In [TCC 2009 and JoC 2011] Lindell and Zarosim defined adaptive-corruption zero knowledge giving to the environment the power to perform post-execution corruption only. Moreover, their zero-knowledge proof system does not enjoy adaptive-input selection since it crucially relies on fixing the inputs already at the onset of the protocol. In this paper, we propose a new definition of adaptive-corruption zero-knowledge proofs that more naturally fits the setting that benefits from adaptive-input selection. We allow the non-rewindable environment to corrupt the prover adaptively based on its visibility of the messages exchanged so far. Then we show a zero-knowledge proof system for NP that is doubly adaptive (i.e., it enjoys adaptive-corruption under our stronger notion and adaptive-input selection) matching the same assumptions and round complexity of classical zero-knowledge proofs.
Doubly adaptive zero-knowledge proofs
Visconti I.
2023-01-01
Abstract
In [TCC 2009 and JoC 2011] Lindell and Zarosim defined adaptive-corruption zero knowledge giving to the environment the power to perform post-execution corruption only. Moreover, their zero-knowledge proof system does not enjoy adaptive-input selection since it crucially relies on fixing the inputs already at the onset of the protocol. In this paper, we propose a new definition of adaptive-corruption zero-knowledge proofs that more naturally fits the setting that benefits from adaptive-input selection. We allow the non-rewindable environment to corrupt the prover adaptively based on its visibility of the messages exchanged so far. Then we show a zero-knowledge proof system for NP that is doubly adaptive (i.e., it enjoys adaptive-corruption under our stronger notion and adaptive-input selection) matching the same assumptions and round complexity of classical zero-knowledge proofs.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.