Distinguisher-dependent simulation in two rounds and its applications

Abhishek Jain; Yael Tauman Kalai; Dakshita Khurana; Ron Rothblum

doi:10.1007/978-3-319-63715-0_6

Distinguisher-dependent simulation in two rounds and its applications

Abhishek Jain, Yael Tauman Kalai, Dakshita Khurana, Ron Rothblum

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

We devise a novel simulation technique that makes black-box use of the adversary as well as the distinguisher. Using this technique we construct several round-optimal protocols, many of which were previously unknown even using non-black-box simulation techniques: – Two-round witness indistinguishable (WI) arguments for NP from different assumptions than previously known. – Two-round arguments and three-round arguments of knowledge for NP that achieve strong WI, witness hiding (WH) and distributional weak zero knowledge (WZK) properties in a setting where the instance is only determined by the prover in the last round of the interaction. The soundness of these protocols is guaranteed against adaptive provers. – Three-round two-party computation satisfying input-indistinguishable security as well as a weaker notion of simulation security against malicious adversaries. – Three-round extractable commitments with guaranteed correctness of extraction from polynomial hardness assumptions. Our three-round protocols can be based on DDH or QR or N^th residuosity and our two-round protocols require quasi-polynomial hardness of the same assumptions. In particular, prior to this work, two-round WI arguments for NP were only known based on assumptions such as the existence of trapdoor permutations, hardness assumptions on bilinear maps, or the existence of program obfuscation; we give the first construction based on (quasi-polynomial) DDH or QR or N^th residuosity. Our simulation technique bypasses known lower bounds on black-box simulation [Goldreich-Krawcyzk’96] by using the distinguisher’s output in a meaningful way. We believe that this technique is likely to find additional applications in the future.

Original language	English
Title of host publication	Advances in Cryptology – CRYPTO 2017 - 37th Annual International Cryptology Conference, Proceedings
Editors	Jonathan Katz, Hovav Shacham
Pages	158-189
Number of pages	32
DOIs	https://doi.org/10.1007/978-3-319-63715-0_6
State	Published - 2017
Externally published	Yes
Event	37th Annual International Cryptology Conference, CRYPTO 2017 - Santa Barbara, United States Duration: 20 Aug 2017 → 24 Aug 2017

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	10402 LNCS

Conference

Conference	37th Annual International Cryptology Conference, CRYPTO 2017
Country/Territory	United States
City	Santa Barbara
Period	20/08/17 → 24/08/17

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-319-63715-0_6

Cite this

Jain, A., Kalai, Y. T., Khurana, D., & Rothblum, R. (2017). Distinguisher-dependent simulation in two rounds and its applications. In J. Katz, & H. Shacham (Eds.), Advances in Cryptology – CRYPTO 2017 - 37th Annual International Cryptology Conference, Proceedings (pp. 158-189). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10402 LNCS). https://doi.org/10.1007/978-3-319-63715-0_6

Jain, Abhishek ; Kalai, Yael Tauman ; Khurana, Dakshita et al. / Distinguisher-dependent simulation in two rounds and its applications. Advances in Cryptology – CRYPTO 2017 - 37th Annual International Cryptology Conference, Proceedings. editor / Jonathan Katz ; Hovav Shacham. 2017. pp. 158-189 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{50b2588102f84c38b08b905bf8ea38c1,

title = "Distinguisher-dependent simulation in two rounds and its applications",

abstract = "We devise a novel simulation technique that makes black-box use of the adversary as well as the distinguisher. Using this technique we construct several round-optimal protocols, many of which were previously unknown even using non-black-box simulation techniques: – Two-round witness indistinguishable (WI) arguments for NP from different assumptions than previously known. – Two-round arguments and three-round arguments of knowledge for NP that achieve strong WI, witness hiding (WH) and distributional weak zero knowledge (WZK) properties in a setting where the instance is only determined by the prover in the last round of the interaction. The soundness of these protocols is guaranteed against adaptive provers. – Three-round two-party computation satisfying input-indistinguishable security as well as a weaker notion of simulation security against malicious adversaries. – Three-round extractable commitments with guaranteed correctness of extraction from polynomial hardness assumptions. Our three-round protocols can be based on DDH or QR or Nth residuosity and our two-round protocols require quasi-polynomial hardness of the same assumptions. In particular, prior to this work, two-round WI arguments for NP were only known based on assumptions such as the existence of trapdoor permutations, hardness assumptions on bilinear maps, or the existence of program obfuscation; we give the first construction based on (quasi-polynomial) DDH or QR or Nth residuosity. Our simulation technique bypasses known lower bounds on black-box simulation [Goldreich-Krawcyzk{\textquoteright}96] by using the distinguisher{\textquoteright}s output in a meaningful way. We believe that this technique is likely to find additional applications in the future.",

author = "Abhishek Jain and Kalai, {Yael Tauman} and Dakshita Khurana and Ron Rothblum",

note = "Publisher Copyright: {\textcopyright} 2017, International Association for Cryptologic Research.; 37th Annual International Cryptology Conference, CRYPTO 2017 ; Conference date: 20-08-2017 Through 24-08-2017",

year = "2017",

doi = "10.1007/978-3-319-63715-0_6",

language = "الإنجليزيّة",

isbn = "9783319637143",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "158--189",

editor = "Jonathan Katz and Hovav Shacham",

booktitle = "Advances in Cryptology – CRYPTO 2017 - 37th Annual International Cryptology Conference, Proceedings",

