8,543 research outputs found
Constant-Round Concurrent Zero-Knowledge From Falsifiable Assumptions
We present a constant-round concurrent zero-knowledge protocol for \NP. Our protocol is sound against uniform polynomial-time attackers, and relies on the existence of families of collision-resistant hash functions, and a new (but in our eyes, natural) falsifiable intractability assumption: Roughly speaking, that Micali's non-interactive CS-proofs are sound for languages in
Constant-Round Concurrent Zero-knowledge from Indistinguishability Obfuscation
We present a constant-round concurrent zero-knowledge protocol for NP. Our protocol relies on the existence of families of collision-resistant hash functions, one-way permutations, and indistinguishability obfuscators for P/poly (with slightly super-polynomial security)
Non-Uniformly Sound Certificates with Applications to Concurrent Zero-Knowledge
We introduce the notion of non-uniformly sound certificates: succinct single-message (unidirectional) argument systems that satisfy a ``best-possible security\u27\u27 against non-uniform polynomial-time attackers. In particular, no polynomial-time attacker with s bits of non-uniform advice can find significantly more than s accepting proofs for false statements. Our first result is a construction of non-uniformly sound certificates for all NP in the random oracle model, where the attacker\u27s advice can depend arbitrarily on the random oracle.
We next show that the existence of non-uniformly sound certificates for P (and collision resistant hash functions) yields a public-coin constant-round fully concurrent zero-knowledge argument for NP
Efficient Synchronous Byzantine Consensus
We present new protocols for Byzantine state machine replication and
Byzantine agreement in the synchronous and authenticated setting. The
celebrated PBFT state machine replication protocol tolerates Byzantine
faults in an asynchronous setting using replicas, and has since been
studied or deployed by numerous works. In this work, we improve the Byzantine
fault tolerance threshold to by utilizing a relaxed synchrony
assumption. We present a synchronous state machine replication protocol that
commits a decision every 3 rounds in the common case. The key challenge is to
ensure quorum intersection at one honest replica. Our solution is to rely on
the synchrony assumption to form a post-commit quorum of size , which
intersects at replicas with any pre-commit quorums of size . Our
protocol also solves synchronous authenticated Byzantine agreement in expected
8 rounds. The best previous solution (Katz and Koo, 2006) requires expected 24
rounds. Our protocols may be applied to build Byzantine fault tolerant systems
or improve cryptographic protocols such as cryptocurrencies when synchrony can
be assumed
Non-black-box Simulation in the Fully Concurrent Setting, Revisited
We give a new proof of the existence of -round public-coin concurrent zero-knowledge arguments for NP, where is an arbitrary constant. The security is proven in the plain model under the assumption that collision-resistant hash functions exist. (The existence of such concurrent zero-knowledge arguments was previously proven by Goyal (STOC\u2713) in the plain model under the same assumption.) In the proof, we use a new variant of the non-black-box simulation technique of Barak (FOCS\u2701). An important property of our simulation technique is that the simulator runs in a straight-line manner in the fully concurrent setting. Compared with the simulation technique of Goyal, which also has such a property, the analysis of our simulation technique is (arguably) simpler
Raziel: Private and Verifiable Smart Contracts on Blockchains
Raziel combines secure multi-party computation and proof-carrying code to
provide privacy, correctness and verifiability guarantees for smart contracts
on blockchains. Effectively solving DAO and Gyges attacks, this paper describes
an implementation and presents examples to demonstrate its practical viability
(e.g., private and verifiable crowdfundings and investment funds).
Additionally, we show how to use Zero-Knowledge Proofs of Proofs (i.e.,
Proof-Carrying Code certificates) to prove the validity of smart contracts to
third parties before their execution without revealing anything else. Finally,
we show how miners could get rewarded for generating pre-processing data for
secure multi-party computation.Comment: Support: cothority/ByzCoin/OmniLedge
Asynchronous Secure Multiparty Computation in Constant Time
In the setting of secure multiparty computation, a set of mutually distrusting parties wish to securely compute a joint function. It is well known that if the communication model is asynchronous, meaning that messages can be arbitrarily delayed by an unbounded (yet finite) amount of time, secure computation is feasible if and only if at least two-thirds of the parties are honest, as was shown by Ben-Or, Canetti, and Goldreich [STOC\u2793] and by Ben-Or, Kelmer, and Rabin [PODC\u2794]. The running-time of all currently known protocols depends on the function to evaluate. In this work we present the first asynchronous MPC protocol that runs in constant time.
Our starting point is the asynchronous MPC protocol of Hirt, Nielsen, and Przydatek [Eurocrypt\u2705, ICALP\u2708]. We integrate \emph{threshold fully homomorphic encryption} in order to reduce the interactions between the parties, thus completely removing the need for the expensive \emph{king-slaves} approach taken by Hirt et al.. Initially, assuming an honest majority, we construct a constant-time protocol in the asynchronous Byzantine agreement (ABA) hybrid model. Using a concurrent ABA protocol that runs in constant expected time, we obtain a constant expected time asynchronous MPC protocol, secure facing static malicious adversaries, assuming t<n/3
Non-Malleable Codes Against Bounded Polynomial Time Tampering
We construct efficient non-malleable codes (NMC) that are (computationally) secure against tampering by functions computable in any fixed polynomial time. Our construction is in the plain (no-CRS) model and requires the assumptions that (1) is hard for circuits of some exponential () size (widely used in the derandomization literature), (2) sub-exponential trapdoor permutations exist, and (3) certificates with sub-exponential soundness exist.
While it is impossible to construct NMC secure against arbitrary polynomial-time tampering (Dziembowski, Pietrzak, Wichs, ICS \u2710),
the existence of NMC secure against -time tampering functions
(for any fixed ), was shown (Cheraghchi and Guruswami, ITCS \u2714) via a probabilistic construction. An explicit construction was given (Faust, Mukherjee, Venturi, Wichs, Eurocrypt \u2714) assuming an untamperable CRS with length longer than the runtime of the tampering function. In this work, we show that under computational assumptions, we can bypass these limitations. Specifically, under the assumptions listed above, we obtain non-malleable codes in the plain model against -time tampering functions (for any fixed ), with codeword length independent of the tampering time bound.
Our new construction of NMC draws a connection with non-interactive non-malleable commitments. In fact, we show that in the NMC setting,
it suffices to have a much weaker notion called quasi non-malleable
commitments---these are non-interactive, non-malleable commitments in
the plain model, in which the adversary runs in -time, whereas
the honest parties may run in longer (polynomial) time. We then
construct a 4-tag quasi non-malleable commitment from any sub-exponential OWF and the assumption that is hard for some exponential size -circuits, and use tag amplification techniques to support an exponential number of tags
- …