Presentation is loading. Please wait.

Presentation is loading. Please wait.

13. Oktober 2010 | Dr.Marc Fischlin | Kryptosicherheit | 1 Adaptive Proofs of Knowledge in the Random Oracle Model 21. PKC 2015 Marc Fischlin joint work.

Published byAshley Robertson Modified over 9 years ago

Similar presentations

Presentation on theme: "13. Oktober 2010 | Dr.Marc Fischlin | Kryptosicherheit | 1 Adaptive Proofs of Knowledge in the Random Oracle Model 21. PKC 2015 Marc Fischlin joint work."— Presentation transcript:

1 13. Oktober 2010 | Dr.Marc Fischlin | Kryptosicherheit | 1 Adaptive Proofs of Knowledge in the Random Oracle Model 21. PKC 2015 Marc Fischlin joint work with David Bernhard, Bogdan Warinschi

2 April 1st, 2015 | Marc Fischlin | PKC 2015 | 2 (Interactive) Proofs of Knowledge extractor (malicious) prover theorem witness interactive proof extraction usually through rewinding

3 April 1st, 2015 | Marc Fischlin | PKC 2015 | 3 Non-interactive Proofs of Knowledge in the Random Oracle (RO) Model… extractor (malicious) prover non-interactive RO …still require rewinding for extraction RO * [Fiat-Shamir]

4 April 1st, 2015 | Marc Fischlin | PKC 2015 | 4 RO Extraction is easy in the RO model… [Pointcheval-Stern] RO* Example: Fiat-Shamir-Schnorr signatures

5 April 1st, 2015 | Marc Fischlin | PKC 2015 | 5 …or is it? Extraction is easy in the RO model…

6 April 1st, 2015 | Marc Fischlin | PKC 2015 | 6 adaptive zero-knowledge proofs of knowledge in random oracle model (ROM) [Shoup-Gennaro] adversary RO …

7 April 1st, 2015 | Marc Fischlin | PKC 2015 | 7 RO simulation-sound adaptive zero-knowledge proofs of knowledge in the ROM ZK simulator extractor needs to program RO ?

8 April 1st, 2015 | Marc Fischlin | PKC 2015 | 8 This work here: Model for simulation-sound adaptive ZK PoKs in ROM Show that one can work with it Show that one can achieve it Discuss that some approaches fail

9 April 1st, 2015 | Marc Fischlin | PKC 2015 | 9 RO same coins list of queries main execution (non-rewinding) local branches adversary wins if extractor at some point fails to compute witness  PPT adversaries  extractor: Pr [ adversary wins ] is negligible

10 April 1st, 2015 | Marc Fischlin | PKC 2015 | 10 Result #1 (applicability): CPA-secure encryption + simulation-sound adaptive zero-knowledge proof of knowledge in ROM  CCA-secure encryption in ROM so far: common reference string model [Groth, Chase-Lysanskaya, Dodis et al.] „I know message and randomness encrypted under CPA scheme“

11 April 1st, 2015 | Marc Fischlin | PKC 2015 | 11 Result #2 (feasibility): Fischlin‘s transformation with straightline extractor for ∑ protocols with special soundness is simulation-sound adaptive zero-knowledge proof of knowledge in the ROM so far: only shown for adaptive scenario in [Fischlin]

12 April 1st, 2015 | Marc Fischlin | PKC 2015 | 12 RO Idea: straightline extractor in Fischlin‘s scheme only needs hash queries of adversary

13 April 1st, 2015 | Marc Fischlin | PKC 2015 | 13 Result #3 (limitations): Fiat-Shamir-Schnorr transformation is not adaptive proof of knowledge under one-more DL assumption (for black-box extractors). so far: certain extractor strategy fails [Shoup-Gennaro] here: any efficient extractor strategy fails

14 April 1st, 2015 | Marc Fischlin | PKC 2015 | 14 One-More-DL Problem A Ch DL output more solutions to challenges than DL queries [Bellare et al.]

15 April 1st, 2015 | Marc Fischlin | PKC 2015 | 15 RO Metareduction Ch DL output more solutions to challenges than DL queries

16 April 1st, 2015 | Marc Fischlin | PKC 2015 | 16 RO Ch DL output more solutions to challenges than DL queries Metareduction use [Shoup-Gennaro] adversary here

17 April 1st, 2015 | Marc Fischlin | PKC 2015 | 17 RO Ch DL output more solutions to challenges than DL queries if extractor requires less than 2 executions to extract for some, then metareduction solves OMDL problem Metareduction use [Shoup-Gennaro] adversary here make at most 2 calls to DL for each

18 April 1st, 2015 | Marc Fischlin | PKC 2015 | 18 Final step in the proof (not here): If extractor requires 2 executions to extract for each then Shoup-Gennaro adversary forces exponential number of executions combinatorial, via execution tree

19 April 1st, 2015 | Marc Fischlin | PKC 2015 | 19 Take-home Message

20 April 1st, 2015 | Marc Fischlin | PKC 2015 | 20 RO 1.CPA + ss-adaptive PoK  CCA in ROM 2.Fischlin‘s transformation is an example for ss-adaptive PoK 3.Fiat-Shamir transformation in general is (presumably) not

Download ppt "13. Oktober 2010 | Dr.Marc Fischlin | Kryptosicherheit | 1 Adaptive Proofs of Knowledge in the Random Oracle Model 21. PKC 2015 Marc Fischlin joint work."

