\setlength{\parindent}{2em} Our construction, inspired by the paradigm for designing concurrent zero knowledge protocols, makes crucial use of a tool called instance-dependent resettably-sound resettable WI argument of knowledge (\textsf{IDWIAOK} (and a special-purpose variant), introduced recently by Deng and Lin in [Eurocrypt 2007]).Roughly speaking, for a NP statement of the form $x_0\vee x_1$,\textsf{IDWIAOK} is an argument for which resettable WI property holds when both $x_0$ and $x_1$ are YES instances, and resettably-sound argument of knowledge property holds when $x_0$ is a NO instance.
The heart of the simulator for our protocol is a new technique that allows us to embed the (non-black-box) straight-line simulation strategy in the (black-box) recursive rewinding simulation strategy.
Category / Keywords: foundations / zero knowledge, simultaneous resettability, instance-dependent primitive Date: received 23 Dec 2008, last revised 19 Feb 2009 Contact author: ydeng cas at gmail com Available formats: PDF | BibTeX Citation Note: We just add the analysis of the running time of our simulator in appendix F into the previous version. The content in previous version remains unchanged. Version: 20090219:083724 (All versions of this report) Discussion forum: Show discussion | Start new discussion