## Abstract

Interactive hashing, introduced by Naor, Ostrovsky, Venkatesan, and Yung (J. Cryptol. 11(2):87-108, 1998), plays an important role in many cryptographic protocols. In particular, interactive hashing is a major component in all known constructions of statistically hiding commitment schemes and of statistical zero-knowledge arguments based on general one-way permutations/functions. Interactive hashing with respect to a one-way function f is a two-party protocol that enables a sender who knows y=f(x) to transfer a random hash z=h(y) to a receiver such that the sender is committed to y: the sender cannot come up with x and x′ such that f(x)≠f(x′), but h(f(x))=h(f(x′))=z. Specifically, if f is a permutation and h is a two-to-one hash function, then the receiver does not learn which of the two preimages {y,y′}=h ^{-1}(z) is the one the sender can invert with respect to f. This paper reexamines the notion of interactive hashing, and proves the security of a variant of the Naor et al. protocol, which yields a more versatile interactive hashing theorem. When applying our new proof to (an equivalent variant of) the Naor et al. protocol, we get an alternative proof for this protocol that seems simpler and more intuitive than the original one, and achieves better parameters (in terms of how security preserving the reduction is).

Original language | English |
---|---|

Pages (from-to) | 109-138 |

Number of pages | 30 |

Journal | Journal of Cryptology |

Volume | 27 |

Issue number | 1 |

DOIs | |

State | Published - Jan 2014 |

## Keywords

- Cryptography
- Interactive hashing
- Statistical zero-knowledge arguments
- Statistically hiding and computationally binding commitments

## All Science Journal Classification (ASJC) codes

- Software
- Computer Science Applications
- Applied Mathematics