A Concrete Introduction to Higher Algebra, 2nd Edition

Info icon This preview shows pages 1–3. Sign up to view the full content.

U.C. Berkeley — CS276: Cryptography Commitment Schemes; ZK continued Professors Luca Trevisan and David Wagner 3/14/02 – Scribe: Kenji Obata Commitment Schemes; ZK continued 1 Zero Knowledge Protocol for 3-Coloring Last time, we saw the following zero knowledge protocol for proving graph 3-colorability: 1. Prover randomly permutes the colors in his graph coloring. For each vertex v , he sends to Verifier a “lockbox” containing the color of v (the lockbox has the property that Prover cannot modify its contents once sent, and Verifier cannot see its contents, without the lockbox key). 2. Verifier randomly selects an edge ( u, v ) E and sends this to Prover. 3. Prover checks that ( u, v ) E and sends the lockbox keys for vertices u and v to Verifier. 4. Verifier uses the keys to unlock boxes u and v and checks that the colors inside are indeed distinct. For this to be a valid proof system for 3-colorability, we need to establish: Completeness: Obvious. Soundness: Suppose that Prover attempts to prove 3-colorability for a non-3-colorable graph G . Then there exists at least one edge ( u, v ) E such that u and v have the same color. Verifier will select such an edge with probability at least 1 /m in step 2 and therefore detect the violation in step 4. By iterating the protocol, say, km times, Verifier can achieve a soundness probability 1 /e k . To (informally) establish zero knowledge, we define a simulator as follows: Simulator simply guesses the edge ( u, v ) which the verifier will ask in step 2. In step 1, Simulator sends all empty boxes for vertices i = u, v , and sends two random distinct colors in the boxes for u and v . If Verifier happens to ask for ( u, v ) in step 2, then the resulting interaction is identical to the legitimate protocol, ie Verifier sees a random pair of distinct colors in the opened boxes; otherwise, Simulator outputs “fail” and tries again. By iterating O ( m ) times, Simulator achieves a constant probability of failure. In order to make this into a realizable protocol, we need a computational equivalent of the “lockbox”. To this end, we turn to...
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

Commitment Schemes; ZK continued 2 2 Commitment Schemes Informally, a bit commitment scheme is a two-party protocol in which Alice is able to send the digital equivalent of a lockbox containing an input b ∈ { 0 , 1 } to Bob. At the end of the first, commitment phase of the protocol, a particular value of b is fixed and Alice and Bob have interacted in such a way that Bob has little or no information about the value of b (the hiding property ). In the second, disclose phase of the protocol, the value of b is revealed to Bob. Furthermore, Bob is able to detect whether the value of b revealed to him is the same value to which Alice committed in the commitment phase of the protocol (the binding property ).
Image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.
  • Spring '02
  • Trevisan
  • Cryptography, Commitment scheme, Alice, Zero-knowledge proof, commitment schemes

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern