Zero-Knowledge Proofs

This article provides necessary and sufficient conditions for deadlock-free unicast and multicast routing with the path-based routing model in interconnection networks that use the wormhole switching technique. The theory is developed around three central concepts: channel waiting, False Resource Cycles , and valid destination sets . The first two concepts are suitable extensions to those developed for unicast routing by two authors of this article; the third concept has been developed by Lin and Ni. The necessary and sufficient conditions relax the requirements for deadlock-free routing, compared to techniques that provide only a sufficient condition. These necessary and sufficient conditions can be applied in a straightforward manner to prove deadlock freedom of newly developed adaptive routing algorithms for collective communication, which in turn will help in developing efficient and correct routing algorithms. The latter point is illustrated by developing two routing algorithms...

Ring signature enables an user to anonymously sign a message on behalf of a group of users termed as 'ring' formed in an 'ad-hoc' manner. A naive scheme produces a signature linear in the size of the ring, but this is extremely inefficient when ring size is large. Dodis et al. proposed a constant size scheme in EUROCRYPT'13, but provably secure in random oracle model. Best known result without random oracle is a sub-linear size construction by Chandran et al. in ICALP'07 and a follow-up work by Essam Ghadafi in IMACC'13. Therefore, construction of a constant size ring signature scheme without random oracle meeting stringent security requirement still remains as an interesting open problem. Our first contribution is a generic technique to convert a compatible signature scheme to a constantsized ring signature scheme. The technique employs a constant size set membership check that may be of independent interest. Our construction is instantiated over asymmetric pairing of composite order and optimally efficient. The scheme meets strongest security requirements, viz. anonymity under full key exposure and unforgeability against insider-corruption without using random oracle under simple hardness assumptions. We also provide a concrete instantiation of the scheme based on Full Boneh-Boyen signatures.

Mix-networks, a family of anonymous messaging protocols, have been engineered to withstand a wide range of theoretical internal and external adversaries. An undetectable insider threat—voluntary partial trace disclosures by server administrators—remains a troubling source of vulnerability. An administrator's cooperation could be the resulting coercion, bribery, or a simple change of interests. While eliminating this insider threat is impossible, it is feasible to deter such unauthorized disclosures by bundling them with additional penalties. We abstract these costs with collateral keys, which grant access to customizable resources. This article introduces the notion of trace-deterring mix-networks, which encode collateral keys for every server-node into every end-to-end message trace. The network reveals no keying material when the input-to-output transitions of individual servers remain secret. Two permutation strategies for encoding key information into traces, mix-and-flip an...

Nowadays, the use of Radio Frequency Identification (RFID) systems in industry and stores has increased. Nevertheless, some of these systems present privacy problems that may discourage potential users. Hence, high confidence and efficient privacy protocols are urgently needed. Previous studies in the literature proposed schemes that are proven to be secure, but they have scalability problems. A feasible and scalable protocol to guarantee privacy is presented in this paper. The proposed protocol uses elliptic curve cryptography combined with a zero knowledge-based authentication scheme. An analysis to prove the system secure, and even forward secure is also provided.

While offering transparency and decentralization, Open blockchain networks inadvertently expose user identities and sensitive transaction details. Existing privacy solutions often focus on simple token transfers (e.g., mixers) but fail to protect more complex operations such as smart contract executions. This paper tackles these challenges by introducing a novel application-layer framework anonymizing token transactions and smart contract calls. Building on the principles of Tornado Cash, the approach pools user transactions off-chain, obscuring the link between senders, recipients, and contract interactions. Zero-knowledge proofs were integrated to ensure verifiability without revealing underlying data, all without altering network or consensus mechanisms. Further, a sustainable incentive model is proposed that compensates relayers and executors for gas fees and computational effort, maintaining economic viability. The results indicate that the framework is scalable and platformagnostic and significantly improves privacy for decentralized applications, mitigating identity exposure and transaction traceability in modern blockchain ecosystems.

The notion of Zero Knowledge introduced by Goldwasser, Micali and Rackoff in STOC 1985 is fundamental in Cryptography. Motivated by conceptual and practical reasons, this notion has been explored under stronger definitions. We will consider the following two main strengthened notions. Statistical Zero Knowledge: here the zero-knowledge property will last forever, even in case in future the adversary will have unlimited power. Concurrent Non-Malleable Zero Knowledge: here the zeroknowledge property is combined with non-transferability and the adversary fails in mounting a concurrent man-in-the-middle attack aiming at transferring zero-knowledge proofs/arguments. Besides the well-known importance of both notions, it is still unknown whether one can design a zero-knowledge protocol that satisfies both notions simultaneously. In this work we shed light on this question in a very strong sense. We show a statistical concurrent non-malleable zero-knowledge argument system for N P with a black-box simulator-extractor.