}

Jain, A, Kalai, YT, Khurana, D & Rothblum, R 2017, Distinguisher-dependent simulation in two rounds and its applications. in J Katz & H Shacham (eds), Advances in Cryptology – CRYPTO 2017 - 37th Annual International Cryptology Conference, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10402 LNCS, pp. 158-189, 37th Annual International Cryptology Conference, CRYPTO 2017, Santa Barbara, United States, 20/08/17. https://doi.org/10.1007/978-3-319-63715-0_6

Distinguisher-dependent simulation in two rounds and its applications. / Jain, Abhishek; Kalai, Yael Tauman; Khurana, Dakshita et al.
Advances in Cryptology – CRYPTO 2017 - 37th Annual International Cryptology Conference, Proceedings. ed. / Jonathan Katz; Hovav Shacham. 2017. p. 158-189 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10402 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Distinguisher-dependent simulation in two rounds and its applications

AU - Jain, Abhishek

AU - Kalai, Yael Tauman

AU - Khurana, Dakshita

AU - Rothblum, Ron

PY - 2017

Y1 - 2017

N2 - We devise a novel simulation technique that makes black-box use of the adversary as well as the distinguisher. Using this technique we construct several round-optimal protocols, many of which were previously unknown even using non-black-box simulation techniques: – Two-round witness indistinguishable (WI) arguments for NP from different assumptions than previously known. – Two-round arguments and three-round arguments of knowledge for NP that achieve strong WI, witness hiding (WH) and distributional weak zero knowledge (WZK) properties in a setting where the instance is only determined by the prover in the last round of the interaction. The soundness of these protocols is guaranteed against adaptive provers. – Three-round two-party computation satisfying input-indistinguishable security as well as a weaker notion of simulation security against malicious adversaries. – Three-round extractable commitments with guaranteed correctness of extraction from polynomial hardness assumptions. Our three-round protocols can be based on DDH or QR or Nth residuosity and our two-round protocols require quasi-polynomial hardness of the same assumptions. In particular, prior to this work, two-round WI arguments for NP were only known based on assumptions such as the existence of trapdoor permutations, hardness assumptions on bilinear maps, or the existence of program obfuscation; we give the first construction based on (quasi-polynomial) DDH or QR or Nth residuosity. Our simulation technique bypasses known lower bounds on black-box simulation [Goldreich-Krawcyzk’96] by using the distinguisher’s output in a meaningful way. We believe that this technique is likely to find additional applications in the future.

AB - We devise a novel simulation technique that makes black-box use of the adversary as well as the distinguisher. Using this technique we construct several round-optimal protocols, many of which were previously unknown even using non-black-box simulation techniques: – Two-round witness indistinguishable (WI) arguments for NP from different assumptions than previously known. – Two-round arguments and three-round arguments of knowledge for NP that achieve strong WI, witness hiding (WH) and distributional weak zero knowledge (WZK) properties in a setting where the instance is only determined by the prover in the last round of the interaction. The soundness of these protocols is guaranteed against adaptive provers. – Three-round two-party computation satisfying input-indistinguishable security as well as a weaker notion of simulation security against malicious adversaries. – Three-round extractable commitments with guaranteed correctness of extraction from polynomial hardness assumptions. Our three-round protocols can be based on DDH or QR or Nth residuosity and our two-round protocols require quasi-polynomial hardness of the same assumptions. In particular, prior to this work, two-round WI arguments for NP were only known based on assumptions such as the existence of trapdoor permutations, hardness assumptions on bilinear maps, or the existence of program obfuscation; we give the first construction based on (quasi-polynomial) DDH or QR or Nth residuosity. Our simulation technique bypasses known lower bounds on black-box simulation [Goldreich-Krawcyzk’96] by using the distinguisher’s output in a meaningful way. We believe that this technique is likely to find additional applications in the future.

UR - http://www.scopus.com/inward/record.url?scp=85028461101&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-63715-0_6

DO - 10.1007/978-3-319-63715-0_6

M3 - منشور من مؤتمر

SN - 9783319637143

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 158

EP - 189

BT - Advances in Cryptology – CRYPTO 2017 - 37th Annual International Cryptology Conference, Proceedings

A2 - Katz, Jonathan

A2 - Shacham, Hovav

T2 - 37th Annual International Cryptology Conference, CRYPTO 2017

Y2 - 20 August 2017 through 24 August 2017

ER -

Jain A, Kalai YT, Khurana D, Rothblum R. Distinguisher-dependent simulation in two rounds and its applications. In Katz J, Shacham H, editors, Advances in Cryptology – CRYPTO 2017 - 37th Annual International Cryptology Conference, Proceedings. 2017. p. 158-189. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-63715-0_6

Distinguisher-dependent simulation in two rounds and its applications

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this