国产bbaaaaa片,成年美女黄网站色视频免费,成年黄大片,а天堂中文最新一区二区三区,成人精品视频一区二区三区尤物

首頁> 外文OA文獻(xiàn) >Adaptive Proofs Have Straightline Extractors (in the Random Oracle Model)
【2h】

Adaptive Proofs Have Straightline Extractors (in the Random Oracle Model)

機(jī)譯:自適應(yīng)證明具有直線提取器(在隨機(jī)Oracle模型中)

  • 摘要
  • 著錄項(xiàng)
  • 相似文獻(xiàn)
  • 相關(guān)主題

摘要

The concept of for proofs of knowledge was recently studied by Bernhard et al. They formalised adaptive security in the ROM and showed that the non-interactive version of the Schnorr protocol obtained using the Fiat-Shamir transformation is not adaptively secure unless the one-more discrete logarithm problem is easy. Their only construction for adaptively secure protocols used the Fischlin transformation [11] which yields protocols with . In this paper we provide two further key insights. Our main result shows that any adaptively secure protocol must have a straight-line extractor: even the most clever rewinding strategies cannot offer any benefits against adaptive provers. Then, we show that any Fiat-Shamir transformed -protocol is not adaptively secure unless a related problem which we call the -one-wayness problem is easy. This assumption concerns not just Schnorr but applies to a whole class of -protocols including e.g. Chaum-Pedersen and representation proofs. We also prove that -one-wayness is hard in an extension of the generic group model which, on its own is a contribution of independent interest. Taken together, these results suggest that the highly efficient proofs based on the popular Fiat-Shamir transformed -protocols should be used with care in settings where adaptive security of such proofs is important.
機(jī)譯:Bernhard等人最近研究了知識(shí)證明的概念。他們?cè)赗OM中形式化了自適應(yīng)安全性,并表明使用Fiat-Shamir變換獲得的Schnorr協(xié)議的非交互式版本不是自適應(yīng)安全的,除非一個(gè)以上的離散對(duì)數(shù)問題很容易解決。他們唯一用于自適應(yīng)安全協(xié)議的結(jié)構(gòu)是使用Fischlin轉(zhuǎn)換[11],該協(xié)議產(chǎn)生的協(xié)議為。在本文中,我們提供了兩個(gè)進(jìn)一步的關(guān)鍵見解。我們的主要結(jié)果表明,任何自適應(yīng)安全協(xié)議都必須具有直線提取器:即使是最聰明的倒帶策略也無法提供針對(duì)自適應(yīng)證明的任何好處。然后,我們證明,除非菲亞特-沙米爾(Fiat-Shamir)變換的-protocol協(xié)議不是自適應(yīng)安全的,否則我們稱之為-單向問題的相關(guān)問題很容易解決。這種假設(shè)不僅涉及Schnorr,而且適用于整個(gè)協(xié)議類別,例如Chaum-Pedersen及其表示證明。我們還證明,單向性在通用組模型的擴(kuò)展中很困難,而該模型本身就是獨(dú)立利益的貢獻(xiàn)。綜上所述,這些結(jié)果表明,基于流行的Fiat-Shamir轉(zhuǎn)換協(xié)議的高效證明應(yīng)在這種證明的自適應(yīng)安全性很重要的環(huán)境中謹(jǐn)慎使用。

著錄項(xiàng)

相似文獻(xiàn)

  • 外文文獻(xiàn)
  • 中文文獻(xiàn)
  • 專利

客服郵箱:kefu@zhangqiaokeyan.com

京公網(wǎng)安備:11010802029741號(hào) ICP備案號(hào):京ICP備15016152號(hào)-6 六維聯(lián)合信息科技 (北京) 有限公司?版權(quán)所有

  • 客服微信

  • 服務(wù)號(hào)