We provide the first construction of a concurrent and non-malleable zero knowledge argument for every language in NP. We stress that our construction is in the plain model without allowing a common random string, trusted parties, or super-polynomial simulation. That is, we construct a zero knowledge protocol Π such that for every polynomial-time adversary that can adaptively and concurrently schedule polynomially many executions of Π, and corrupt some of the verifiers and some of the provers in these sessions, there is a polynomial-time simulator that can simulate a transcript of the entire execution, along with the witnesses for all statements proven by a corrupt prover to an honest verifier. Our security model is the traditional model for concurrent zero knowledge, where the statements to be proven by the honest provers are fixed in advance and do not depend on the previous history (but can be correlated with each other); corrupted provers, of course, can chose the statements adaptively. We also prove that there exists some functionality F (a combination of zero knowledge and oblivious transfer) such that it is impossible to obtain a concurrent non-malleable protocol for F in this model. Previous impossibility results for composable protocols ruled out existence of protocols for a wider class of functionalities (including zero knowledge!) but only if these protocols were required to remain secure when executed concurrently with arbitrarily chosen different protocols (Lindell, FOCS 2003) or if these protocols were required to remain secure when the honest parties' inputs in each execution are chosen adaptively based on the results of previous executions (Lindell, TCC 2004). We obtain an Õ(n)-round protocol under the assumption that one-to-one one-way functions exist. This can be improved to Õ(k log n) rounds under the assumption that there exist k-round statistically hiding commitment schemes. Our protocol is a black-box zero knowledge protocol.

An interactive proof system (or argument) (i v, V) is concur. rent zero.knowledgeif whenever the prover engages in polynomially many concurrent executions of (P, V), with (possibly distinct) colluding polynomial time bounded verifiers ~,..., ~v(,0, the entire undertaking is zero-knowledge. Dwork, Naor, and S~,ai recently showed the existence of a large class of concurrent zero-knowledge arguments, including arguments for all of NP, under a reasonable assumption on the behavior of clocks of nor.faulty processors. In this paper, we continue the study of concurrent zero-knowledge arguments. After observing that, without recourse to timing, the existence of a trusted center considerably simplifies the design and proof of many concurrent zero-knowledge arguments (again including arguments for all of NP), we design a preprocessing protocol, making use of timing, to simulate the trusted center for the purposes of achieving concurrent zero-knowledge. Once a particular prover and verifier have executed the preprocessing protocol, any polynomial number of subsequent executions of a rich class of protocols will be concurrent zero-knowledge. 8 This is the "'parailelized" version that has negligible error while remaining zeroknowledge.

I have spent some of the most memorable years of my life attending graduate school at UCLA and I have numerous people to thank for it. First, and foremost, I would like to thank my advisors, Rafail Ostrovsky and Amit Sahai, for showing faith in me and taking me as their student when I had only enthusiasm to show for on my resume. Over the years, Rafi and Amit have provided me continuous support and inspiration, and I feel very fortunate to have had them as my advisors. I look forward to having more opportunities to learn from and work with them in the future. Rafi's breadth of knowledge in theoretical computer science is remarkable, and so is his ability to draw interesting connections between seemingly unrelated concepts. Indeed, the latter is, in my opinion, the magic secret behind his amazing ability to find one excellent research problem after another. Like all my crypto colleagues at UCLA, I have benefited greatly from this. Rafi is a constant source of energy and inspiration -nothing exemplifies this better than the fact that a typical day in Rafi's life consists of multiple(!) productive research meetings, and more. I was lucky to be Rafi's student and I sincerely thank him for his invaluable advice and support throughout my PhD. Amit is one of the most brilliant people I have met. Among his many wonderful qualities, most striking is his magical ability to understand my chaotic thoughts (even when I don't understand them myself) and elevate them to clear, organized ideas. Amit has taught me how to think intuitively, and how to discard a "bad idea" quickly before it can lead one astray. I owe him greatly for my evolution as a researcher. Amit has helped me in making many important decisions, and I am thankful for his advice on career and life. Outside work, Amit and his ix wife, Pragati, provided all of us a home away from home, by inviting us to join in celebration of Indian festivals like Diwali. It has been a privilege being Amit's student and I am going to miss the experience. I cannot thank enough Vipul Goyal and Omkant Pandey for their friendship and continued support in my research career. Vipul introduced me to the world of research even before I started graduate school, and I thank him for mentoring me during my early years at UCLA. Over the years, Vipul has had a huge impact on my research career, and I thank him for always being there. (I only ask him that we eat at California Pizza Kitchen a little less often.) Omkant and Vipul taught me a lot about zero-knowledge and secure computation, and I thank them for answering my endless questions on these topics patiently. Omkant also taught me how to write better papers. I owe Omkant a spicy bowl of dal with garlic for all his help over the years. I would like to thank Krzysztof Pietrzak and all the members of the cryptography group at CWI Amsterdam, including Ronald Cramer, Serge Fehr and Eike Kiltz, for hosting me during two visits. Krzysztof is freakishly smart and also one of the most fun people to have around. I thank him for helping me diversify my research interests and for several fruitful collaborations. Outside work, Krzysztof took me to the best bars and restaurants and made sure I had the best time in Amsterdam. I thank Tal Rabin and all the members of the cryptography group at IBM T. J. Watson research center -David Cash, Rosario Gennaro, Craig Gentry, Shai Halevi, Hugo Krawczyk, Charanjit Jutla and Daniel Wichs -for hosting me during a summer internship. Tal is one of the most genuine person I have ever met and I am thankful for her kindness, continued support and interest in my career. I thank Daniel for being such a wonderful collaborator. x I would like to thank Yael Tauman Kalai for hosting me during my visits to Microsoft Research New England. Yael is a role model for me, and I wish I could emulate her work ethic. The amount of work that she manages to get done in the limited twenty-four hours of a day is beyond the scope of most human beings. My research discussions with Yael have been extremely productive, all thanks to her brilliance. I have had the most pleasant experience collaborating with her and I look forward to spending more time with her in the near future. I thank all of my co-authors for doing all the hard work on our papers: Shweta

