109 research outputs found
Multi-Prover Commitments Against Non-Signaling Attacks
We reconsider the concept of multi-prover commitments, as introduced in the
late eighties in the seminal work by Ben-Or et al. As was recently shown by
Cr\'{e}peau et al., the security of known two-prover commitment schemes not
only relies on the explicit assumption that the provers cannot communicate, but
also depends on their information processing capabilities. For instance, there
exist schemes that are secure against classical provers but insecure if the
provers have quantum information processing capabilities, and there are schemes
that resist such quantum attacks but become insecure when considering general
so-called non-signaling provers, which are restricted solely by the requirement
that no communication takes place.
This poses the natural question whether there exists a two-prover commitment
scheme that is secure under the sole assumption that no communication takes
place; no such scheme is known.
In this work, we give strong evidence for a negative answer: we show that any
single-round two-prover commitment scheme can be broken by a non-signaling
attack. Our negative result is as bad as it can get: for any candidate scheme
that is (almost) perfectly hiding, there exists a strategy that allows the
dishonest provers to open a commitment to an arbitrary bit (almost) as
successfully as the honest provers can open an honestly prepared commitment,
i.e., with probability (almost) 1 in case of a perfectly sound scheme. In the
case of multi-round schemes, our impossibility result is restricted to
perfectly hiding schemes.
On the positive side, we show that the impossibility result can be
circumvented by considering three provers instead: there exists a three-prover
commitment scheme that is secure against arbitrary non-signaling attacks
Quantum Cryptography Beyond Quantum Key Distribution
Quantum cryptography is the art and science of exploiting quantum mechanical
effects in order to perform cryptographic tasks. While the most well-known
example of this discipline is quantum key distribution (QKD), there exist many
other applications such as quantum money, randomness generation, secure two-
and multi-party computation and delegated quantum computation. Quantum
cryptography also studies the limitations and challenges resulting from quantum
adversaries---including the impossibility of quantum bit commitment, the
difficulty of quantum rewinding and the definition of quantum security models
for classical primitives. In this review article, aimed primarily at
cryptographers unfamiliar with the quantum world, we survey the area of
theoretical quantum cryptography, with an emphasis on the constructions and
limitations beyond the realm of QKD.Comment: 45 pages, over 245 reference
Two-Prover Bit-Commitments: Classical, Quantum and Non-Signaling
This thesis considers multi-prover commitment schemes
whose security is based on restrictions on the communication between the
provers. The results are applicable to so-called relativistic commitment
schemes: schemes whose security is guaranteed by the fact that information
does not travel faster than the speed of light.
A commitment scheme is a cryptographic protocol solving the following
problem: One party, the prover, has selected a value which he wants to keep
secret at first. The prover wants to have the option to reveal it to the
other party, the verifier, at a later time, but the verifier wants a
guarantee that no value other than the originally selected one can be
revealed.
Standard commitment schemes can only be proven secure with computational
hardness assumptions. This can be circumvented by splitting the prover into
multiple entities and restricting their communication, e.g., no communication
at all, or communication only with a delay (as in relativistic commitment
schemes).
This dissertation introduces new methods for analyzing and designing such
multi-prover schemes. As an application, we show that the Lunghi et al.
commitment scheme from 2015 has much stronger security that their original
analysis indicated.
NWO (Free Competition grant 617.001.203)Number theory, Algebra and Geometr
07381 Abstracts Collection -- Cryptography
From 16.09.2007 to 21.09.2007 the Dagstuhl Seminar 07381 ``Cryptography\u27\u27 was held
in the International Conference and Research Center (IBFI), Schloss Dagstuhl.
During the seminar, several participants presented their current
research, and ongoing work and open problems were discussed. Abstracts of
the presentations given during the seminar as well as abstracts of
seminar results and ideas are put together in this paper. The first section
describes the seminar topics and goals in general.
