Two-message witness indistinguishable protocols were first constructed by Dwork and Naor (FOCS 2000). They have since proven extremely useful in the design of several cryptographic primitives. However, so far no two-message arguments for NP provided statistical privacy against malicious verifiers. In this paper, we construct the first: o Two-message statistical witness indistinguishable (SWI) arguments for NP. o Two-message statistical zero-knowledge arguments for NP with super-polynomial simulation (Statistical SPS-ZK). o Two-message statistical distributional weak zero-knowledge (SwZK) arguments for NP, where the simulator is a probabilistic polynomial time machine with oracle access to the distinguisher, and the instance is sampled by the prover in the second round. These protocols are based on quasi-polynomial hardness of two-message oblivious transfer (OT), which in turn can be based on quasi-polynomial hardness of DDH or QR or N~(th) residuosity. We also show how such protocols can be used to build more secure forms of oblivious transfer. Along the way, we show that the Kalai and Raz (Crypto 09) transform compressing interactive proofs to two-message arguments can be generalized to compress certain types of interactive arguments. We introduce and construct a new technical tool, which is a variant of extractable two-message statistically hiding commitments, building on the recent work of Khurana and Sahai (FOCS 17). These techniques may be of independent interest.
展开▼
机译:Dwork和Naor(FOCS 2000)首先构造了两种消息的见证人无法区分的协议。事实证明,它们在设计多个密码原语时非常有用。但是,到目前为止,关于NP的两个消息的论点还没有提供针对恶意验证者的统计隐私。在本文中,我们构造了第一个:o NP的双消息统计见证人不可区分(SWI)论证。 o具有超多项式仿真的NP的两消息统计零知识参数(统计SPS-ZK)。 o NP的两消息统计分布弱零知识(SwZK)参数,其中模拟器是概率多项式时间机器,可以通过oracle访问区分器,并且实例在第二轮由证明者进行采样。这些协议基于两次消息遗忘转移(OT)的准多项式硬度,而后者又可以基于DDH或QR或N(th)残基的拟多项式硬度。我们还将展示如何使用此类协议来构建更安全的遗忘传输形式。一路走来,我们证明了可以将Kalai和Raz(Crypto 09)变换压缩交互式证明转换为两个消息的论点,以便对某些类型的交互论点进行压缩。我们在Khurana和Sahai(FOCS 17)的最新工作的基础上,引入并构建了一种新的技术工具,该工具是可提取的两种消息在统计上隐藏的承诺的变体。这些技术可能具有独立的意义。
展开▼