In this paper, we initiate a study of zero knowledge proof systems in the presence of side-channel attacks. Specifically, we consider a setting where a cheating verifier is allowed to obtain arbitrary bounded leakage on the entire state (including the witness and the random coins) of the prover during the entire protocol execution. We formalize a meaningful definition of leakage-resilient zero knowledge (LR-ZK) proof system, that intuitively guarantees that the protocol does not yield anything beyond the validity of the statement and the leakage obtained by the verifier. We give a construction of LR-ZK interactive proof system based on standard general assumptions. To the best of our knowledge, this is the first instance of a cryptographic interactive protocol where the adversary is allowed to perform leakage attacks during the protocol execution on the entire state of honest party (in contrast, prior work only considered leakage prior to the protocol execution, or very limited leakage during the protocol execution). Next, we give an LR-NIZK proof system based on standard number-theoretic assumptions. Finally, we demonstrate the usefulness of our notions by giving two concrete applications: -We initiate a new line of research to relax the assumption on the "tamper-proofness" of hardware tokens used in the design of various cryptographic protocols. In particular, we give a construction of a universally composable multiparty computation protocol in the leaky token model (where an adversary in possession of a token is allowed to obtain arbitrary bounded leakage on the entire state of the token) based on standard general assumptions. -Next, we give simple, generic constructions of fully leakage-resilient signatures in the bounded leakage model as well as the continual leakage model. Unlike the recent constructions of such schemes, we also obtain security in the "noisy leakage" model.

We present the first complete problem for SZK, the class of promise problems possessing statistical zero-knowledge proofs (against an honest verifier). The problem, called Statistical Difference, is to decide whether two efficiently samplable distributions are either statistically close or far apart. This gives a new characterization of SZK that makes no reference to interaction or zero knowledge .We propose the use of complete problems to unify and extend the study of statistical zero knowledge. To this end, we examine several consequences of our Completeness Theorem and its proof, such as:---A way to make every (honest-verifier) statistical zero-knowledge proof very communication efficient, with the prover sending only one bit to the verifier (to achieve soundness error 1/2).---Simpler proofs of many of the previously known results about statistical zero knowledge, such as the Fortnow and Aiello--Hεstad upper bounds on the complexity of SZK and Okamoto's result that SZK is clo...

Non-interactive zero-knowledge (NIZK) proof systems are fundamental cryptographic primitives used in many constructions, including CCA2-secure cryptosystems, digital signatures, and various cryptographic protocols. What makes them especially attractive, is that they work equally well in a concurrent setting, which is notoriously hard for interactive zero-knowledge protocols. However, while for interactive zeroknowledge we know how to construct statistical zero-knowledge argument systems for all NP languages, for non-interactive zero-knowledge, this problem remained open since the inception of NIZK in the late 1980's. Here we resolve two problems regarding NIZK: -We construct the first perfect NIZK argument system for any NP language. -We construct the first UC-secure NIZK argument for any NP language in the presence of a dynamic/adaptive adversary. While it is already known how to construct efficient prover computational NIZK proofs for any NP language, the known techniques yield large common reference strings and large proofs. Another contribution of this paper is NIZK proofs with much shorter common reference string and proofs than previous constructions.

In Service-Oriented Architectures (SOA), the key problem is the quick and accurate evaluation of web service performance. Despite the fact that the integration of the simulation step into the development cycle of softwares/web services can allow to learn early the behavior of the performance of software/web service, it is still a challenge to use simulation as part of service development. This integration can be used to assess the performance of a family of web services by developing one of them. In this paper, we propose a methodology that shows how the simulation step can be integrated to the development cycle of a family of services using a model-based approach to describe the services and by choosing a reference web service to be developed and used to guess the performance of the remaining services in the family.

Fiat and Shamir have proposed to use Zero-Knowledge interactive proofs to obtain secure identification mechanisms. Zero-Knowledge protocols are designed to address the identification service, by allowing a prover to demonstrate knowledge of a secret while revealing no information to be use by the verifier to convey the demonstration of knowledge to others. The invention of an efficient Zero-Knowledge identification scheme has provided anther public-key cryptosystem besides the renowned Fiat-Shamir scheme, for which in addition to the identification feature both key exchange and mutual identification are available. The availability of the elliptic curve discrete logarithm problem made the invented scheme very efficient. The purpose of this paper is to show the security level performance of our scheme and show its ability to resist the brute-force attack of an unauthorized prover.

Secure identification is an important security issue to avoid computer fraud due to masquerading. This can be achieved with zero-knowledge based smart cards. We present very efficient new zero-knowledge schemes in a general algebraic setting. Particular cases of our scheme improve the performance of the Guillou-Quisquater and the Chaum-Evertsevan de Graaf schemes. Our scheme is formally proven and, overall, is more efficient than currently available schemes including the Fiat-Shamir scheme. As an application we discuss how our scheme can be used for identification, in particular as an electronic passport scheme.