Similar presentations

On the (Im)Possibility of Arthur-Merlin Witness Hiding Protocols Iftach Haitner, Alon Rosen and Ronen Shaltiel 1.

On the (Im)Possibility of Arthur-Merlin Witness Hiding Protocols Iftach Haitner, Alon Rosen and Ronen Shaltiel 1.
Strict Polynomial-Time in Simulation and Extraction Boaz Barak & Yehuda Lindell.

Strict Polynomial-Time in Simulation and Extraction Boaz Barak & Yehuda Lindell.
ElGamal Security Public key encryption from Diffie-Hellman

ElGamal Security Public key encryption from Diffie-Hellman
Vote privacy: models and cryptographic underpinnings Bogdan Warinschi University of Bristol 1.

Vote privacy: models and cryptographic underpinnings Bogdan Warinschi University of Bristol 1.
Efficient Zero-Knowledge Proof Systems Jens Groth University College London.

Efficient Zero-Knowledge Proof Systems Jens Groth University College London.
New Results on PA/CCA Encryption Carmine Ventre and Ivan Visconti Università di Salerno.

New Results on PA/CCA Encryption Carmine Ventre and Ivan Visconti Università di Salerno.
1 Identity-Based Zero-Knowledge Jonathan Katz Rafail Ostrovsky Michael Rabin U. Maryland U.C.L.A. Harvard U.

1 Identity-Based Zero-Knowledge Jonathan Katz Rafail Ostrovsky Michael Rabin U. Maryland U.C.L.A. Harvard U.
REDUCTION-RESILIENT CRYPTOGRAPHY: PRIMITIVES THAT RESIST REDUCTIONS FROM ALL STANDARD ASSUMPTIONS Daniel Wichs (Charles River Crypto Day ‘12)

REDUCTION-RESILIENT CRYPTOGRAPHY: PRIMITIVES THAT RESIST REDUCTIONS FROM ALL STANDARD ASSUMPTIONS Daniel Wichs (Charles River Crypto Day ‘12)
1 Vipul Goyal Microsoft Research India Non-Black-Box Simulation in the Fully Concurrent Setting.

1 Vipul Goyal Microsoft Research India Non-Black-Box Simulation in the Fully Concurrent Setting.
Rennes, 24/10/2014 Cristina Onete CIDRE/ INRIA Sigma Protocols and (Non-Interactive) Zero Knowledge.

Rennes, 24/10/2014 Cristina Onete CIDRE/ INRIA Sigma Protocols and (Non-Interactive) Zero Knowledge.
Dominique Unruh Non-interactive zero-knowledge with quantum random oracles Dominique Unruh University of Tartu With Andris Ambainis, Ansis Rosmanis Estonian.

Dominique Unruh Non-interactive zero-knowledge with quantum random oracles Dominique Unruh University of Tartu With Andris Ambainis, Ansis Rosmanis Estonian.
Nir Bitansky, Ran Canetti, Omer Paneth, Alon Rosen.

Nir Bitansky, Ran Canetti, Omer Paneth, Alon Rosen.
Isolated PoK and Isolated ZK Ivan Damgård, Jesper Buus Nielsen and Daniel Wichs.

Isolated PoK and Isolated ZK Ivan Damgård, Jesper Buus Nielsen and Daniel Wichs.
Optimistic Concurrent Zero-Knowledge Alon Rosen IDC Herzliya abhi shelat University of Virginia.

Optimistic Concurrent Zero-Knowledge Alon Rosen IDC Herzliya abhi shelat University of Virginia.
1 Vipul Goyal Abhishek Jain Rafail Ostrovsky Silas Richelson Ivan Visconti Microsoft Research India MIT and BU UCLA University of Salerno, Italy Constant.

1 Vipul Goyal Abhishek Jain Rafail Ostrovsky Silas Richelson Ivan Visconti Microsoft Research India MIT and BU UCLA University of Salerno, Italy Constant.
Non-Malleable Hash Functions FORMACRYPT, 2007 Alexandra Boldyreva David Cash Marc Fischlin Bogdan Warinschi.

Non-Malleable Hash Functions FORMACRYPT, 2007 Alexandra Boldyreva David Cash Marc Fischlin Bogdan Warinschi.
Efficient Zero-Knowledge Proof Systems Jens Groth University College London.

Efficient Zero-Knowledge Proof Systems Jens Groth University College London.
Efficient Zero-Knowledge Proof Systems Jens Groth University College London FOSAD 2014.

Efficient Zero-Knowledge Proof Systems Jens Groth University College London FOSAD 2014.
Nir Bitansky and Omer Paneth. Interactive Proofs.

Nir Bitansky and Omer Paneth. Interactive Proofs.
Slide 1 Vitaly Shmatikov CS 380S Introduction to Zero-Knowledge.

Slide 1 Vitaly Shmatikov CS 380S Introduction to Zero-Knowledge.

Similar presentations

Ads by Google