Abstract
The number of communication rounds is a classic complexity measure for protocols; reducing round complexity is a major goal in protocol design. However, when the communication time is inconstant, and in particular, when one of the parties intentionally delays its messages, the round complexity measure may become meaningless. For example, if one of the rounds takes longer than the rest of the protocol, then it does not matter if the round complexity is bounded by a constant or by a polynomial. In this paper, we propose a complexity measure called responsive round complexity. Loosely speaking, a protocol has responsive round complexity m with respect to Party A, if it makes the following guarantee. If A’s longest delay in responding to a message in a run of the protocol is t, then, in that run, the overall communication time is at most m · t. The logic behind this definition is that if a party responds quickly to a message, whether it has a good connection or it just chooses not to delay its messages, then this party deserves to get an overall quicker running time. Responsive round complexity is particularly interesting in a setting where a party may gain something by delaying its messages. In this case, the delaying party does not deserve the same response time as another party that behaves nicely.
We demonstrate the significance of responsive round complexity by presenting a new protocol for concurrent zero-knowledge. The new protocol is a black-box concurrent zero knowledge proof for all languages in NP with round complexity Õ(log2 n) but responsive round complexity Õ(log n). While the round complexity of the new protocol is similar to what is known from previous works, its responsive round complexity is a significant improvement: all known concurrent zero-knowledge protocols require Õ(log2 n) rounds. Furthermore, in light of the known lower bounds, the responsive round complexity of this protocol is basically optimal.
Chapter PDF
References
Boaz Barak: How to Go Beyond The Black-Box Simulation Barrier. To appear in IEEE, Proceedings of the 41st Annual Symposium on Foundations of Computer Science, October, 2001.
Brassard, G., Chaum, D., Crépeau, C.: Minimum disclosure proofs of knowledge. JCSS 37 (1988) 156–189
Canetti, R., Goldreich, O., Goldwasser, S., Micali, S.: Resettable zero-knowledge. Record 99-22, Theory of Cryptography Library (1999) received October 25th, 1999. Supercedes Theory of Cryptography Library Record 99-15.
Canetti, R., Goldreich, O., Goldwasser, S., Micali, S.: Resettable zero-knowledge (extended abstract). In ACM, ed.: Proceedings of the thirty second annual ACM Symposium on Theory of Computing: Portland, Oregon, May 21–23, [2000], New York, NY, USA, ACM Press (2000) 235–244 see also [3].
Canetti, R., Kilian, J., Petrank, E., Rosen, A.: Concurrent zero-knowledge requires Ω(log n) rounds. In: Proceedings of the thirty third annual ACM Symposium on Theory of Computing, ACM Press (2001)
Crescenzo, G.D., Ostrovsky, R.: On concurrent zero-knowledge with preprocessing. In Wiener, M., ed.: Advances in Cryptology — CRYPTO’ 99. Lecture Notes in Computer Science, International Association for Cryptologic Research, Springer-Verlag, Berlin Germany (1999) 485–502
Damgård, I.B.: Efficient concurrent zero-knowledge in the auxiliary string model. In Preneel, B., ed.: Advances in Cryptology — EUROCRYPT’ 2000. Lecture Notes in Computer Science, Brugge, Belgium, Springer-Verlag, Berlin Germany (2000) 418–430
Damgård, Pedersen, T.P., Pfitzmann, B.: On the existence of statistically hiding bit commitment schemes and fail-stop signatures. In Stinson, D.R., ed.: Proc. CRYPTO 93, Springer (1994) 250–265 Lecture Notes in Computer Science No. 773.
Dwork, C., Naor, M.: Zaps and their applications. In IEEE, ed.: Proceedings of the 41st Annual Symposium on Foundations of Computer Science: proceedings: 12–14 November, 2000, Redondo Beach, California, IEEE Computer Society Press (2000) 283–293
Dwork, C., Naor, M., Sahai, A.: Concurrent zero-knowledge. In ACM, ed.: Proceedings of the thirtieth annual ACM Symposium on Theory of Computing: Dallas, Texas, May 23–26, 1998, New York, NY, USA, ACM Press (1998) 409–418
Dwork, C., Sahai, A.: Concurrent zero-knowledge: Reducing the need for timing constraints. Lecture Notes in Computer Science 1462 (1998) 442–457
Feige, U.: Alternative models for zero knowledge interactive proofs. PhD thesis, Weizmann Institute of science (1990)
Feige, U., Shamir, A.: Witness indistinguishable and witness hiding protocols. In ACM, ed.: Proceedings of the twenty-second annual ACM Symposium on Theory of Computing, Baltimore, Maryland, May 14–16, 1990, New York, NY, USA, ACM Press (1990) 416–426
Goldreich, O., Kahan, A.: How to construct constant-round zero-knowledge proof systems for NP. Journal of Cryptology: the journal of the International Association for Cryptologic Research 9 (1996) 167–189
Goldreich, O., Krawczyk, H.: On the composition of Zero-Knowledge Proof systems. SICOMP 25 (1996) 169–192
Goldwasser, S., Micali, S., Racko., C.: The knowledge complexity of interactive systems. SIAM Journal of Computing 18 (1989) 186–208
Goldwasser, S., Micali, S., Racko., C.: The knowledge complexity of interactive proof-systems. In: ACM Symposium on Theory of Computing (STOC’ 85), Baltimore, USA, ACM Press (1985) 291–304
Kilian, J., Petrank, E.: Concurrent zero-knowledge in poly-logarithmic rounds. In: Proceedings of the thirty third annual ACM Symposium on Theory of Computing, ACM Press (2001)
Kilian, J., Petrank, E., Racko., C.: Lower bounds for zero knowledge on the Internet. In IEEE, ed.: 39th Annual Symposium on Foundations of Computer Science: proceedings: November 8–11, 1998, Palo Alto, California, 1109 Spring Street, Suite 300, Silver Spring, MD 20910, USA, IEEE Computer Society Press (1998) 484–492
Naor, M.: Bit commitment using pseudorandomness. Journal of Cryptology 4 (1991) 151–158
Naor, M., Yung, M.: Universal one-way hash functions and their cryptographic applications. In: 21th Annual Symposium on Theory of Computing (STOC), ACM Press (1988) 33–43
Goldreich, O.: Foundation of cryptography — fragments of a book. Available from the Electronic Colloquium on Computational Complexity (ECCC) http://www.eccc.uni-trier.de/eccc/, February 1995. (1995)
Oren, Y.: On the cunning powers of cheating verifiers: Some observations about zero knowledge proofs. In Chandra, A.K., ed.: Proceedings of the 28th Annual Symposium on Foundations of Computer Science, Los Angeles, CA, IEEE Computer Society Press (1987) 462–471
Richardson, R., Kilian, J.: On the concurrent composition of zero-knowledge proofs. Lecture Notes in Computer Science 1592 (1999) 415–43
Rosen, A.: A note on the round-complexity of concurrent zero-knowledge. In: CRYPTO: Proceedings of Crypto. (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-VerlagBerlin Heidelberg
About this paper
Cite this paper
Cohen, T., Kilian, J., Petrank, E. (2001). Responsive Round Complexity and Concurrent Zero-Knowledge. In: Boyd, C. (eds) Advances in Cryptology — ASIACRYPT 2001. ASIACRYPT 2001. Lecture Notes in Computer Science, vol 2248. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45682-1_25
Download citation
DOI: https://doi.org/10.1007/3-540-45682-1_25
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42987-6
Online ISBN: 978-3-540-45682-7
eBook Packages: Springer Book Archive