Stateless Cryptographic Protocols

Vipul Goyal, H. K. Maji
{"title":"Stateless Cryptographic Protocols","authors":"Vipul Goyal, H. K. Maji","doi":"10.1109/FOCS.2011.74","DOIUrl":null,"url":null,"abstract":"Secure computation protocols inherently involve multiple rounds of interaction among the parties where, typically a party has to keep a state about what has happened in the protocol so far and then \\emph{wait} for the other party to respond. We study if this is inherent. In particular, we study the possibility of designing cryptographic protocols where the parties can be completely stateless and compute the outgoing message by applying a single fixed function to the incoming message (independent of any state). The problem of designing stateless secure computation protocols can be reduced to the problem of designing protocols satisfying the notion of reset table computation introduced by Canetti, Goldreich, Gold wasser and Micali (FOCS'01) and widely studied thereafter. The current start of art in reset table computation allows for construction of protocols which provide security only when a \\emph{single predetermined} party is reset table \\cite{GoyalSa09}. An exception is for the case of the zero-knowledge functionality for which a protocol in which both parties are reset table was recently obtained by Deng, Goyal and Sahai (FOCS'09). The fundamental question left open in this sequence of works is, whether fully-reset table computation is possible, when:\\begin{enumerate}\\item An adversary can corrupt any number of parties, and\\item The adversary can reset any party to its original state during the execution of the protocol and can restart the protocol. \\end{enumerate}In this paper, we resolve the above problem by constructing secure protocols realizing \\emph{any} efficiently computable multi-party functionality in the plain model under standard cryptographic assumptions. First, we construct a Fully-Reset table Simulation Sound Zero-Knowledge (ss-rs-rZK) protocol. Next, based on these ss-rs-rZK protocols, we show how to compile any semi-honest secure protocol into a protocol secure against fully resetting adversaries. Next, we study a seemingly unrelated open question: ``Does there exist a functionality which, in the concurrent setting, is impossible to securely realize using BB simulation but can be realized using NBB simulation ? & quot;. We resolve the above question in the affirmative by giving an example of such a (reactive) functionality. Somewhat surprisingly, this is done by making a connection to the existence of a fully reset table simulation sound zero-knowledge protocol.","PeriodicalId":326048,"journal":{"name":"2011 IEEE 52nd Annual Symposium on Foundations of Computer Science","volume":"24 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"28","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 IEEE 52nd Annual Symposium on Foundations of Computer Science","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/FOCS.2011.74","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 28

Abstract

Secure computation protocols inherently involve multiple rounds of interaction among the parties where, typically a party has to keep a state about what has happened in the protocol so far and then \emph{wait} for the other party to respond. We study if this is inherent. In particular, we study the possibility of designing cryptographic protocols where the parties can be completely stateless and compute the outgoing message by applying a single fixed function to the incoming message (independent of any state). The problem of designing stateless secure computation protocols can be reduced to the problem of designing protocols satisfying the notion of reset table computation introduced by Canetti, Goldreich, Gold wasser and Micali (FOCS'01) and widely studied thereafter. The current start of art in reset table computation allows for construction of protocols which provide security only when a \emph{single predetermined} party is reset table \cite{GoyalSa09}. An exception is for the case of the zero-knowledge functionality for which a protocol in which both parties are reset table was recently obtained by Deng, Goyal and Sahai (FOCS'09). The fundamental question left open in this sequence of works is, whether fully-reset table computation is possible, when:\begin{enumerate}\item An adversary can corrupt any number of parties, and\item The adversary can reset any party to its original state during the execution of the protocol and can restart the protocol. \end{enumerate}In this paper, we resolve the above problem by constructing secure protocols realizing \emph{any} efficiently computable multi-party functionality in the plain model under standard cryptographic assumptions. First, we construct a Fully-Reset table Simulation Sound Zero-Knowledge (ss-rs-rZK) protocol. Next, based on these ss-rs-rZK protocols, we show how to compile any semi-honest secure protocol into a protocol secure against fully resetting adversaries. Next, we study a seemingly unrelated open question: ``Does there exist a functionality which, in the concurrent setting, is impossible to securely realize using BB simulation but can be realized using NBB simulation ? & quot;. We resolve the above question in the affirmative by giving an example of such a (reactive) functionality. Somewhat surprisingly, this is done by making a connection to the existence of a fully reset table simulation sound zero-knowledge protocol.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
无状态加密协议
安全计算协议本质上涉及各方之间的多轮交互,其中,通常一方必须保持协议中到目前为止发生的事情的状态,然后\emph{等待}另一方响应。我们研究这是否是固有的。特别是,我们研究了设计加密协议的可能性,其中各方可以完全无状态,并通过对传入消息应用单个固定函数(独立于任何状态)来计算传出消息。设计无状态安全计算协议的问题可以归结为设计满足重置表计算概念的协议问题,该概念由Canetti、Goldreich、Gold wasser和Micali (FOCS'01)提出,并在此后得到了广泛的研究。重置表计算的当前开始允许构建仅当\emph{单个预定}方是重置表\cite{GoyalSa09}时才提供安全性的协议。一个例外是零知识功能的情况,其中双方都是重置表的协议最近由Deng, Goyal和Sahai获得(FOCS'09)。在这一系列工作中留下的基本问题是,完全重置表计算是否可能,当:\begin{enumerate}\item 一个对手可以腐蚀任何数量的政党,而且\item 攻击者可以在协议执行期间将任何一方重置为其原始状态,并可以重新启动协议。 \end{enumerate}在本文中,我们通过构建安全协议来解决上述问题,在标准密码学假设下,在普通模型中实现\emph{任何}有效可计算的多方功能。首先,我们构建了一个完全重置表模拟声音零知识(ss-rs-rZK)协议。接下来,基于这些ss-rs-rZK协议,我们将展示如何将任何半诚实的安全协议编译成针对完全重置对手的安全协议。接下来,我们研究了一个看似无关的开放问题:“是否存在一种功能,在并发设置中,不可能使用BB模拟安全实现,但可以使用NBB模拟实现?”& quot;。我们通过给出一个这样的(响应式)功能的例子来肯定地解决上述问题。有些令人惊讶的是,这是通过连接到一个完全重置表模拟声音零知识协议的存在来完成的。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
A Randomized Rounding Approach to the Traveling Salesman Problem Welfare and Profit Maximization with Production Costs Which Networks are Least Susceptible to Cascading Failures? Computing Blindfolded: New Developments in Fully Homomorphic Encryption The 1D Area Law and the Complexity of Quantum States: A Combinatorial Approach
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1