Table des matiËres
Resettable Zero Knowledge with� Applications to Identification
Diapositive PPT
Today:� New Capabilities in �Internet Setting�
Proofs
Interactive Proofs
What contains Knowledge
Zero Knowledge Interactive Proofs
Zero Knowledge Arguments
Technical Definition
Technical Definition
Zero Knowledge Fundamental Theorem
One Way Function (Picture)
Computational Security
How Does ZK Work?�
What Makes ZK possible?
What does this have to do with cryptography?
P Knows Secret s
Proof of Knowledge of secret s
EX: ZK POK
ZKPOK Identity Proving Paradigm [FeFiSh]
Basic Questions about Zero Knowledge(I)
Basic Questions about Zero Knowledge(II)
New Question: Resettability
Resettability Question
Resettability Problem [CGGM]
EX: Reset attack on QR protocol
Resettability: a real threat?
Properties of RZK
RZK CZK
A new notion: Resettable ZK (rZK)
Resettable ZK (rZK)
Variants of rZK:
Are rZK, rWI realizable?
We show:*
A main tool: �Pseudorandom functions [GrGwMi]
The underlying idea
Start with [GMW] protocol
Add Initial Message of Verifier
The [GK] protocol
Replace Randomness by Pseudo-randomness
Diapositive PPT
A general transformation:
Obtaining an rZK protocol for NP:
rZK in the public-key model
Relaxations of the plain model
Resettable Zero Knowledge In Public Key Model
Resettable Zero Knowledge based
The Public-Key model
Diapositive PPT
The protocol: High level view
The protocol: High level view
The protocol: High level view
Paradigm Shift
Part II: Resettable Identification[BFGM]
Def: Resettably Secure ID schemes
Identification Problemí
Def: Resettably Secure ID schemes
Classical: Solve Identification Using �Digital Signatures (Sign, Verify)
General Paradigm: Zero Knowledge Proof of Knowledge Secure Identification Protocol [FeigeFiatShamir87]
Witness Hiding Proof of Knowledge �Secure Identification Protocol [FeigeFiatShamir87]
EX: POK based ID Protocol
Resettability Problem Recall
Resettable ID (rID)
New Work [BFGM]: Identification Schemes Secure Against Reset Attacks
Digital Signatures Based
Why Stateless ?
Diapositive PPT
Encryption Based
Encryption Based
Drawbacks�
Resettable Zero Knowledge Based
Concrete Scheme based on �Resettable Zero Knowledge
Concrete Scheme: Resettable Zero Knowledge based
Side Question: how about rWI/rWH?
Efficiency ?
Salvage Old ID POK Based Protocols
Salvage Old ID POK Based Protocols
Salvage Old ID POK Based Protocols for CR2 security
Resettable Okamoto-Identification
Summary I
Summary II
|