DocumentCode :
2956109
Title :
A New Interactive Hashing Theorem
Author :
Haitner, Iftach ; Reingold, Omer
Author_Institution :
Weizmann Inst. of Sci., Rehovot
fYear :
2007
fDate :
13-16 June 2007
Firstpage :
319
Lastpage :
332
Abstract :
Interactive hashing, introduced by Naor, Ostrovsky, Venkatesan and Yung (CRYPTO ´92), plays an important role in many cryptographic protocols. In particular, it is a major component in all known constructions of statistically- hiding commitment schemes and of zero-knowledge arguments based on general one-way permutations and on one- way functions. Interactive hashing with respect to a one-way permutation f, is a two-party protocol that enables a sender that knows y = f(x) to transfer a random hash z = h(y) to a receiver. The receiver is guaranteed that the sender is committed to y (in the sense that it cannot come up with x and x´ such that f(x) Dagger f(x´) but h(f(x)) = h(f(x´)) = z). The sender is guaranteed that the receiver does not learn any additional information on y. In particular, when h is a two-to-one hash function, the receiver does not learn which of the two pre images {y,y´} = h-1 (z) is the one the sender can invert with respect to f. This paper reexamines the notion of interactive hashing. We give an alternative proof for the Naor et. al. protocol, which seems to us significantly simpler and more intuitive than the original one. Moreover, the new proof achieves much better parameters (in terms of how security preserving the reduction is). Finally, our proof implies a more versatile interactive hashing theorem for a more general setting than that of the Naor et. al. protocol. One generalization relates to the selection of hash function h (allowing much more flexibility). More importantly, the theorem applies to the case where the underlying function f is hard- to-invert only on some given (possibly sparse) subset of the output strings. In other words, the theorem is tuned towards hashing of a value y that may be distributed over a sparse subset of the domain (rather than uniform on the entire domain as a random output of a one-way permutation is). Our interest in interactive hashing is in part as a very appealing object (i.e., indepen- dent of any particular application). Furthermore, a major motivation for looking into interactive hashing is towards improving and simplifying previous constructions of statistical zero-knowledge and statistical commitments (that employ interactive hashing as a central building block). We make some preliminary progress in this direction as well.
Keywords :
cryptography; cryptographic protocols; interactive hashing theorem; statistically-hiding commitment schemes; zero-knowledge arguments; Computer science; Cryptographic protocols; Cryptography; Information security;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Computational Complexity, 2007. CCC '07. Twenty-Second Annual IEEE Conference on
Conference_Location :
San Diego, CA
ISSN :
1093-0159
Print_ISBN :
0-7695-2780-9
Type :
conf
DOI :
10.1109/CCC.2007.3
Filename :
4262773
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2956109
بازگشت