Cryptology ePrint Archive: Report 2008/545

Resolving the Simultaneous Resettability Conjecture and a New Non-Black-Box Simulation Strategy

Vipul Goyal and Amit Sahai

Abstract: Canetti, Goldreich, Goldwasser, and Micali (STOC 2000) introduced the notion of resettable zero-knowledge proofs, where the protocol must be zero-knowledge even if a cheating verifier can reset the prover and have several interactions in which the prover uses the same random tape. Soon afterwards, Barak, Goldreich, Goldwasser, and Lindell (FOCS 2001) studied the closely related notion of resettable soundness, where the soundness condition of the protocol must hold even if the cheating prover can reset the verifier to have multiple interactions with the same verifier's random tape. The main problem left open by this work was whether it is possible to have a single protocol that is simultaneously resettable zero knowledge and resettably sound. We resolve this question by constructing such a protocol.

At the heart of our construction is a new non-black-box simulation strategy, which we believe to be of independent interest. This new strategy allows for simulators which ``marry'' recursive rewinding techniques (common in the context of concurrent simulation) with non-black-box simulation. Previous non-black-box strategies led to exponential blowups in computational complexity in such circumstances, which our new strategy is able to avoid.

Category / Keywords: foundations /

Publication Info: Merged with a paper by Yi Deng and appeared in FOCS 2009

Date: received 28 Dec 2008, last revised 23 Oct 2009

Contact author: vipul goyal at gmail com

Available format(s): PDF | BibTeX Citation

Note: Simplified proofs and improved writeup

Version: 20091023:102521 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]