• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>Theory of cryptography >Adaptive Zero-Knowledge Proofs and Adaptively Secure Oblivious Transfer
【24h】

Adaptive Zero-Knowledge Proofs and Adaptively Secure Oblivious Transfer

机译:自适应零知识证明和自适应安全遗忘转移

获取原文
获取原文并翻译 | 示例
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

In the setting of secure computation, a set of parties wish to securely compute some function of their inputs, in the presence of an adversary. The adversary in question may be static (meaning that it controls a predetermined subset of the parties) or adaptive (meaning that it can choose to corrupt parties during the protocol execution and based on what it sees). In this paper, we study two fundamental questions relating to the basic zero-knowledge and oblivious transfer protocol problems:rn1. Adaptive zero-knowledge proofs: We ask whether it is possible to construct adaptive zero-knowledge proofs (with unconditional soundness). Beaver (STOC 1996) showed that known zero-knowledge proofs are not adaptively secure, and in addition showed how to construct zero-knowledge arguments (with computational soundness).rn2. Adaptively secure oblivious transfer: All known protocols for adaptively secure oblivious transfer rely on seemingly stronger hardness assumptions than for the case of static adversaries. We ask whether this is inherent, and in particular, whether it is possible to construct adaptively secure oblivious transfer from enhanced trapdoor permutations alone.rnWe provide surprising answers to the above questions, showing that achieving adaptive security is sometimes harder than achieving static security, and sometimes not. First, we show that assuming the existence of one-way functions only, there exist adaptive zero-knowledge proofs for all languages in NP. In order to prove this, we overcome the problem that all adaptive zero-knowledge protocols known until now used equivocal commitments (which would enable an all-powerful prover to cheat). Second, we prove a black-box separation between adaptively secure oblivious transfer and enhanced trapdoor permutations. As a corollary, we derive a black-box separation between adaptively and statically securely oblivious transfer. This is the first black-box separation to relate to adaptive security and thus the first evidence that it is indeed harder to achieve security in the presence of adaptive adversaries than in the presence of static adversaries.
机译:在安全计算的设置中,一组参与者希望在存在对手的情况下安全地计算其输入的某些功能。所讨论的对手可能是静态的(意味着它控制了各方的预定子集),也可能是自适应的(意味着它可以在协议执行过程中根据所看到的内容选择破坏各方)。在本文中,我们研究了两个与基本零知识和遗忘传输协议问题有关的基本问题:rn1。自适应零知识证明:我们询问是否有可能构造自适应零知识证明(具有无条件的健全性)。 Beaver(STOC 1996)证明了已知的零知识证明不是自适应安全的,此外还说明了如何构造零知识参数(具有计算上的可靠性)。自适应安全遗忘传输:与静态对手的情况相比,所有已知的自适应安全遗忘传输协议都依赖看似更强的硬度假设。我们询问这是否是固有的,特别是是否有可能仅从增强的陷门排列中构建自适应安全的遗忘转移.rn我们对上述问题提供了令人惊讶的答案,表明实现自适应安全性有时比实现静态安全性更难,并且有时不是。首先,我们表明,假设仅存在单向函数,则NP中所有语言都存在自适应零知识证明。为了证明这一点,我们克服了迄今为止已知的所有自适应零知识协议都使用模棱两可的承诺(这将使全能的证明者作弊)的问题。其次,我们证明了自适应安全遗忘传输和增强的陷门排列之间的黑匣子分离。因此,我们得出了自适应和静态安全忽略传输之间的黑匣子分离。这是与适应性安全相关的第一个黑匣子分离,因此第一个证据表明,在存在适应性对手的情况下比在存在静态对手的情况下实现安全确实更加困难。

著录项

  • 来源
    《Theory of cryptography》|2009年|183-201|共19页
  • 会议地点 San Francisco CA(US);San Francisco CA(US)
  • 作者

    Yehuda Lindell; Hila Zarosim;

  • 作者单位

    Department of Computer Science Bar-Ilan University, Israel;

    Department of Computer Science Bar-Ilan University, Israel;

  • 会议组织
  • 原文格式 PDF
  • 正文语种 eng
  • 中图分类 一般性问题;
  • 关键词

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号