The delayed-input witness-indistinguishable proof of knowledge of Lapidot and Shamir (LS) [CRYPTO 1989] is a powerful tool for designing round-efficient cryptographic protocols. Since LS was designed for the language of Hamiltonian graphs, when used as subprotocol it usually requires expensive NP reductions. We first overview how LS works, how it can be used to obtain round-efficient protocols as shown by Ostrovsky and Visconti [ECCC 2012] and why it suffers of intrinsic efficiency limitations. Then we will overview some recent advances on delayed-input cryptographic protocols and their applications. We will in particular consider the efficient witness-indistinguishable proofs of knowledge of Ciampi, Persiano, Scafuro, Siniscalchi and Visconti [TCC 2016a, Eurocrypt 2016], and the round-efficient non-malleable commitments of Ciampi, Ostrovsky, Siniscalchi and Visconti [Crypto 2016, Eprint 2016].
Delayed-input cryptographic protocols
VISCONTI, Ivan
2017-01-01
Abstract
The delayed-input witness-indistinguishable proof of knowledge of Lapidot and Shamir (LS) [CRYPTO 1989] is a powerful tool for designing round-efficient cryptographic protocols. Since LS was designed for the language of Hamiltonian graphs, when used as subprotocol it usually requires expensive NP reductions. We first overview how LS works, how it can be used to obtain round-efficient protocols as shown by Ostrovsky and Visconti [ECCC 2012] and why it suffers of intrinsic efficiency limitations. Then we will overview some recent advances on delayed-input cryptographic protocols and their applications. We will in particular consider the efficient witness-indistinguishable proofs of knowledge of Ciampi, Persiano, Scafuro, Siniscalchi and Visconti [TCC 2016a, Eurocrypt 2016], and the round-efficient non-malleable commitments of Ciampi, Ostrovsky, Siniscalchi and Visconti [Crypto 2016, Eprint 2016].I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
