[PDF] Top 20 Non-interactive zero-knowledge proofs in the quantum random oracle model

... at random by the verifier, and the “response” resp is computed by the prover depending on ...a random oracle H , the Fiat-Shamir construction produces the commitment com, computes the challenge ch := ... See full document

... malformed proofs to extract the verification ...our knowledge, constructing designated-verifier zero-knowledge proof systems whose soundness is maintained after polynomially many interactions ... See full document

... a model where a verifier interacts with two computationally- bounded provers at least one of which is honest ...for random-access machines, and therefore does not require reducing random-access ... See full document

... is non-negligible, and thus the security proof is ...standard model that the above technique is conceptually very similar to the partitioning technique which is often used in the context of adaptively ... See full document

... Anonymity. As in the case of ring signatures, anonymity implies that a valid signature does not reveal the user who generated that signature (except to the group manager who holds gmsk); this should hold even if the ... See full document

... of proofs of sequential work (PoSW), and give a construction in the random oracle model (ROM), their construction can be made non-interactive using the Fiat-Shamir methodology ... See full document

... for proofs of knowledge was recently studied by Bernhard et ...the non-interactive version of the Schnorr protocol obtained using the Fiat-Shamir transformation is not adaptively secure unless ... See full document

... constructing non-interactive zero-knowledge proofs is via the Fiat-Shamir heuristic [FS86], for reducing interaction in (public-coin) interactive ...the ... See full document

... Let E = (Setup, KeyGen, Encrypt, Decrypt) be an encryption scheme and let (ek, dk) be a pair of keys output by KeyGen(param) (where param are global parameters output by Setup(1 K )). We assume that the encryption scheme ... See full document

... of proofs of knowledge we can extend the approach to adaptive proofs of ...adaptive proofs formally without simu- lation soundness using so-called n-proofs, where n is a parameter ... See full document

... abstractions model non-interactive ZK proofs, ...common) interactive ZK proofs thus requires a conceptually different approach, as such proofs cannot be replayed, put into ... See full document

... an interactive ZK argument system, in which, given the public input (H, A, G), the user is able to prove the possession of a secret tuple (j, s, x, u, f , e) satisfying (1) and ...made ... See full document

... have quantum access to: one is the all-zero func- tion, and the other marks a set of strings that could be used to break the computational ...in quantum query complexity. This enables us to program a ... See full document

... signatures, non-interactive key exchange (usually a Diffie-Hellman key exchange performed on long-term Diffie-Hellman keys), or public key ...security model [47, ... See full document

... also non-interactive proof systems in which the verifier has oracle access to an object, and needs to decide whether the object is close to having a predetermined ...(i.e., oracle) access to ... See full document

... first model the polynomial evaluation as the inner product between two vectors of size N : one defined by the coefficients of the polynomial and the other defined by the evaluation point computed on each monomial ... See full document

... On non-uniformity. Often, because auxiliary input can also capture non-uniformity, the issues of auxiliary input and non-uniformity are treated jointly in ...with non-uniformity ...potentially ... See full document

... of zero-knowledge, an honest verifier follows the protocol specification using a uniformly random ...preserve zero-knowledge in the presence of a malicious verifier is to enforce the ... See full document

... the quantum random oracle model, and we present them under a unified framework which we hope will be easy to ...indeed random, no prover can fool the verifier to ...a random ... See full document

... CJL + 16. Lily Chen, Stephen Jordan, Yi-Kai Liu, Dustin Moody, Rene Peralta, Ray Perlner, and Daniel Smith-Tone. Report on post-quantum cryptography. Technical report, National Institute of Standards and ... See full document