0\vee x_1$,\textsf{IDWIAOK} is an argument for which resettable WI property holds when both $x_0$ and $x_1$ are YES instances, and resettably-sound argument of knowledge property holds when $x_0$ is a NO instance.

The heart of the simulator for our protocol is a new technique that allows us to embed the (non-black-box) straight-line simulation strategy in the (black-box) recursive rewinding simulation strategy.

Category / Keywords: foundations / zero knowledge, simultaneous resettability, instance-dependent primitive

Date: received 23 Dec 2008, last revised 19 Feb 2009

Contact author: ydeng cas at gmail com

Available format(s): PDF | BibTeX Citation

Note: We just add the analysis of the running time of our simulator in appendix F into the previous version. The content in previous version remains unchanged.

Version: 20090219:083724 (All versions of this report)

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]