Links to extended abstracts or full papers are provided, if available
Contamination in Cryptographic Protocols
We discuss a foundational issue in multi-prover interactive proofs (MIP) which we call "contamination" by the verifier. We propose a model which accounts for, and controls, verifier contamination, and show that this model does not lose expressive power. A new characterization of zero-knowledge naturally follows. We show the usefulness of this model by constructing a practical MIP for NP where the provers are spatially separated. Finally, we relate our model to the practical problem of e-voting by constructing a functional voter roster based on distributed trust
Practical Relativistic Zero-Knowledge for NP
In a Multi-Prover environment, how little spatial separation is sufficient to assert the validity of an NP statement in Perfect Zero-Knowledge ? We exhibit a set of two novel Zero-Knowledge protocols for the 3-COLorability problem that use two (local) provers or three (entangled) provers and only require exchanging one edge and two bits with two trits per prover. This greatly improves the ability to prove Zero-Knowledge statements on very short distances with very basic communication gear
Quantum cryptography: key distribution and beyond
Uniquely among the sciences, quantum cryptography has driven both
foundational research as well as practical real-life applications. We review
the progress of quantum cryptography in the last decade, covering quantum key
distribution and other applications.Comment: It's a review on quantum cryptography and it is not restricted to QK
Interactive Oracle Proofs
We initiate the study of a proof system model that naturally combines two well-known models: interactive proofs (IPs) and probabilistically-checkable proofs (PCPs). An *interactive oracle proof* (IOP) is an interactive proof in which the verifier is not required to read the prover\u27s messages in their entirety; rather, the verifier has oracle access to the prover\u27s messages, and may probabilistically query them.
IOPs simultaneously generalize IPs and PCPs. Thus, IOPs retain the expressiveness of PCPs, capturing NEXP rather than only PSPACE, and also the flexibility of IPs, allowing multiple rounds of communication with the prover. These degrees of freedom allow for more efficient PCP-like interactive protocols, because the prover does not have to compute the parts of a PCP that are not requested by the verifier.
As a first investigation into IOPs, we offer two main technical contributions. First, we give a compiler that maps any public-coin IOP into a non-interactive proof in the random oracle model. We prove that the soundness of the resulting proof is tightly characterized by the soundness of the IOP against *state restoration attacks*, a class of rewinding attacks on the IOP verifier. Our compiler preserves zero knowledge, proof of knowledge, and time complexity of the underlying IOP. As an application, we obtain blackbox unconditional ZK proofs in the random oracle model with quasilinear prover and polylogarithmic verifier, improving on the result of Ishai et al.\ (2015).
Second, we study the notion of state-restoration soundness of an IOP: we prove tight upper and lower bounds in terms of the IOP\u27s (standard) soundness and round complexity; and describe a simple adversarial strategy that is optimal across all state restoration attacks.
Our compiler can be viewed as a generalization of the Fiat--Shamir paradigm for public-coin IPs (CRYPTO~\u2786), and of the CS proof constructions of Micali (FOCS~\u2794) and Valiant (TCC~\u2708) for PCPs. Our analysis of the compiler gives, in particular, a unified understanding of all of these constructions, and also motivates the study of state restoration attacks, not only for IOPs, but also for IPs and PCPs
Non-Interactive Proofs: What Assumptions Are Sufficient?
A non-Interactive proof system allows a prover to convince a verifier that a statement is true by sending a single round of messages. In this thesis, we study under what assumptions can we build non-interactive proof systems with succinct verification and zero-knowledge. We obtain the following results.
- Succinct Arguments: We construct the first non-interactive succinct arguments (SNARGs) for P from standard assumptions. Our construction is based on the polynomial hardness of Learning with Errors (LWE).
- Zero-Knowledge: We build the first non-interactive zero-knowledge proof systems (NIZKs) for NP from sub-exponential Decisional Diffie-Hellman (DDH) assumption in the standard groups, without use of groups with pairings.
To obtain our results, we build SNARGs for batch-NP from LWE and correlation intractable hash functions for TC^0 from sub-exponential DDH assumption, respectively, which may be of independent interest
- …