ABSTRACT
We put forth a new computational notion of entropy, which measures the (in)feasibility of sampling high entropy strings that are consistent with a given protocol. Specifically, we say that the i'th round of a protocol (A,B) has *accessible entropy* at most k, if no polynomial-time strategy A* can generate messages for A such that the entropy of its message in the i'th round has entropy greater than k when conditioned both on prior messages of the protocol and on prior coin tosses of A*. We say that the protocol has *inaccessible entropy* if the total accessible entropy (summed over the rounds) is noticeably smaller than the real entropy of A's messages, conditioned only on prior messages (but not the coin tosses of A). As applications of this notion, we -- Give a much simpler and more efficient construction of statistically hiding commitment schemes from arbitrary one-way functions. -- Prove that constant-round statistically hiding commitments are necessary for constructing constant-round zero-knowledge proof systems for NP that remain secure under parallel composition (assuming the existence of one-way functions).
- AIELLO, W., AND HASTAD, J . Statistical zero-knowledge languages can be recognized in two rounds. JCSS 42, 3 (1991), 327--345. Google ScholarDigital Library
- BARAK, B. , SHALTIEL, R., AND WIGDERSON, A. Computational analogues of entropy. In RANDOM-APPROX (2003).Google Scholar
- BLUM, M., AND MICALI, S. How to generate cryptographically strong sequences of pseudo random bits. pp. 112--117.Google Scholar
- DING, Y. Z., HARNIK, D. , ROSEN, A., AND SHALTIEL, R. Constant-round oblivious transfer in the bounded storage model. In Theory of Cryptography, First Theory of Cryptography Conference, TCC 2004 (2004), pp. 446--472.Google Scholar
- FEIGE, U. , AND SHAMIR, A. Witness indistinguishable and witness hiding protocols. In Proceedings of the 22nd Annual ACM Symposium on Theory of Computing (STOC) (1990), ACM Press, pp. 416--426. Google ScholarDigital Library
- GOLDREICH, O. Concurrent zero-knowledge with timing, revisited. In STOC (2002), pp. 332--340. Google ScholarDigital Library
- GOLDREICH, O., AND KAHAN, A. How to construct constant-round zero-knowledge proof systems for NP. Journal of Cryptology 9, 3 (1996), 167--190.Google ScholarDigital Library
- GOLDREICH, O., AND KRAWCZYK, H. On the composition of zero-knowledge proof systems. SIAM J. Comput. 25, 1 (1996), 169--192. Preliminary version in ICALP'90. Google ScholarDigital Library
- GOLDREICH, O., MICALI , S., AND WIGDERSON, A. Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems. Journal of the ACM 38, 1 (1991), 691--729. Preliminary version in FOCS'86. Google ScholarDigital Library
- GOLDREICH, O., AND VADHAN, S. P. Comparing entropies in statistical zero knowledge with applications to the structure of szk. In IEEE Conference on Computational Complexity (1999), pp. 54--. Google ScholarDigital Library
- GOLDWASSER , S. , AND MICALI , S. Probabilistic encryption. Journal of Computer and System Sciences 28, 2 (1984), 270--299.Google ScholarCross Ref
- HAITNER , I., HOCH, J. J., REINGOLD, O., AND SEGEV, G. Finding collisions in interactive protocols -- A tight lower bound on the round complexity of statistically-hiding commitments. In Proceedings of the 47th Annual Symposium on Foundations of Computer Science (FOCS) (2007). Google ScholarDigital Library
- HAITNER, I., HORVITZ, O., KATZ, J., KOO, C., MORSELLI, R., AND SHALTIEL, R. Reducing complexity assumptions for statistically-hiding commitment. In Advances in Cryptology -- EUROCRYPT 2005 (2005). Google ScholarDigital Library
- HAITNER, I., NGUYEN, M., ONG, S. J., REINGOLD, O., AND VADHAN, S. Statistically hiding commitments and statistical zero-knowledge arguments from any one-way function. SIAM Journal on Computing (2009). To appear. Preliminary versions in FOCS '06 and STOC '07. Google ScholarDigital Library
