TY - GEN
T1 - Statistically hiding sets
AU - Prabhakaran, Manoj
AU - Xue, Rui
N1 - Copyright:
Copyright 2012 Elsevier B.V., All rights reserved.
PY - 2009
Y1 - 2009
N2 - Zero-knowledge set is a primitive introduced by Micali, Rabin, and Kilian (FOCS 2003) which enables a prover to commit a set to a verifier, without revealing even the size of the set. Later the prover can give zero-knowledge proofs to convince the verifier of membership/nonmembership of elements in/not in the committed set. We present a new primitive called Statistically Hiding Sets (SHS), similar to zeroknowledge sets, but providing an information theoretic hiding guarantee, rather than one based on efficient simulation. Then we present a new scheme for statistically hiding sets, which does not fit into the "Merkletree/ mercurial-commitment" paradigm that has been used for all zeroknowledge set constructions so far. This not only provides efficiency gains compared to the best schemes in that paradigm, but also lets us provide statistical hiding; previous approaches required the prover to maintain growing amounts of state with each new proof for such a statistical security. Our construction is based on an algebraic tool called trapdoor DDH groups (TDG), introduced recently by Dent and Galbraith (ANTS 2006). However the specific hardness assumptions we associate with TDG are different, and of a strong nature - strong RSA and a knowledge-ofexponent assumption. Our new knowledge-of-exponent assumption may be of independent interest.We prove this assumption in the generic group model.
AB - Zero-knowledge set is a primitive introduced by Micali, Rabin, and Kilian (FOCS 2003) which enables a prover to commit a set to a verifier, without revealing even the size of the set. Later the prover can give zero-knowledge proofs to convince the verifier of membership/nonmembership of elements in/not in the committed set. We present a new primitive called Statistically Hiding Sets (SHS), similar to zeroknowledge sets, but providing an information theoretic hiding guarantee, rather than one based on efficient simulation. Then we present a new scheme for statistically hiding sets, which does not fit into the "Merkletree/ mercurial-commitment" paradigm that has been used for all zeroknowledge set constructions so far. This not only provides efficiency gains compared to the best schemes in that paradigm, but also lets us provide statistical hiding; previous approaches required the prover to maintain growing amounts of state with each new proof for such a statistical security. Our construction is based on an algebraic tool called trapdoor DDH groups (TDG), introduced recently by Dent and Galbraith (ANTS 2006). However the specific hardness assumptions we associate with TDG are different, and of a strong nature - strong RSA and a knowledge-ofexponent assumption. Our new knowledge-of-exponent assumption may be of independent interest.We prove this assumption in the generic group model.
UR - http://www.scopus.com/inward/record.url?scp=67650132612&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=67650132612&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-00862-7_7
DO - 10.1007/978-3-642-00862-7_7
M3 - Conference contribution
AN - SCOPUS:67650132612
SN - 9783642008610
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 100
EP - 116
BT - Topics in Cryptology - CT-RSA 2009 - The Cryptographers' Track at the RSA Conference 2009, Proceedings
T2 - Cryptographers' Track at the RSA Conference, CT-RSA 2009
Y2 - 20 April 2009 through 24 April 2009
ER -