Paper 2018/1157

Special Soundness Revisited

Douglas Wikström


We generalize and abstract the problem of extracting a witness from a prover of a special sound protocol into a combinatorial problem induced by a sequence of matroids and a predicate, and present a parametrized algorithm for solving this problem. The parametrization provides a tight tradeoff between the running time and the extraction error of the algorithm, which allows optimizing the parameters to minimize: the soundness error for interactive proofs, or the extraction time for proofs of knowledge. In contrast to previous work we bound the distribution of the running time and not only the expected running time. Tail bounds give a tighter analysis when applied recursively and concentrated running time.

Note: This is an excerpt of a larger body of work about electronic voting systems which should be readable for democratic reasons, so any suggestions (even about the exposition) are most welcome! I have been unable to follow the literature, so please do help me to give proper credit if I fail to cite relevant prior/independent work.

Available format(s)
Publication info
Preprint. MINOR revision.
proof of knowledgeknowledge extractionspecial soundness
Contact author(s)
dog @ kth se
2018-12-03: received
Short URL
Creative Commons Attribution


      author = {Douglas Wikström},
      title = {Special Soundness Revisited},
      howpublished = {Cryptology ePrint Archive, Paper 2018/1157},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.