We give a construction of statistically hiding commitment schemes (those in which the hiding property holds against even computationally unbounded adversaries) under the minimal complexity assumption that one-way functions exist. Consequently, one-way functions suffice to give statistical zero-knowledge arguments for any NP statement (whereby even a computationally unbounded adversarial verifier learns nothing other than the fact that the assertion being proven is true, and no polynomial-time adversarial prover can convince the verifier of a false statement). These results resolve an open question posed by Naor et al. [by Nguyen and Vadhan [28]. 2 We then use this 2-phase commitment scheme together with universal one-way hash functions (whose existence is also implied by the existence of one-way functions [7]) to construct the desired statistically hiding commitment scheme.1.3.1. 2-phase commitments from any one-way function. 2-phase commitment schemes are commitment schemes with two phases, each consisting of a commit stage and a reveal stage. In the first phase, the sender commits to and reveals one value v 1 , and subsequently, in the second phase, the sender commits to and reveals a second value v 2 . We say that the 2-phase commitment is hiding if both phases are hiding and say that it is 1-out-of-2-binding, symbolically written as 2 1binding, if the following holds: with high probability, the sender will be forced to reveal the correct committed value in at least one of the phases (but which of the two phases can be determined dynamically by the malicious sender?). More specifically, with high probability after the first-phase commit, there is a single value such that if the sender decommits to any other value, then the second commitment is guaranteed to be binding (in the standard sense).Even though we draw upon [28] for the notion of 2-phase commitments, there are many differences between the contexts of the two works and their constructions of 2-phase commitments. In [28], the goal was to prove unconditional results about prover efficiency in zero-knowledge proofs (specifically, that one can transform zeroknowledge proofs with inefficient provers into ones with efficient provers). This was done by showing that every problem having a zero-knowledge proof has an "instancedependent" 2-phase commitment scheme, where the sender and receiver get an instance x of the problem as auxiliary input and we only require hiding to hold when x is a "yes instance" and binding when x is a "no instance." Here, we are giving conditional results (assuming the existence of one-way functions) and are obtaining standard (as opposed to instance-dependent) 2-phase commitments. Moreover, the focus in [28] is on statistically binding 2-phase commitments; thus here we need to develop new formulations to work with the computational binding property.Our initial construction, which gives a 2-phase commitment scheme satisfying a "weak hiding" property, is inspired by the construction of [28]. Indeed, the second phase in [28] was also in...
We show that every language in NP has a statistical zero-knowledge argument system under the (minimal) complexity assumption that one-way functions exist. In such protocols, even a computationally unbounded verifier cannot learn anything other than the fact that the assertion being proven is true, whereas a polynomial-time prover cannot convince the verifier to accept a false assertion except with negligible probability. This resolves an open question posed by Naor, Ostrovsky, Venkatesan, and Yung (CRYPTO '92, J. Cryptology '98).Departing from previous works on this problem, we do not construct standard statistically hiding commitments from any one-way function. Instead, we construct a relaxed variant of commitment schemes called "1-out-of-2-binding commitments," recently introduced by Nguyen and Vadhan (STOC '06).
Abstract. We consider the problem of password-authenticated key exchange (PAK) also known as session-key generation using passwords: constructing session-key generation protocols that are secure against active adversaries (person-in-the-middle) and only require the legitimate parties to share a low-entropy password (e.g. coming from a dictionary of size poly(n)).We study the relationship between PAK and other cryptographic primitives. The main result of this paper is that password-authenticated key exchange and public-key encryption are incomparable under blackbox reductions. In addition, we strengthen previous results by Halevi and Krawczyk [14] and Boyarsky [5] and show how to build key agreement and semi-honest oblivious transfer from any PAK protocol that is secure for the Goldreich-Lindell (GL) definition [11].We highlight the difference between two existing definitions of PAK, namely the indistinguishability-based definition of Bellare, Pointcheval and Rogaway (BPR) [1] and the simulation-based definition of Goldreich and Lindell [11] by showing that there exists a PAK protocol that is secure for the BPR definition and only assumes the existence of one-way functions in the case of exponential-sized dictionaries. Hence, unlike the GL definition, the BPR definition does not imply semi-honest oblivious transfer for exponental-sized dictionaries under black-box reductions.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.