Recently there has been an interest in zero-knowledge protocols with stronger properties, such as concurrency, simulation soundness, non-malleability, and universal composability. In this paper we show a novel technique to convert a large class of existing honest-verifier zero-knowledge protocols into ones with these stronger properties in the common reference string model. More precisely, our technique utilizes a signature scheme existentially unforgeable against adaptive chosen-message attacks, and transforms any -protocol (which is honest-verifier zero-knowledge) into a simulation sound concurrent zero-knowledge protocol. We also introduce -protocols, a variant of -protocols for which our technique further achieves the properties of nonmalleability and/or universal composability. In addition to its conceptual simplicity, a main advantage of this new technique over previous ones is that it avoids the Cook-Levin theorem, which tends to be rather

A Zero-knowledge protocol provides provably secure entity authentication based on a hard computational problem. Among many schemes proposed since 1984, the most practical rely on factoring and discrete log, but still they are practical schemes based on NP-hard problems. Among them, the problem SD of decoding linear codes is in spite of some 30 years of research effort, still exponential. We study a more general problem called MinRank that generalizes SD and contains also other well known hard problems. MinRank is also used in cryptanalysis of several public key cryptosystems such as birational schemes (Crypto'93), HFE (Crypto'99), GPT cryptosystem (Eurocrypt'91), TTM (Asiacrypt'2000) and Chen's authentication scheme (1996). We propose a new Zero-knowledge scheme based on MinRank. We prove it to be Zero-knowledge by black-box simulation. An adversary able to fraud for a given MinRank instance is either able to solve it, or is able to compute a collision on a given hash function. MinRank is one of the most efficient schemes based on NP-complete problems. It can be used to prove in Zero-knowledge a solution to any problem described by multivariate equations. We also present a version with a public key shared by a few users, that allows anonymous group signatures (a.k.a. ring signatures).

This paper proposes a new blockchain-based transaction verification infrastructure for co-payment and data verification for multi-modal public transportation systems. Our solution offers a decentralized platform that ensures secure copayments and data integrity while addressing interoperability, data security and transactional transparency. With a private blockchain, transportation providers act as nodes and validated, consensus-approved transactions increase trust and transparency. A standardized data format and robust algorithms for data contribution by transport operators are developed as well as a model for operators, assets, and transactions. Including zero-knowledge proofs improves user privacy by allowing secure authentication without revealing sensitive data. We believe that this research may lead a closer collaboration between public transport operators and provide an enhanced user experience while enabling transport transaction security and data verification.

Recently there has been an interest in zero-knowledge protocols with stronger properties, such as concurrency, unbounded simulation soundness, non-malleability, and universal composability. In this paper, we show a novel technique to convert a large class of existing honest-verifier zero-knowledge protocols into ones with these stronger properties in the common reference string model. More precisely, our technique utilizes a signature scheme existentially unforgeable against adaptive chosen-message attacks, and transforms any Σ-protocol (which is honest-verifier zero-knowledge) into an unbounded simulation sound concurrent zero-knowledge protocol. We also introduce Ω-protocols, a variant of Σ-protocols for which our technique further achieves the properties of non-malleability and/or universal composability. In addition to its conceptual simplicity, a main advantage of this new technique over previous ones is that it avoids the Cook-Levin theorem, which tends to be rather inefficient. Indeed, our technique allows for very efficient instantiation based on the security of some efficient signature schemes and standard number-theoretic assumptions. For instance, one instantiation of our technique yields a universally composable zeroknowledge protocol under the Strong RSA assumption, incurring an overhead of a small constant number of exponentiations, plus the generation of two signatures.

In the evolving landscape of distributed ledger technologies (DLTs), the need for privacy, security, and
scalability is paramount. Zero-knowledge proofs (ZKPs) have emerged as a promising cryptographic tool to
meet these requirements. This paper explores the integration of scalable ZKP protocols in DLTs, examining
their feasibility, effectiveness, and impact on various applications. We address the technical challenges and the
future implications of ZKPs in enhancing DLTs, while also providing a comparative analysis of existing ZKP
implementations. Our findings aim to contribute to the ongoing discourse on improving the privacy and
efficiency of decentralized systems, setting the stage for the next generation of secure blockchain and DLT
applications.

We present adaptively-secure efficient solutions to several central problems in the area of threshold cryptography. We prove these solutions to withstand adaptive attackers that choose parties for corruption at any time during the run of the protocol. In contrast, all previously known efficient protocols for these problems were proven secure only against less realistic static adversaries that choose and fix the subset of corrupted parties before the start of the protocol run. Specifically, we provide adaptively-secure solutions for distributed key generation in discrete-log based cryptosystems, and for the problem of distributed generation of DSS signatures (threshold DSS). We also show how to transform existent static solutions for threshold RSA and proactive schemes to withstand the stronger adaptive attackers. In doing so, we introduce several techniques for the design and analysis of adaptivelysecure protocols that may well find further applications.

