245 research outputs found
On Constant-Round Concurrent Zero-Knowledge from a Knowledge Assumption
In this work, we consider the long-standing open question of constructing
constant-round concurrent zero-knowledge protocols in the plain model.
Resolving this question is known to require non-black-box techniques.
We consider non-black-box techniques for zero-knowledge based on knowledge
assumptions, a line of thinking initiated by the work of Hada and Tanaka
(CRYPTO 1998). Prior to our work, it was not known whether knowledge
assumptions could be used for achieving security in the concurrent setting, due
to a number of significant limitations that we discuss here. Nevertheless, we
obtain the following results:
1. We obtain the first constant round concurrent zero-knowledge argument for
\textbf{NP} in the plain model based on a new variant of knowledge of exponent
assumption. Furthermore, our construction avoids the inefficiency inherent in
previous non-black-box techniques such that those of Barak (FOCS 2001); we
obtain our result through an efficient protocol compiler.
2. Unlike Hada and Tanaka, we do not require a knowledge assumption to argue
the soundness of our protocol. Instead, we use a discrete log like assumption,
which we call Diffie-Hellman Logarithm Assumption, to prove the soundness of
our protocol.
3. We give evidence that our new variant of knowledge of exponent assumption
is in fact plausible. In particular, we show that our assumption holds in the
generic group model.
4. Knowledge assumptions are especially delicate assumptions whose
plausibility may be hard to gauge. We give a novel framework to express
knowledge assumptions in a more flexible way, which may allow for formulation
of plausible assumptions and exploration of their impact and application in
cryptography.Comment: 30 pages, 3 figure
Adaptive Protocols for Interactive Communication
How much adversarial noise can protocols for interactive communication
tolerate? This question was examined by Braverman and Rao (IEEE Trans. Inf.
Theory, 2014) for the case of "robust" protocols, where each party sends
messages only in fixed and predetermined rounds. We consider a new class of
non-robust protocols for Interactive Communication, which we call adaptive
protocols. Such protocols adapt structurally to the noise induced by the
channel in the sense that both the order of speaking, and the length of the
protocol may vary depending on observed noise.
We define models that capture adaptive protocols and study upper and lower
bounds on the permissible noise rate in these models. When the length of the
protocol may adaptively change according to the noise, we demonstrate a
protocol that tolerates noise rates up to . When the order of speaking may
adaptively change as well, we demonstrate a protocol that tolerates noise rates
up to . Hence, adaptivity circumvents an impossibility result of on
the fraction of tolerable noise (Braverman and Rao, 2014).Comment: Content is similar to previous version yet with an improved
presentatio
The power of a pebble : exploring and mapping directed graphs
Thesis (M.S.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 1998.Includes bibliographical references (p. 36-39).by Amit Sahai.M.S
New Notions of Security: Achieving Universal Composability without Trusted Setup
We propose a modification to the framework of Universally Composable (UC) security [3]. Our new notion, involves comparing the protocol executions with an ideal execution involving ideal functionalities (just as in UC-security), but allowing the environment and adversary access to some super-polynomial computational power. We argue the meaningfulness of the new notion, which in particular subsumes many of the traditional notions of security. We generalize the Universal Composition theorem of [3] to the new setting. Then under new computational assumptions, we realize secure multi-party computation (for static adversaries) without a common reference string or any other set-up assumptions, in the new framework. This is known to be impossible under the UC framework.
Recommended from our members
A Complete Problem for Statistical Zero Knowledge
We present the first complete problem for SZK, the class of (promise) problems possessing statistical zero-knowledge proofs (against an honest verifier). The problem, called STATISTICAL DIFFERENCE, is to decide whether two efficiently samplable distributions are either statistically close or far apart. This gives a new characterization of SZK that makes no reference to interaction or zero knowledge.
We propose the use of complete problems to unify and extend the study of statistical zero knowledge. To this end, we examine several consequences of our Completeness Theorem and its proof, such as:
* A way to make every (honest-verifier) statistical zero-knowledge proof very communication efficient, with the prover sending only one bit to the verifier (to achieve soundness error 1/2).
* Simpler proofs of many of the previously known results about statistical zero knowledge, such as the Fortnow and Aiello--HÃ¥stad upper bounds on the complexity of SZK and Okamoto's result that SZK is closed under complement.
