Paper 2008/541

Resettably-Sound Resettable Zero Knowledge Arguments for NP

Yi Deng


We construct resettably-sound resettable zero knowledge arguments for NP based on standard hardness assumption (the existence of claw-free permutations) in the plain model. This proves the simultaneous resettability conjecture posed by Barak et al. in [FOCS 2001]. \setlength{\parindent}{2em} Our construction, inspired by the paradigm for designing concurrent zero knowledge protocols, makes crucial use of a tool called instance-dependent resettably-sound resettable WI argument of knowledge (\textsf{IDWIAOK} (and a special-purpose variant), introduced recently by Deng and Lin in [Eurocrypt 2007]).Roughly speaking, for a NP statement of the form $x_0\vee x_1$,\textsf{IDWIAOK} is an argument for which resettable WI property holds when both $x_0$ and $x_1$ are YES instances, and resettably-sound argument of knowledge property holds when $x_0$ is a NO instance. The heart of the simulator for our protocol is a new technique that allows us to embed the (non-black-box) straight-line simulation strategy in the (black-box) recursive rewinding simulation strategy.

Note: We just add the analysis of the running time of our simulator in appendix F into the previous version. The content in previous version remains unchanged.

Available format(s)
Publication info
Published elsewhere. Unknown where it was published
zero knowledgesimultaneous resettabilityinstance-dependent primitive
Contact author(s)
ydeng cas @ gmail com
2009-02-19: last of 2 revisions
2008-12-28: received
See all versions
Short URL
Creative Commons Attribution


      author = {Yi Deng},
      title = {Resettably-Sound Resettable Zero Knowledge Arguments for NP},
      howpublished = {Cryptology ePrint Archive, Paper 2008/541},
      year = {2008},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.