Paper 2006/314
Concurrently NonMalleable Zero Knowledge in the Authenticated PublicKey Model
Yi Deng, Giovanni Di Crescenzo, and Dongdai Lin
Abstract
We consider a type of zeroknowledge protocols that are of interest for their practical applications within networks like the Internet: efficient zeroknowledge arguments of knowledge that remain secure against concurrent maninthemiddle attacks. As negative results in the area of concurrent nonmalleable zeroknowledge imply that protocols in the standard setting (i.e., under no setup assumptions) can only be given for trivial languages, researchers have studied such protocols in models with setup assumptions, such as the common reference string (CRS) model. This model assumes that a reference string is honestly created at the beginning of all interactions and later available to all parties (an assumption that is satisfied, for instance, in the presence of a trusted party). A growing area of research in Cryptography is that of reducing the setup assumptions under which certain cryptographic protocols can be realized. In an effort to reduce the setup assumptions required for efficient zeroknowledge arguments of knowledge that remain secure against concurrent maninthemiddle attacks, we consider a model, which we call the Authenticated PublicKey (APK) model. The APK model seems to significantly reduce the setup assumptions made by the CRS model (as no trusted party or honest execution of a centralized algorithm are required), and can be seen as a slightly stronger variation of the Bare PublicKey (BPK) model from \cite{CGGM,MR}, and a weaker variation of the registered publickey model used in \cite{BCNP}. We then define and study maninthemiddle attacks in the APK model. Our main result is a constantround concurrent nonmalleable zeroknowledge argument of knowledge for any polynomialtime relation (associated to a language in $\mathcal{NP}$), under the (minimal) assumption of the existence of a oneway function family. We also show timeefficient instantiations of our protocol, in which the transformation from a 3round honestverifier zeroknowledge argument of knowledge to a 4round concurrently nonmalleable zeroknowledge argument of knowledge for the same relation incurs only $\mathcal{O}(1)$ (precisely, a {\em small} constant) additional modular exponentiations, based on known numbertheoretic assumptions. Furthermore, the APK model is motivated by the consideration of some maninthemiddle attacks in models with setup assumptions that had not been considered previously and might be of independent interest. We also note a negative result with respect to further reducing the setup assumptions of our protocol to those in the (unauthenticated) BPK model, by showing that concurrently nonmalleable zeroknowledge arguments of knowledge in the BPK model are only possible for trivial languages.
Metadata
 Available format(s)
 Category
 Cryptographic protocols
 Publication info
 Published elsewhere. Unknown where it was published
 Keywords
 ZeroKnowledge ProtocolsConcurrently NonMalleabilityPublicKey Models
 Contact author(s)
 ydeng @ is iscas ac cn
 History
 20060913: received
 Short URL
 https://ia.cr/2006/314
 License

CC BY
BibTeX
@misc{cryptoeprint:2006/314, author = {Yi Deng and Giovanni Di Crescenzo and Dongdai Lin}, title = {Concurrently NonMalleable Zero Knowledge in the Authenticated PublicKey Model}, howpublished = {Cryptology ePrint Archive, Paper 2006/314}, year = {2006}, note = {\url{https://eprint.iacr.org/2006/314}}, url = {https://eprint.iacr.org/2006/314} }