On the Implausibility of Constant-Round Public-Coin Zero-Knowledge Proofs.

Our approach builds upon the recent work of Kalai et al. [Crypto'17] who ruled out constant round public-coin ZK proofs under the same assumptions as ours. ... We study the round complexity of zero-knowledge (ZK) proof systems. While five round ZK proofs for NP are known from standard assumptions [Goldreich-Kahan, J. ... Private-coin vs Public-coin. In the study of ZK proofs, whether or not the verifier makes its random coins public or keeps them private has a strong bearing on the round-complexity. ...

doi:10.1007/978-3-319-78372-7_1 fatcat:zzyy7azajvdyvnfdip74wg7m2a

We initiate a formal investigation on the power of predictability for argument of knowledge systems for NP . ... Specifically, we consider private-coin argument systems where the answer of the prover can be predicted, given the private randomness of the verifier; we call such protocols Predictable Arguments of Knowledge ... consists of public coins. ...

doi:10.1007/978-3-662-54365-8_6 fatcat:77hiymfnm5cexnugchlw5efxka

We devise a novel simulation technique that makes black-box use of the adversary as well as the distinguisher. ... Using this technique we construct several round-optimal protocols, many of which were previously unknown even using non-black-box simulation techniques: • Two-round witness indistinguishable (WI) arguments ... Adaptive Soundness The protocol in Figure 1 compiles a three-round public coin proof to a two-round argument using oblivious transfer. ...

doi:10.1007/978-3-319-63715-0_6 fatcat:aaprukw5ebc4hpxza6uj5xr6f4

Our main result is a constant-round public-coin protocol "AM−Sam" that allows an efficient verifier to emulate a Sam d oracle for any constant depth d = O(1) with the help of a BPP NP prover. ... The main technical tool we use to prove the above is a new constant-round public-coin protocol (SampleWithSize) that we believe may be interesting in its own right, and that guarantees the following. ... The third author also thanks the other authors of [31] for fruitful discussions and their perspectives on the power of Sam. ...

doi:10.1109/ccc.2010.17 dblp:conf/coco/HaitnerMX10 fatcat:ryrbyozwtnchfgj3akj4fz2zvy

Second, we provide a compiler from any LRC to a FLRC in the common reference string model where the leakage on the encoding comes from a fixed leakage family of small cardinality. ... We can extend the impossibility result to FLRCs with constant-length messages under assumptions related to differing-input obfuscation. ... Kilian [Kil92] constructs a 4-round public-coin succinct argument of knowledge for NP based on a probabilistically checkable proof (PCP) system for NP and a collision-resistant function ensemble. ...

doi:10.1007/978-3-662-54365-8_14 fatcat:w62g5n3fwbci5pbat53yaixavi

We demonstrate the usefulness of the new notion by showing that several applications of diO can be obtained by relying on the public-coin variant instead. ... A public-coin diO restricts the original definition of diO by requiring the auxiliary input to be a public random string which is given as input to all relevant algorithms. ... Separate from the applications below, building on our work, public-coin diO has been used to replace the need for diO to achieve constant-round concurrent zero knowledge based on obfuscation [PPS15] . ...

doi:10.1007/978-3-662-46497-7_26 fatcat:q2xs5l7d6vd4zcjdk7hnaeoanm

We examine the concurrent composition of zero-knowledge proofs. ... We show that, modulo certain complexity assumptions, any statement in NP has k -round proofs and arguments in which one can e ciently simulate any k O(1) concurrent executions of the protocol. ... Acknowledgments Kilian would like to thank Cynthia Dwork, Uri Feige, Moni Naor, Amit Sahai and Erez Petrank for many illuminating conversations on this subject. ...

doi:10.1007/3-540-48910-x_29 fatcat:25c3o4j6cvfulgrc23z6dbsre4

We argue that the prevalence of mining coalitions is due to a limitation of the Bitcoin proof-of-work puzzle -specifically, that it affords an effective mechanism for enforcing cooperation in a coalition ... Indeed, Bitcoin's security claims rely on no single entity wielding a sufficiently large portion of the network's overall computational power. ... Acknowledgments We thank the readers and reviewers of earlier drafts of this paper. This work was supported in part by NSF awards #0964541, #1223623, and #1518765. ...

doi:10.1145/2810103.2813621 dblp:conf/ccs/MillerKKS15 fatcat:l3cxkbrbhfd3jewj3b3cakprfa

on-the-fly. ... of the function being computed and the total number of users in the system. ... The same compiler works in our security model with one subtlety: instead of using standard zero-knowledge proofs, the protocol must use zero-knowledge proofs of knowledge. ...

