21 research outputs found
On monotone function closure of perfect and statistical zero-knowledge
Assume we are given a language with an honest verifier perfect zero-knowledge proof system. Assume also that the proof system is a move Arthur-Merlin game. The class of such languages includes all random self-reducible language, and also any language with a perfect zero-knowledge non-interactive proof. We show that such a language satisfies a certain closure property, namely that languages constructed from by applying certain monotone functions to statements on membership in have perfect zero-knowledge proof systems. The new set of languages we can build includes itself, but also for example languages consisting of words of which at least are in . A similar closure property is shown to hold for the complement of and for statistical zero-knowledge. The property we need fo
Proofs of partial knowledge and simplified design of witness hiding protocols
Suppose we are given a proof of knowledge P in which a prover demonstrates that he knows a solution to a given problem instance. Suppose also that we have a secret sharing scheme S on n participants. Then under certain assumptions on P and S , we show how to transform P into a witness indistinguishable protocol, in which the prover demonstrates knowledge of the solution to some subset of n problem instances out of a collection of subsets defined by S . For example, using a threshold scheme, the prover can show that he knows at least d out of n solutions without revealing which d instances are involved. If the instances are independently generated, we get a witness hiding protocol, even if P did not have this property. Our results can be used to efficiently implement general forms of group oriented identification and signatures. Our transformation produces a protocol with the same number of rounds as P and communication complexity n times that of P . Our results use no unproven complexity assumptions
Cryptography in the Bounded Quantum-Storage Model
We initiate the study of two-party cryptographic primitives with unconditional
security, assuming that the adversary’s quantum memory is of bounded size. We show that oblivious
transfer and bit commitment can be implemented in this model using protocols where honest parties
need no quantum memory, whereas an adversarial player needs quantum memory of size at least n/2
in order to break the protocol, where n is the number of qubits transmitted. This is in sharp contrast
to the classical bounded-memory model, where we can only tolerate adversaries with memory of size
quadratic in honest players’ memory size. Our protocols are efficient and noninteractive and can be
implemented using today’s technology. On the technical side, a new entropic uncertainty relation
involving min-entropy is established
Proofs of partial knowledge and simplified design of witness hiding protocols
Suppose we are given a proof of knowledge P in which a prover demonstrates that he knows a solution to a given problem instance. Suppose also that we have a secret sharing scheme S on n participants. Then under certain assumptions on P and S , we show how to transform P into a witness indistinguishable protocol, in which the prover demonstrates knowledge of the solution to some subset of n problem instances out of a collection of subsets defined by S . For example, using a threshold scheme, the prover can show that he knows at least d out of n solutions without revealing which d instances are involved. If the instances are independently generated, we get a witness hiding protocol, even if P did not have this property. Our results can be used to efficiently implement general forms of group oriented identification and signatures. Our transformation produces a protocol with the same number of rounds as P and communication complexity n times that of P . Our results use no unproven complexity assumptions
Improving the security of quantum protocols via commit-and-open
We consider two-party quantum protocols starting with a transmission
of some random BB84 qubits followed by classical messages. We show a
general compiler improving the security of such protocols: if the
original protocol is secure against an almost honest adversary, then
the compiled protocol is secure against an arbitrary computationally
bounded (quantum) adversary. The compilation preserves the number of
qubits sent and the number of rounds up to a constant factor. The
compiler also preserves security in the bounded-quantum-storage model
(BQSM), so if the original protocol was BQSM-secure, the compiled
protocol can only be broken by an adversary who has large quantum
memory and large computing power. This is in contrast to known
BQSM-secure protocols, where security breaks down completely if the
adversary has larger quantum memory than expected. We show how our
technique can be applied to quantum identification and oblivious
transfer protocols
Linear Secret Sharing Schemes from Error Correcting Codes and Universal Hash Functions
We present a novel method for constructing linear secret sharing schemes (LSSS) from linear error correcting codes and linear universal hash functions in a blackbox way. The main advantage of this new construction is that the privacy property of the resulting secret sharing scheme essentially becomes independent of the code we use, only depending on its rate. This allows us to fully harness the algorithmic properties of recent code constructions such as efficient encoding and decoding or efficient list-decoding. Choosing the error correcting codes and universal hash functions involved carefully, we obtain solutions to the following open problems:
- A linear near-threshold secret sharing scheme with both linear time sharing and reconstruction algorithms and large secrets (i.e. secrets of size ). Thus, the computational overhead per shared bit in this scheme is *constant*.
- An efficiently reconstructible robust secret sharing scheme for ) with shares of optimal size and secrets of size , where is the security parameter