- HAITNER, I., AND REINGOLD, O. A new interactive hashing theorem. In Proceedings of the 18th Annual IEEE Conference on Computational Complexity (2007). Full version on authors' homepage. Google ScholarDigital Library
- HASTAD, J., IMPAGLIAZZO, R., LEVIN, L. A., AND LUBY, M. A pseudorandom generator from any one-way function. SIAM Journal on Computing 28, 4 (1999), 1364--1396. Preliminary versions in STOC'89 and STOC'90. Google ScholarDigital Library
- NAOR, M. Bit commitment using pseudorandomness. Journal of Cryptology 4, 2 (1991), 151--158. Preliminary version in CRYPTO'89. Google ScholarDigital Library
- NAOR, M., OSTROVSKY, R., VENKATESAN, R., AND YUNG, M. Perfect zero-knowledge arguments for NP using any one-way permutation. Journal of Cryptology 11, 2 (1998), 87--108. Preliminary version in CRYPTO'92.Google ScholarDigital Library
- NAOR, M., AND YUNG, M. Universal one-way hash functions and their cryptographic applications. In Proceedings of the 21st Annual ACM Symposium on Theory of Computing (STOC) (1989), ACM Press, pp. 33--43. Google ScholarDigital Library
- NGUYEN, M., AND VADHAN, S. Zero knowledge with efficient provers. In Proceedings of the 38th Annual ACM Symposium on Theory of Computing (STOC) (2006), ACM Press, pp. 287--295. Google ScholarDigital Library
- NISAN, N., AND ZUCKERMAN, D. Randomness is linear in space. Journal of Computer and System Sciences 52, 1 (1996), 43--52. Google ScholarDigital Library
- ONG, S. J., AND VADHAN, S. Zero knowledge and soundness are symmetric. In Advances in Cryptology -- EUROCRYPT 2007 (2007), pp. 187--209. Google ScholarDigital Library
- OSTROVSKY, R., AND WIGDERSON, A. One-way functions are essential for non-trivial zero-knowledge. In Proceedings of the 2nd Israel Symposium on Theory of Computing Systems (1993), IEEE Computer Society, pp. 3--17.Google ScholarCross Ref
- PETRANK, E., AND TARDOS, G. On the knowledge complexity of np. In FOCS (1996), pp. 494--503. Google ScholarDigital Library
- RENNER , R., AND WOLF, S. Smooth Renyi entropy and applications. In IEEE International Symposium on Information Theory - ISIT 2004 (June 2004), IEEE, p. 233.Google ScholarCross Ref
- ROMPEL , J. One-way functions are necessary and sufficient for secure signatures. In Proceedings of the 22nd Annual ACM Symposium on Theory of Computing (STOC) (1990), pp. 387--394. Google ScholarDigital Library
- SHANNON, C. Communication theory of secrecy systems. Bell System Technical Journal 28, 4 (1949), 656--715.Google ScholarCross Ref
- YAO, A. C. Theory and applications of trapdoor functions. In FOCS (1982) pp. 80--91. Google ScholarCross Ref
Index Terms
- Inaccessible entropy
Recommendations
Statistically Hiding Commitments and Statistical Zero-Knowledge Arguments from Any One-Way Function
We give a construction of statistically hiding commitment schemes (those in which the hiding property holds against even computationally unbounded adversaries) under the minimal complexity assumption that one-way functions exist. Consequently, one-way ...
Verifiable Oblivious Transfer Protocol
The Oblivious Transfer (OT), introduced by Rabin in 1981, has become an important and fundamental cryptography technique. An OT protocol should have two important characteristics: the sender's privacy and the chooser's privacy. The sender is a party who ...
On the Power of Secure Two-Party Computation
Proceedings, Part II, of the 36th Annual International Cryptology Conference on Advances in Cryptology --- CRYPTO 2016 - Volume 9815Ishai, Kushilevitz, Ostrovsky and Sahai STOC 2007, SIAM JoC 2009 introduced the powerful "MPC-in-the-head" technique that provided a general transformation of information-theoretic MPC protocols secure against passive adversaries to a ZK proof in a "...
Comments