Zero-knowledge using garbled circuits: Or how to prove non-algebraic statements efficiently

Publikation: Bidrag til bog/antologi/rapport/proceedingKonferencebidrag i proceedingsForskningpeer review



Zero-knowledge protocols are one of the fundamental concepts in modern cryptography and have countless applications. However, after more than 30 years from their introduction, there are only very few languages (essentially those with a group structure) for which we can construct zero-knowledge protocols that are efficient enough to be used in practice.

In this paper we address the problem of how to construct efficient zero-knowledge protocols for generic languages and we propose a protocol based on Yao's garbled circuit technique.

The motivation for our work is that in many cryptographic applications it is useful to be able to prove efficiently statements of the form e.g., "I know x s.t.y = SHA-256(x)" for a common input y (or other "unstructured" languages), but no efficient protocols for this task are currently known.

It is clear that zero-knowledge is a subset of secure two-party computation (i.e., any protocol for generic secure computation can be used to do zero-knowledge). The main contribution of this paper is to construct an efficient protocol for the special case of secure two-party computation where only one party has input (like in the zero-knowledge case). The protocol achieves active security and is essentially only twice as slow as the passive secure version of Yao's garbled circuit protocol. This is a great improvement with respect to the cut-n-choose technique to make Yao's protocol actively secure, where the complexity grows linearly with the security parameter.
OriginalsprogEngelsk
TitelProceedings of the ACM Conference on Computer and Communications Security, CCS '13
RedaktørerAhmad-Reza Sadeghi , Virgil Gligor, Moti Yung
Antal sider12
ForlagAssociation for Computing Machinery
Udgivelsesår1 jan. 2013
Sider955-966
ISBN (trykt)9781450324779
DOI
StatusUdgivet - 1 jan. 2013
BegivenhedACM SIGSAC Conference on Computer & Communications Security - Berlin, Tyskland
Varighed: 4 nov. 20138 nov. 2013
Konferencens nummer: 20

Konference

KonferenceACM SIGSAC Conference on Computer & Communications Security
Nummer20
LandTyskland
ByBerlin
Periode04/11/201308/11/2013
SerietitelProceedings of the ACM Conference on Computer and Communications Security
ISSN1543-7221

Se relationer på Aarhus Universitet Citationsformater

ID: 166877457