Public-Coin Concurrent Zero-Knowledge in the Global Hash Model

  • Ran Canetti
  • Huijia Lin
  • Omer Paneth
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7785)


Public-coin zero-knowledge and concurrent zero-knowledge (cZK) are two classes of zero knowledge protocols that guarantee some additional desirable properties. Still, to this date no protocol is known that is both public-coin and cZK for a language outside BPP. Furthermore, it is known that no such protocol can be black-box ZK [Pass, Crypto 09].

We present a public-coin concurrent ZK protocol for any NP language. The protocol assumes that all verifiers have access to a globally specified function, drawn from a collision resistant hash function family. (This model, which we call the Global Hash Function, or GHF model, can be seen as a restricted case of the non-programmable reference string model.) We also show that the impossibility of black-box public-coin cZK extends also to the GHF model.

Our protocol assumes CRH functions against quasi-polynomial adversaries and takes O(log1 + εn) rounds for any ε > 0, where n is the security parameter. Our techniques combine those for (non-public-coin) black-box cZK with Barak’s non-black-box technique for public-coin constant-round ZK. As a corollary we obtain the first simultaneously resettable zero-knowledge protocol with O(log1 + εn) rounds, in the GHF model.


Hash Function Main Thread Auxiliary Input Reference String Prove Strategy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Barak, B.: How to go beyond the black-box simulation barrier. In: FOCS (2001)Google Scholar
  2. 2.
    Barak, B., Goldreich, O.: Universal arguments and their applications. SIAM J. Comput. (2008)Google Scholar
  3. 3.
    Ben-Sasson, E., Chiesa, A., Genkin, D., Tromer, E.: On the concrete-efficiency threshold of probabilistically-checkable proofs. In: Electronic Colloquium on Computational Complexity, ECCC (2012)Google Scholar
  4. 4.
    Bitansky, N., Canetti, R., Halevi, S.: Leakage-Tolerant Interactive Protocols. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 266–284. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  5. 5.
    Blum, M., Feldman, P., Micali, S.: Non-interactive zero-knowledge and its applications (extended abstract). In: STOC (1988)Google Scholar
  6. 6.
    Canetti, R., Fischlin, M.: Universally composable commitments. IACR Cryptology ePrint Archive (2001)Google Scholar
  7. 7.
    Canetti, R., Kilian, J., Petrank, E., Rosen, A.: Black-box concurrent zero-knowledge requires (almost) logarithmically many rounds. SIAM J. Comput. (2002)Google Scholar
  8. 8.
    Canetti, R., Lin, H., Paneth, O.: Public-coins concurrent zero-knowledge in the global hash model. IACR Cryptology ePrint Archive (2013)Google Scholar
  9. 9.
    Deng, Y., Feng, D., Goyal, V., Lin, D., Sahai, A., Yung, M.: Resettable Cryptography in Constant Rounds – The Case of Zero Knowledge. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 390–406. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  10. 10.
    Deng, Y., Goyal, V., Sahai, A.: Resolving the simultaneous resettability conjecture and a new non-black-box simulation strategy. In: FOCS (2009)Google Scholar
  11. 11.
    Dwork, C., Naor, M., Sahai, A.: Concurrent zero-knowledge. In: STOC (1998)Google Scholar
  12. 12.
    Garg, S., Jain, A., Sahai, A.: Leakage-Resilient Zero Knowledge. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 297–315. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  13. 13.
    Goldreich, O., Kahan, A.: How to construct constant-round zero-knowledge proof systems for NP. Journal of Cryptology (1996)Google Scholar
  14. 14.
    Goldreich, O., Krawczyk, H.: On the composition of zero-knowledge proof systems. SIAM J. Comput. (1996)Google Scholar
  15. 15.
    Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity for all languages in np have zero-knowledge proof systems. J. ACM (1991)Google Scholar
  16. 16.
    Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof-systems (extended abstract). In: STOC (1985)Google Scholar
  17. 17.
    Kilian, J., Petrank, E.: Concurrent and resettable zero-knowledge in poly-loalgorithm rounds. In: STOC (2001)Google Scholar
  18. 18.
    Pandey, O., Pass, R., Sahai, A., Tseng, W.-L.D., Venkitasubramaniam, M.: Precise Concurrent Zero Knowledge. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 397–414. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  19. 19.
    Pass, R., Rosen, A.: Concurrent non-malleable commitments. In: FOCS (2005)Google Scholar
  20. 20.
    Pass, R., Rosen, A., Tseng, W.: Public-coin parallel zero-knowledge for np. Journal of Cryptology (2011)Google Scholar
  21. 21.
    Pass, R., Tseng, W.-L.D., Wikström, D.: On the Composition of Public-Coin Zero-Knowledge Protocols. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 160–176. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  22. 22.
    Prabhakaran, M., Rosen, A., Sahai, A.: Concurrent zero knowledge with logarithmic round-complexity. In: FOCS (2002)Google Scholar
  23. 23.
    Richardson, R., Kilian, J.: On the Concurrent Composition of Zero-Knowledge Proofs. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 415–431. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  24. 24.
    Rogaway, P.: Formalizing Human Ignorance. In: Nguyên, P.Q. (ed.) VIETCRYPT 2006. LNCS, vol. 4341, pp. 211–228. Springer, Heidelberg (2006)CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2013

Authors and Affiliations

  • Ran Canetti
    • 1
    • 2
  • Huijia Lin
    • 1
    • 3
  • Omer Paneth
    • 1
  1. 1.Boston UniversityUSA
  2. 2.Tel Aviv UniversityIsrael
  3. 3.MITUSA

Personalised recommendations