Wireless Sensor Networks (WSNs) recommend an outstanding possibility to check environments in the field of information/computer Technologies, and have a lot of attractive applications, some of which are quite perceptive in nature and require full proof secured location. The aim of this paper is to discuss secure routing in Wireless Sensor networks. I have made an endeavor to present an analysis on the security of wireless sensor networks. Previous works against clone attacks suffer from either a high communication/storage overhead or reduced detection accuracy. We propose a method for revealing of scattered sensor cloning attack and use of novel zero knowledge protocol (NZKP) for verifying the authenticity of the sender sensor nodes or zones. The cloning attack is addressed by attaching a unique fingerprint to each sensor node that depends on the set of nearest nodes and itself. The fingerprint is commencing of among every message to secret in the sensor node. The ZKP is used to construct certain non communication of critical cryptographic information in the wireless network in order to avoid clone attack, MITM attack, replay attack, distributed attack, denial of service (DoS) and phishing attack etc. The security and performance analysis indicate that our RSA algorithm can identify clone attacks with a high detection probability at the cost of a low computation/communication/storage overhead. RSA is an algorithm for public-key cryptography that is based on the presumed complexity of factoring large integers, the factoring problem. RSA stand meant for Ron Rivest, Adi Shamir as well as Leonard Adleman,A user of RSA create and after that publish the manufactured goods of two big prime numbers, alongside with an secondary value, as their at liberty key.the fingerprint generation is based on the prime number system, which provides a very glow communication and working away overhead. To our best knowledge, our scheme is the first to provide real-time detection of clone attacks in an efficient and well-organized way.

A consistent query protocol (CQP) allows a database owner to publish a very short string c which commits her and everybody else to a particular database D, so that any copy of the database can later be used to answer queries and give short proofs that the answers are consistent with the commitment c. Here commits means that there is at most one database D that anybody can find (in polynomial time) which is consistent with c. (Unlike in some previous work, this strong guarantee holds even for owners who try to cheat while creating c.) Efficient CQPs for membership and one-dimensional range queries are known [5, 17, 22]: given a query pair a, b ∈ R, the server answers with all the keys in the database which lie in the interval [a, b] and a proof that the answer is correct. This paper explores CQPs for more general types of databases. We put forward a general technique for constructing CQPs for any type of query, assuming the existence of a data structure/algorithm with certain inherent robustness properties that we define (called a data robust algorithm). We illustrate our technique by constructing an efficient protocol for orthogonal range queries, where the database keys are points in R d and a query asks for all keys in a rectangle [a 1 , b 1 ] ×. .. × [a d , b d ]. Our data-robust algorithm is within a O(log N) factor of the best known standard data structure (a range tree, due to Bentley [2]). We modify our protocol so that it is also private, that is, the proofs leak no information about the database beyond the query answers. We show a generic modification to ensure privacy based on zeroknowledge proofs, and also give a new, more efficient protocol tailored to hash trees.

We consider zero knowledge interactive proofs in a richer, more realistic communication environment. In this setting, one may simultaneously engage in many interactive proofs, and these proofs may take place in an asynchronous fashion. It is known that zero-knowledge is not necessarily preserved in such an environment; we show that for a large class of protocols, it cannot be preserved. Any 4 round (computational) zero-knowledge interactive proof (or argument) for a non-trivial language L is not black-box simulatable in the asynchronous setting.

Usually, a proof of a theorem contains more knowledge than the mere fact that the theorem is true. For instance, to prove that a graph is Hamiltonian it suffices to exhibit a Hamiltonian tour in it; however, this seems to contain more knowledge than the single bit Hamiltonian/non-Hamiltonian. In this paper a computational complexity theory of the "knowledge" contained in a proof is developed. Zero-knowledge proofs are defined as those proofs that convey no additional knowledge other than the correctness of the proposition in question. Examples of zero-knowledge proof systems are given for the languages of quadratic residuosity and quadratic nonresiduosity. These are the first examples of zeroknowledge proofs for languages not known to be efficiently recognizable.

We consider zero knowledge interactive proofs in a richer, more realistic communication environment. In this setting, one may simultaneously engage in many interactive proofs, and these proofs may take place in an asynchronous fashion. It is known that zero-knowledge is not necessarily preserved in such an environment; we show that for a large class of protocols, it cannot be preserved. Any 4 round (computational) zero-knowledge interactive proof (or argument) for a non-trivial language Ä is not black-box simulatable in the asynchronous setting.

Let COL k be the set of all graphs that are k-colorable. It is well known that COL k is NP-complete. It is also well known, and easy, to show that if a ≤ b then COL a ≤ COL b. If 3 ≤ a ≤ b then we also have COL b ≤ SAT ≤ COL a which is an insane reduction from COL b to COL a. In this paper we give a sane reduction from COL b to COL a .

While the intuition underlying a zero knowledge proof system [GMR85] is that no "knowldge" is leaked by the prover to the verifier, rebnarchers are just heginning to analyze such proof sys-~.crnu in herrm of formal notions of knowledge. III this paper, we show how interactive proof systems motivate a new notion of praciical knowledge, and we capture the definition of an interactive proof system in terms of practical knowledge. Using this notion of knowledge, we formally capture and prove the intuition that the prover does not leak any knowledge of any fact (other than the fact being proven.) during a zero knowledge proof. We extend this result to show that the prover does not leak any knowledge of how to compute any information (such as the factorization of a number) during a zero knowledge proof. Finally, we define the notion of a weak interactive proof in which the prover is limited to probabilistic, polynomial-time computations, and we prove analogous security results for such proof systems. We show that, in a precise sense, any nontrivial weak interactive proof must be a proof about the prover's knowledge, and show that, under natural conditions, the notions of interactive proofs of knowledge defined in [TW87] and [FFS87] are instances of weak interactive proofs.

