TY - GEN
T1 - Achieving constant round leakage-resilient zero-knowledge
AU - Pandey, Omkant
PY - 2014
Y1 - 2014
N2 - Recently there has been a huge emphasis on constructing cryptographic protocols that maintain their security guarantees even in the presence of side channel attacks. Such attacks exploit the physical characteristics of a cryptographic device to learn useful information about the internal state of the device. Designing protocols that deliver meaningful security even in the presence of such leakage attacks is a challenging task. The recent work of Garg, Jain, and Sahai formulates a meaningful notion of zero-knowledge in presence of leakage; and provides a construction which satisfies a weaker variant of this notion called (1 + ε)-leakage-resilient-zero-knowledge, for every constant ε > 0. In this weaker variant, roughly speaking, if the verifier learns ℓ bits of leakage during the interaction, then the simulator is allowed to access (1 + ε)·ℓ bits of leakage. The round complexity of their protocol is. In this work, we present the first construction of leakage-resilient zero-knowledge satisfying the ideal requirement of ε = 0. While our focus is on a feasibility result for ε = 0, our construction also enjoys a constant number of rounds. At the heart of our construction is a new "public-coin preamble" which allows the simulator to recover arbitrary information from a (cheating) verifier in a "straight line." We use non-black-box simulation techniques to accomplish this goal.
AB - Recently there has been a huge emphasis on constructing cryptographic protocols that maintain their security guarantees even in the presence of side channel attacks. Such attacks exploit the physical characteristics of a cryptographic device to learn useful information about the internal state of the device. Designing protocols that deliver meaningful security even in the presence of such leakage attacks is a challenging task. The recent work of Garg, Jain, and Sahai formulates a meaningful notion of zero-knowledge in presence of leakage; and provides a construction which satisfies a weaker variant of this notion called (1 + ε)-leakage-resilient-zero-knowledge, for every constant ε > 0. In this weaker variant, roughly speaking, if the verifier learns ℓ bits of leakage during the interaction, then the simulator is allowed to access (1 + ε)·ℓ bits of leakage. The round complexity of their protocol is. In this work, we present the first construction of leakage-resilient zero-knowledge satisfying the ideal requirement of ε = 0. While our focus is on a feasibility result for ε = 0, our construction also enjoys a constant number of rounds. At the heart of our construction is a new "public-coin preamble" which allows the simulator to recover arbitrary information from a (cheating) verifier in a "straight line." We use non-black-box simulation techniques to accomplish this goal.
UR - https://www.scopus.com/pages/publications/84958552521
U2 - 10.1007/978-3-642-54242-8_7
DO - 10.1007/978-3-642-54242-8_7
M3 - Conference contribution
AN - SCOPUS:84958552521
SN - 9783642542411
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 146
EP - 166
BT - Theory of Cryptography - 11th Theory of Cryptography Conference, TCC 2014, Proceedings
PB - Springer Verlag
T2 - 11th Theory of Cryptography Conference on Theory of Cryptography, TCC 2014
Y2 - 24 February 2014 through 26 February 2014
ER -