Concurrent Zero-Knowledge: With Additional Background by Oded GoldreichPaperback, 25 November 2010

Zero-knowledge proofs are fascinating and extremely useful constructs. Their fascinating nature is due to their seemingly contradictory de?nition; ze- knowledge proofs are convincing and yet yield nothing beyond the validity of the assertion being proved. Their applicability in the domain of cryptography is vast; they are typically used to force malicious parties to behave according to a predetermined protocol. In addition to their direct applicability in cr- tography, zero-knowledge proofs serve as a good benchmark for the study of variousproblemsregardingcryptographicprotocols(e.g.,"securecomposition of protocols"). A fundamental question regarding zero-knowledge protocols refers to the preservation of security (i.e., of the zero-knowledge feature) when many - stances are executed concurrently, and in particular under a purely as- chronous model. The practical importance of this question, in the days of extensive Internet communication, seems clear. It turned out that this qu- tion is also very interesting from a theoretical point of view. In particular, this question served as a benchmark for the study of the security of concurrent executions of protocols and led to the development of techniques for coping with the problems that arise in that setting.