Decentralised platforms are changing the digital world by working without central authority. This decentralisation gives users more control over their data and reduces censorship, thus creating a more open Internet. Well-known examples, such as Ethereum and IPFS, demonstrate various uses of blockchain technology. Zero-knowledge proofs (ZKPs) are cryptographic innovations that allow a party to prove the truth of a statement without revealing any additional information. ZKPs offer significant privacy benefits on decentralised platforms while addressing compliance requirements, such as the Know Your Customer (KYC) regulations. Understanding how ZKPs can enhance privacy on decentralised platforms is crucial, especially when considering concerns related to extremist activities. Anonymity provided by these technologies can be exploited for terrorism and other illicit purposes.

This article explores the ethical dilemmas propelled by a significant shift in the allocation of trust and intelligence due to blockchain technology and AI, resulting in a notable decrease in transaction costs. The ethical and political implications of democratizing the resulting productivity gains are noteworthy, and while the pie is expanding, how its slices are distributed remains an open question. Enter Worldcoin, an innovative worldwide initiative that creates an identity system based on proof of personhood and zero-knowledge proofs (ZKP) to provide everyone with a distinct and anonymous "World ID. Using the author's "cyberethics-mix" framework, this paper examines the possible implications of such a system concerning data's protection, ownership, accuracy, and accessibility, underscoring the ethical significance of a political approach emphasizing inclusivity and sustainability through digital decentralization.

We study the question of designing leakage-resilient secure computation protocols. Our model is that of only computation leaks information with a leak-free input encoding phase. In more detail, we assume an offline phase called the input encoding phase in which each party encodes its input in a specified format. This phase is assumed to be free of any leakage and may or may not depend upon the function that needs to be jointly computed by the parties. Then finally, we have a secure computation phase in which the parties exchange messages with each other. In this phase, the adversary gets access to a leakage oracle which allows it to download a function of the computation transcript produced by an honest party to compute the next outgoing message. We present two main constructions of secure computation protocols in the above model. Our first construction is based only on the existence of (semi-honest) oblivious transfer. This construction employs an encoding phase which is dependent of the function to be computed (and the size of the encoded input is dependent on the size of the circuit of the function to be computed). Our second construction has an input encoding phase independent of the function to be computed. Hence in this construction, the parties can simple encode their input and store it as soon as it is received and then later on run secure computation for any function of their choice. Both of the above constructions, tolerate complete leakage in the secure computation phase. Our second construction (with a function independent input encoding phase) makes use of a fully homomorphic encryption scheme. A natural question that arises is "can a leakage-resilient secure computation protocol with function independent input encoding be based on simpler and weaker primitives?". Towards that end, we show that any such construction would imply a secure two-party computation protocol with sub-linear communication complexity (in fact, communication complexity independent of the size of the function being computed). Finally, we also show how to extend our constructions for the continual leakage case where there is: a one time leak-free input encoding phase, a leaky secure computation phase which could be run multiple times for different functionalities (but the same input vector), and, a leaky refresh phase after each secure computation phase where the input is "re-encoded". Work done in part while visiting Microsoft Research, India.

A coloring of the vertices of a graph G is a distance k coloring of G if and only if any two vertices lying on a path of length less than or equal to k are given dierent colors. Hamming graphs are Cartesian (or box) products of complete graphs. In this paper, we will consider the interaction between coding theory and distance k colorings of Hamming graphs.

The education sector faces increasing cybersecurity threats, necessitating innovative approaches for protection. This paper presents a comprehensive model leveraging artificial intelligence (AI) to enhance cybersecurity in education. The model comprises three key components: AI-powered threat detection, AIdriven incident response, and AI-informed cybersecurity education. Each component is examined in detail, highlighting their significance in fortifying educational institutions against cyber threats. Additionally, challenges in implementing AI-based cybersecurity solutions and future applications are discussed, providing perceptions into the developing landscape of cybersecurity in education.

Web 3.0 represents the next significant evolution of the internet that embodies the underlying decentralized network architectures, distributed ledgers, and advanced AI capabilities. Though the technologies are maturing rapidly, considerable barriers exist to high-scale adoption. The author discusses the barriers and the mitigations through specific technologies maturing to solve those issues in an earlier paper titled Moving Beyond POCs and Pilots, published in 2023 in Blockchain in Healthcare Today. These include privacy-preserving technologies, offchain and on-chain design optimizations, and the multi-dimensional approach needed in planning and adopting these technologies. As an extension, this paper discusses one such enabler, zero knowledge machine learning (ZKML), which merges two streams of technology in unique ways to address problems in privacy and the cost of inference. Zero-knowledge proofs (ZKP) allow one party to prove the validity of a statement to another party without revealing any additional information about the statement itself. The ZKML combines the cryptographic principle of ZKP with machine learning (ML) techniques. It is still a maturing technology and needs baselines for applications in global healthcare. In this effort, the authors conceptualize the technical and operational feasibility of using ZKML and implement a reference healthcare implementation using the synthetic International Consortium for Health Outcomes Measurement (ICHOM) in the evaluation phase in a global healthcare setting for high-volume data collection, including patient-reported outcomes. Model complexity reduction is researched and reported for the ICHOM diabetes dataset to advance the usage of ML models in global standards of healthcare data collection in network decentralized architectures for increased data protection and efficiencies.

