On the composition of public-coin zero-knowledge protocols
2011 (English)In: SIAM journal on computing (Print), ISSN 0097-5397, E-ISSN 1095-7111, Vol. 40, no 6, 1529-1553 p.Article in journal (Refereed) Published
We show that only languages in BPP have public-coin black-box zero-knowledge protocols that are secure under an unbounded (polynomial) number of parallel repetitions. This result holds both in the plain model (without any setup) and in the bare public key model (where the prover and the verifier have registered public keys). We complement this result by constructing a public-coin black-box zero-knowledge proof based on one-way functions that remains secure under any a priori bounded number of concurrent executions. A key step (of independent interest) in the analysis of our lower bound shows that any public-coin protocol, when repeated sufficiently in parallel, satisfies a notion of "resettable soundness" if the verifier picks its random coins using a pseudorandom function.
Place, publisher, year, edition, pages
2011. Vol. 40, no 6, 1529-1553 p.
public-coin interactive protocols, zero-knowledge, parallel repetition
Computer and Information Science
IdentifiersURN: urn:nbn:se:kth:diva-63056DOI: 10.1137/100811465ISI: 000298377900003ScopusID: 2-s2.0-84855608151OAI: oai:DiVA.org:kth-63056DiVA: diva2:481575
FunderICT - The Next Generation
QC 201201252012-01-212012-01-212013-11-25Bibliographically approved