Statistically Hiding Sets
- 870 Downloads
Zero-knowledge set is a primitive introduced by Micali, Rabin, and Kilian (FOCS 2003) which enables a prover to commit a set to a verifier, without revealing even the size of the set. Later the prover can give zero-knowledge proofs to convince the verifier of membership/non-membership of elements in/not in the committed set. We present a new primitive called Statistically Hiding Sets (SHS), similar to zero-knowledge sets, but providing an information theoretic hiding guarantee, rather than one based on efficient simulation. Then we present a new scheme for statistically hiding sets, which does not fit into the “Merkle-tree/mercurial-commitment” paradigm that has been used for all zero-knowledge set constructions so far. This not only provides efficiency gains compared to the best schemes in that paradigm, but also lets us provide statistical hiding; previous approaches required the prover to maintain growing amounts of state with each new proof for such a statistical security.
Our construction is based on an algebraic tool called trapdoor DDH groups (TDG), introduced recently by Dent and Galbraith (ANTS 2006). However the specific hardness assumptions we associate with TDG are different, and of a strong nature — strong RSA and a knowledge-of-exponent assumption. Our new knowledge-of-exponent assumption may be of independent interest. We prove this assumption in the generic group model.
KeywordsStatistical Hiding Security Parameter Pseudorandom Function Cryptology ePrint Archive Common Reference String
Unable to display preview. Download preview PDF.
- 5.Benaloh, J.C., de Mare, M.: One-way accumulators: A decentralized alternative to digital signatures. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950. Springer, Heidelberg (1995)Google Scholar
- 11.Cramer, R., Shoup, V.: Signature schemes based on the strong RSA assumption. In: ACM Conference on Computer and Communications Security (CCS) (1999)Google Scholar
- 12.Damgard, I.: Towards practical public-key cryptosystems provably-secure against chosen-ciphertext attacks. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740. Springer, Heidelberg (1993)Google Scholar
- 22.Micali, S., Rabin, M., Kilian, J.: Zero-knowledge sets. In: FOCS 2003 (2003)Google Scholar
- 23.Mireles, D.: An attack on disguised elliptic curves. Cryptology ePrint Archive, Report 2006/469 (2006), http://eprint.iacr.org/
- 25.Prabhakaran, M., Xue, R.: Statistical zero-knowledge sets using trapdoor DDH groups. Cryptology ePrint Archive, Report 2007/349 (2007), http://eprint.iacr.org/
- 27.Xue, R., Li, N., Li, J.: A new construction of zero knowledge sets secure in random oracle model. In: The First International Symposium of Data, Privacy, & E-Commerce. IEEE Press, Los Alamitos (2007)Google Scholar