In the paper a reflection on the dilemma faced by Mozambican corporations on the issue of organization`s personnel management is made on the assumption that organizations that aspire to the top of the pyramid of corporate success are interested in not only recruiting competent employees, but also, that they are capable of making the most of their human potential. Being the lack of full application and demand of the organizational psychologist in the job market in Mozambique, a factor that deters a full development potential of the employees and, consequently, the organization itself, it is urgent to study the issue of personnel management from various perspectives and approaches. The topic of this paper states the approach of this study, which is methodologically caried out through analysis of available literature on the issue as well as the assessment of observations of the composition and functioning of HR teams in Mozambican corporations, analysis of acquired competences by freshly trained organization psychologists of Mozambican higher education institutions. The study findings indicate an overwhelming dominance of HR managers without profound psychological education background what leads to poor understanding of the true psychological factors behind employees’ behavior with direct and indirect impact in functioning of the organization as a whole. The lack of rigorous observation of methodological discipline and respect for the scientific-methodological apparatus leads to a poor training of organization psychologists by Mozambican higher education institutions.

Key words: Human Resources, Management, Psychology of Organizations, corporations, scientific-methodological apparatus

The use of quantum correlations to attack security protocols is an important research line deserving growing attention. An important class of cryptographic protocols used as building blocks for several other more complex protocols is zero-knowledge proof systems. One of the properties that zero-knowledge proof systems are assumed to satisfy is that it is impossible for the verifier to show to a third party that he has interacted with the prover (impossibility of transferring proofs). Herein, it is shown how Bell pairs, together with tamper-proofing, can be used to break the impossibility of transferring proofs for an important class of zero-knowledge proof systems.

We study the computational power of deciding whether a given truth-table can be described by a circuit of a given size (the Minimum Circuit Size Problem, or MCSP for short), and of the variant denoted as MKTP where circuit size is replaced by a polynomially-related Kolmogorov measure. All prior reductions from supposedly-intractable problems to MCSP / MKTP hinged on the power of MCSP / MKTP to distinguish random distributions from distributions produced by hardness-based pseudorandom generator constructions. We develop a fundamentally different approach inspired by the well-known interactive proof system for the complement of Graph Isomorphism (GI). It yields a randomized reduction with zero-sided error from GI to MKTP. We generalize the result and show that GI can be replaced by any isomorphism problem for which the underlying group satisfies some elementary properties. Instantiations include Linear Code Equivalence, Permutation Group Conjugacy, and Matrix Subspace Conjugacy. Along...

Presented herein is a novel algorithm for multi-round, zero-knowledge proof (ZKP), devised specifically for authenticating factorisation proofs within a variety of cryptographic applications. This advanced algorithm, while maintaining computational complexity within acceptable bounds, offers a secure and proficient solution. The functionality of the algorithm is marked by multiple rounds of interaction between the Prover and Verifier. Initially, the Prover generates a random value and calculates a commitment. Subsequently, the Verifier issues a random challenge, eliciting a computed response from the Prover. To validate the proof, the Verifier verifies the equality of the commitment and the computed response. Efficaciousness of the proposed multi-round ZKP algorithm is demonstrated across diverse input sizes and parameters. Results indicate a success rate exceeding 90% on average, showcasing the robustness of the method. The recurring interaction between the Verifier and Prover enhances the Prover's authentication, thereby improving the algorithm's reliability. Implementation of the algorithm, achievable through standard cryptographic tools and protocols, can fortify the security of multiple cryptographic applications. A significant application can be found in Digital Identity Management Systems (DIMS). Currently, these systems are vulnerable to a myriad of threats, including identity spoofing, data breaches, and internal security risks. The application of the ZKP algorithm can simultaneously augment security and withhold sensitive information, potentially transforming the DIMS security landscape. Future research may focus on improving the efficiency and scalability of the multi-round ZKP algorithm. There also remains a vast potential for exploring additional applications of this technique within various cryptographic domains.

Peng, S.-L. and M.-S. Chang, A simple linear time algorithm for the domatic partition problem on strongly chordal graphs. Information Processing Letters 43 (1992) 297-300. Let m and n be the number of edges and vertices in a graph. We use a greedy method to design an O(m + n) time algorithm to partition the vertex set of a strongly chordal graph into S + 1 disjoint dominating sets, where 6 is the minimum degree of the graph.