doi:10.1145/2213977.2214086 dblp:conf/stoc/Lopez-AltTV12 fatcat:2jw2ee3e7zahpchnpfjet366km

Separating public key encryption from one way functions is one of the fundamental goals of complexity-based cryptography. ... Beginning with the seminal work of Impagliazzo and Rudich (STOC, 1989), a sequence of works have ruled out certain classes of reductions from public key encryption (PKE)-or even key agreement-to one way ... Acknowledgements We thank Tal Malkin for insightful discussions on the notion of BBN − reductions and the anonymous reviewers for TCC B-2016 for their many helpful comments. ...

doi:10.1007/978-3-662-53644-5_7 fatcat:v4t755xkpngv7cv22tntlnhjui

We build on the emergent phenomenon of currency mixes, adding an accountability mechanism to expose theft. ... We propose Mixcoin, a protocol to facilitate anonymous payments using the Bitcoin currency system. ... One is an academic proposal called Zerocoin [16] which uses cryptographic techniques (specifically, an accumulator with a zero-knowledge proof of inclusion) to break the link between individual Bitcoin ...

doi:10.1007/978-3-662-45472-5_31 fatcat:bnnvhrmqbzbuvhsl3l2ixukcwa

The blockchain concept forms the backbone of a new wave technology that promises to be deployed extensively in a wide variety of industrial and societal applications. ... Second, the smart contracts are designed using a rigorous analysis of a repeated game model of the strategic interactions between buyers and sellers. ... Any zero-knowledge proof must satisfy three properties. ...

arXiv:2001.05655v1 fatcat:c4sxk65yszhjhj43ncolha2uye

In the case of proof-of-work (PoW), currently used by the most prominent systems, the cost is due to spent computation. ... To demonstrate the practicality of our results, we describe a trustless oracle that leverages the equilibrium to estimate the price ratios of PoW cryptocurrencies from on-chain information only. ... For blockchains with open membership, consensus is based on one of several different mechanisms including proof-of-work (PoW) [1] and proof-of-stake (PoS) [3] , which are the two most popular choices ...

arXiv:2012.03706v1 fatcat:445kd3fgozfixlfklcwvu4kzdi

A zero-knowledge PCP (ZKPCP) is a PCP with the additional guarantee that the view of any verifier querying a bounded number of proof bits can be efficiently simulated given the input x alone, where the ... The use of locking schemes makes the verifier inherently adaptive, namely, it needs to make at least two rounds of queries to the proof. ... Acknowledgements We thank the anonymous TCC reviewers for helpful comments, and in particular for pointing out the simple construction of CZKPCP from PCP and NIZK. The ...

doi:10.1007/978-3-662-49099-0_1 fatcat:tniaxvbdkfdtbeyu6cfiaa5sg4

be detected by one of the W witnesses. ... Even if S is compromised in a fashion not readily detectable by the witnesses, CoSi still guarantees S's exposure to public scrutiny, forcing secrecy-minded attackers to risk that the compromise will soon ... This research was supported in part by the NSF under grants CNS-1407454 and CNS-1409599. ...

doi:10.1109/sp.2016.38 dblp:conf/sp/SytaTVWJGGKF16 fatcat:7ykfeburovcqdkpr7xdx6c4ua4

On the Existence of Three Round Zero-Knowledge Proofs [chapter]

Preserved Fulltext

Predictable Arguments of Knowledge [chapter]

Preserved Fulltext

Distinguisher-Dependent Simulation in Two Rounds and its Applications [chapter]

Preserved Fulltext

A New Sampling Protocol and Applications to Basing Cryptographic Primitives on the Hardness of NP

Preserved Fulltext

Fully Leakage-Resilient Codes [chapter]

Preserved Fulltext

Public-Coin Differing-Inputs Obfuscation and Its Applications [chapter]

Preserved Fulltext

On the Concurrent Composition of Zero-Knowledge Proofs [chapter]

Preserved Fulltext

Nonoutsourceable Scratch-Off Puzzles to Discourage Bitcoin Mining Coalitions

Preserved Fulltext

On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption

Preserved Fulltext

Towards Non-Black-Box Separations of Public Key Encryption and One Way Function [chapter]

Preserved Fulltext

Mixcoin: Anonymity for Bitcoin with Accountable Mixes [chapter]

Preserved Fulltext

Design of Trusted Market Platforms using Permissioned Blockchains and Game Theory [article]

Preserved Fulltext

Pricing Security in Proof-of-Work Systems [article]

Preserved Fulltext

Making the Best of a Leaky Situation: Zero-Knowledge PCPs from Leakage-Resilient Circuits [chapter]

Preserved Fulltext

Keeping Authorities "Honest or Bust" with Decentralized Witness Cosigning

Preserved Fulltext