* Strong closure properties of SZK which amount to constructing statistical zero-knowledge proofs for complex assertions built out of simpler assertions already shown to be in SZK.
* New results about the various measures of "knowledge complexity," including a collapse in the hierarchy corresponding to knowledge complexity in the "hint" sense.
* Algorithms for manipulating the statistical difference between efficiently samplable distributions, including transformations which "polarize" and "reverse" the statistical relationship between a pair of distributions.Engineering and Applied Science
Frugality in path auctions
We consider the problem of picking (buying) an inexpensive path in a graph where edges are owned by independent (selfish) agents, and the cost of an edge is known to its owner only. We study the problem of finding frugal mechanisms for this task, i.e. we investigate the payments the buyer must make in order to buy a path. First, we show that any mechanism with (weakly) dominant strategies (or, equivalently, any truthful mechanism) for the agents can force the buyer to make very large payments. Namely, for every such mechanism, the buyer can be forced to pay , where is the cost of the shortest path, is the cost of the second-shortest path, and is the number of edges in . This extends the previous work of Archer and Tardos}, who showed a similar lower bound for a subclass of truthful mechanisms called min-function mechanisms. Our lower bounds have no such limitations on the mechanism. Motivated by this lower bound, we study mechanisms for this problem providing Bayes-Nash equilibrium strategies for the agents. In this class, we identify the optimal mechanism with regard to total payment. We then demonstrate a separation in terms of average overpayments between the classical VCG mechanism and the optimal mechanism showing that under various natural distributions of edge costs, the optimal mechanism pays at most logarithmic factor more than the actual cost, whereas VCG pays times the actual cost. On the other hand, we also show that the optimal mechanism does incur at least a constant factor overpayment in natural distributions of edge costs. Since our mechanism is optimal, this gives a lower bound on all mechanisms with Bayes-Nash equilibria
Recommended from our members
Affine Determinant Programs: A Framework for Obfuscation and Witness Encryption
An affine determinant program ADP: {0,1}^n → {0,1} is specified by a tuple (A,B_1,...,B_n) of square matrices over F_q and a function Eval: F_q → {0,1}, and evaluated on x \in {0,1}^n by computing Eval(det(A + sum_{i \in [n]} x_i B_i)).
In this work, we suggest ADPs as a new framework for building general-purpose obfuscation and witness encryption. We provide evidence to suggest that constructions following our ADP-based framework may one day yield secure, practically feasible obfuscation.
As a proof-of-concept, we give a candidate ADP-based construction of indistinguishability obfuscation (iO) for all circuits along with a simple witness encryption candidate. We provide cryptanalysis demonstrating that our schemes resist several potential attacks, and leave further cryptanalysis to future work. Lastly, we explore practically feasible applications of our witness encryption candidate, such as public-key encryption with near-optimal key generation
Efficient Quantum Algorithms for Nonlinear Stochastic Dynamical Systems
In this paper, we propose efficient quantum algorithms for solving nonlinear
stochastic differential equations (SDE) via the associated Fokker-Planck
equation (FPE). We discretize the FPE in space and time using two well-known
numerical schemes, namely Chang-Cooper and implicit finite difference. We then
compute the solution of the resulting system of linear equations using the
quantum linear systems algorithm. We present detailed error and complexity
analyses for both these schemes and demonstrate that our proposed algorithms,
under certain conditions, provably compute the solution to the FPE within
prescribed error bounds with polynomial dependence on state
dimension . Classical numerical methods scale exponentially with dimension,
thus, our approach, under the aforementioned conditions, provides an
\emph{exponential speed-up} over traditional approaches.Comment: IEEE International Conference on Quantum Computing and Engineering
(QCE23
Indistinguishability Obfuscation from Well-Founded Assumptions
In this work, we show how to construct indistinguishability obfuscation from
subexponential hardness of four well-founded assumptions. We prove:
Let be arbitrary
constants. Assume sub-exponential security of the following assumptions, where
is a security parameter, and the parameters below are
large enough polynomials in :
- The SXDH assumption on asymmetric bilinear groups of a prime order ,
- The LWE assumption over with subexponential
modulus-to-noise ratio , where is the dimension of the LWE
secret,
- The LPN assumption over with polynomially many LPN samples
and error rate , where is the dimension of the LPN
secret,
- The existence of a Boolean PRG in with stretch
,
Then, (subexponentially secure) indistinguishability obfuscation for all
polynomial-size circuits exists
- …