This paper is about the design of improved algorithms to solve Isomorphisms of Polynomials (IP) problems. These problems were first explicitly related to the problem of finding the secret key of some asymmetric cryptographic algorithms (such as Matsumoto and Imai's C* scheme of [12], or some variations of Patarin's HFE scheme of [14]). Moreover, in [14], it was shown that IP can be used in order to design an asymmetric authentication or signature scheme in a straightforward way. We also introduce the more general Morphisms of Polynomials problem (MP). As we see in this paper, these problems IP and MP have deep links with famous problems such as the Isomorphism of Graphs problem or the problem of fast multiplication of n • n matrices. The complexities of our algorithms for IP are still not polynomial, but they are much more efficient than the previously known algorithms. For example, for the IP problem of finding the two secret matrices of a Matsumoto-Imai C* scheme over K = Fq, the complexity of our algorithms is O(q n/2) instead of O(q (n2)) for previous algorithms. (In [13], the C* scheme was broken, but the secret key was not found). Moreover, we have algorithms to achieve a complexity O(q~ n) on any system of n quadratic equations with n variables over K = Fq (not only equations from C*). We also show that the problem of deciding whether a polynomial isomorphism exists between two sets of equations is not NP-complete (assuming the classical hypothesis about Arthur-Merlin games), but solving IP is at least as difficult as the Graph Isomorphism problem (GI) (and perhaps much more difficult), so that IP is unlikely to be solvable in polynomial time. Moreover, the more general Morphisms of Polynomials problem (MP) is NP-hard. Finally, we suggest some variations of the IP problem that may be particularly convenient for cryptographic use.

Dwork and Stockmeyer showed 2-round zero-knowledge proof systems secure against provers which are resource-bounded during the interaction [6]. The resources considered are running time and advice (the amount of precomputed information). We re-cast this construction in the language of list-decoding. This perspective leads to the following improvements: 1. We give a new, simpler analysis of the protocol's unconditional security in the advice-bounded case. Like the original, the new analysis is asymptotically tight. 2. When the prover is bounded in both time and advice, we substantially improve the analysis of [6]: we prove security under a worstcase (instead of average-case) hardness assumption. Specifically, we assume that there exists g ∈ DT IM E(2 s) such that g is hard in the worst case for MAM circuits of size O(2 s(1 2 +γ)) for some γ > 0. Here s is the input length and MAM corresponds the class of circuits which are verifiers in a 3-message interactive proof (with constant soundness error) in which the prover sends the first message. In contrast, Dwork and Stockmeyer require a function that is average-case hard for "proof auditors," a model of computation which generalizes randomized, non-deterministic circuits. 3. Our analyses rely on new results on list-decodability of codes whose codewords are linear functions from {0, 1} to {0, 1}. For (1), we show that the set of all linear transformations is a good list-decodable code. For (2), we give a new, non-deterministic list-decoding procedure which runs in time quasi-linear in .

Recently non-abelian groups have attracted the atten- tion of cryptographers for constructing public-key cryp- tographic protocols. In this paper we use the conju- gacy problem in non-abelian groups to construct a zero- knowledge undeniable signature scheme. a more efficient alternative to well established numeric computations in abelian groups. Where as the secu- rity of cryptographic protocols based on number-theoretic abelian groups are based on the hardness of problems like integer factorization and discrete logarithm, the se- curity of cryptographic protocols based on non-abelian groups are based on the hardness of problems like conju- gacy search, decomposition and root problem. Almost all the undeniable signature schemes constructed so far have been based on the hardness of integer factorization (10) and discrete logarithm problems (6, 7). In this paper, we present a zero-knowledge undeniable signature scheme based on the hardness of the conjugacy problem in non- abelian grou...

Recently non-abelian groups have attracted the atten- tion of cryptographers for constructing public-key cryp- tographic protocols. In this paper we use the conju- gacy problem in non-abelian groups to construct a zero- knowledge undeniable signature scheme. a more efficient alternative to well established numeric computations in abelian groups. Where as the secu- rity of cryptographic protocols based on number-theoretic abelian groups are based on the hardness of problems like integer factorization and discrete logarithm, the se- curity of cryptographic protocols based on non-abelian groups are based on the hardness of problems like conju- gacy search, decomposition and root problem. Almost all the undeniable signature schemes constructed so far have been based on the hardness of integer factorization (10) and discrete logarithm problems (6, 7). In this paper, we present a zero-knowledge undeniable signature scheme based on the hardness of the conjugacy problem in non- abelian grou...

CardSpace (formerly known as InfoCard) is a Digital Identity Management system that has recently been adopted by Microsoft. In this paper we identify two security flaws in CardSpace that may lead to a serious privacy violation. The first flaw is the reliance on Internet user judgements of the trustworthiness of service providers, and the second is the reliance of the system on a single layer of authentication. We also propose a solution designed to address both flaws. Our solution is compatible with the currently deployed CardSpace identity metasystem, and should enhance the privacy of the system with minor changes to the current CardSpace framework. We also provide a security and performance analysis of the proposed solution.

Blind signatures allow users to obtain signatures on messages hidden from the signer; moreover, the signer cannot link the resulting message/signature pair to the signing session. This paper presents blind signature schemes, in which the number of interactions between the user and the signer is minimal and whose blind signatures are short. Our schemes are defined over bilinear groups and are proved secure in the common-reference-string model without random oracles and under standard assumptions: CDH and the decision-linear assumption. (We also give variants over asymmetric groups based on similar assumptions.) The blind signatures are Waters signatures, which consist of 2 group elements. Moreover, we instantiate partially blind signatures, where the message consists of a part hidden from the signer and a commonly known public part, and schemes achieving perfect blindness. We propose new variants of blind signatures, such as signer-friendly partially blind signatures, where the public part can be chosen by the signer without prior agreement, 3-party blind signatures, as well as blind signatures on multiple aggregated messages provided by independent sources. We also extend Waters signatures to non-binary alphabets by proving a new result on the underlying hash function.