By Rafael Pass

ISBN-10: 9172839333

ISBN-13: 9789172839335

**Read or Download Alternative Variants of Zero-Knowledge Proofs PDF**

**Additional info for Alternative Variants of Zero-Knowledge Proofs**

**Example text**

Concerning quasipolynomial time simulatable proofs, we note that since the running time of the simulator is longer than the allowed running time of the verifier, the simulator can not be run by the verifier. Quasi-polynomial time simulatable proofs therefore do not guarantee deniability. 3 Our Results Our main contributions can be summarized as follows: • We formally define the notion of T (n)-simulatable proofs and show that it encompasses the notion of WI. Our characterization of WI in terms of a simulation-based definition sheds new light on the notion of WI, and might lead to alternative constructions of WI proofs.

24 CHAPTER 2. PRELIMINARIES Definition 25 (Witness Indistinguishability with Shared Objects) Let (P, V ) be an interactive proof in a model with shared objects for the language L ∈ N P, and RL be a fixed witness relation for L. We say that (P, V ) is witness indistinguishable for RL if for every probabilistic polynomial-time algorithm V ∗ and every two sequences W 1 = {wx1 }x∈L and W 2 = {wx2 }x∈L, such that wx1 , wx2 ∈ RL (x), the following two ensembles are computationally indistinguishable (when the distinguishing gap is a function in |x|): • { P R (wx1 ), V ∗R (z) (x)}x∈L,z∈{0,1}∗ • { P R (wx2 ), V ∗R (z) (x)}x∈L,z∈{0,1}∗ where R is a random variable uniformly distributed in either 1poly(n) → {0, 1} or {0, 1}poly(n) → {0, 1}poly(n).

2. It is interesting to note that the notions of straight-line strong T (n)-simulatability is strictly stronger than the notion of straight-line concurrent T (n)-simulatability. 5 constitutes an evidence of this fact. See remark 11. 7 We formalize this feature through a composition theorem, which loosely speaking states that for a large class of natural protocols the security of these protocols is not affected when concurrently executed with multiple straight-line concurrent T (n)-simulatable arguments.

Alternative Variants of Zero-Knowledge Proofs by Rafael Pass

