Cryptology ePrint Archive: Report 2016/1009

Efficient Resettably Secure Two-Party Computation

Tobias Nilges

Abstract: In 2000, Canetti, Goldreich, Goldwasser and Micali (STOC'00) proposed the notion of resettable zero-knowledge, which considers the scenario where a malicious verifier can reset the prover and force it to reuse its random tape. They provided a construction that resists such attacks, and in the following, the notion of resettability was considered in various other scenarios. Starting with resettably-sound zero-knowledge, over general resettable computation with one resettable party, to protocols where all parties are resettable.

Most of these results are only concerned with the feasibility of resettable computation, while efficiency is secondary. There is a considerable gap in the round- and communication-efficiency between actively secure protocols and resettably secure protocols. Following the work of Goyal and Sahai (EUROCRYPT'09), we study the round- and communication-efficiency of resettable two-party computation in the setting where one of the two parties is resettable, and close the gap between the two notions of security:

- We construct a fully simulatable resettable CRS in the plain model that directly yields constant-round resettable zero-knowledge and constant-round resettable two-party computation protocols in the plain model.

- We present a new resettability compiler that follows the approach of Ishai, Prabhakaran and Sahai (CRYPTO'08) and yields constant-rate resettable two-party computation.

Category / Keywords: cryptographic protocols / reset attack, protocol compiler

Date: received 24 Oct 2016, last revised 24 Oct 2016

Contact author: tobias nilges at cs au dk

Available format(s): PDF | BibTeX Citation

Version: 20161026:151748 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]