Cryptology ePrint Archive: Report 2018/1157

Special Soundness Revisited

Douglas Wikström

Abstract: We generalize and abstract the problem of extracting a witness from a prover of a special sound protocol into a combinatorial problem induced by a sequence of matroids and a predicate, and present a parametrized algorithm for solving this problem.

The parametrization provides a tight tradeoff between the running time and the extraction error of the algorithm, which allows optimizing the parameters to minimize: the soundness error for interactive proofs, or the extraction time for proofs of knowledge.

In contrast to previous work we bound the distribution of the running time and not only the expected running time. Tail bounds give a tighter analysis when applied recursively and concentrated running time.

Category / Keywords: foundations / proof of knowledge, knowledge extraction, special soundness

Date: received 27 Nov 2018

Contact author: dog at kth se

Available format(s): PDF | BibTeX Citation

Note: This is an excerpt of a larger body of work about electronic voting systems which should be readable for democratic reasons, so any suggestions (even about the exposition) are most welcome!

I have been unable to follow the literature, so please do help me to give proper credit if I fail to cite relevant prior/independent work.

Version: 20181203:023903 (All versions of this report)

Short URL: ia.cr/2018/1157


[ Cryptology ePrint archive ]