Nearly Simultaneously Resettable Black-Box Zero Knowledge Joshua Baron 1 , Rafail Ostrovsky 2 , and Ivan Visconti 3 1 UCLA, Los Angeles, CA, USA 90095 jwbaron@math.ucla.edu, rafail@cs.ucla.edu 2 Universit`a di Salerno, 84084 Fisciano (SA) - Italy visconti@dia.unisa.it Abstract. An important open question in Cryptography concerns the possibility of achieving secure protocols even in the presence of physical attacks. Here we focus on the case of proof systems where an adversary forces the honest player to re-use its randomness in different executions. In 2009, Deng, Goyal and Sahai [1] constructed a simultaneously re- settable non-black-box zero-knowledge argument system that is secure against resetting provers and verifiers. In this work we study the case of the black-box use of the code of the adversary and show a nearly simultaneously resettable black-box zero-knowledge proof systems under standard assumptions. Compared to [1], our protocol is a proof (rather then just argument) system, but requires that the resetting prover can reset the verifier up to a bounded number of times (which is unavoidable for black-box simulation), while the verifier can reset the prover an arbitrary polynomial number of times. The main contribution of our construction is that the round complexity is independent of the above bound. To achieve our result, we construct a constant-round nearly simultaneously resettable coin-flipping protocol that we believe is of independent interest. Keywords: Reset attacks, Black-box simulation. 1 Introduction In this work, we study the feasibility of achieving efficient zero-knowledge proof systems in the presence of physical attacks. Specifically, we examine the role of the black-box use of the code of the adversary with respect to simultane- ously resettable proof systems. Such proof systems are of interest as examples of proof systems that are secure under very relaxed constraints on the re-use of the same randomness in multiple executions. In the case of resettable zero knowledge (rZK), a malicious verifier may cheat against an honest prover who must use the same random tape polynomially many times. Further, resettably sound zero knowledge constrains the randomness used by the verifier: a malicious prover may try to cheat against an honest verifier who must use the same random tape polynomially many times. The former property was introduced and instantiated A. Czumaj et al. (Eds.): ICALP 2012, Part I, LNCS 7391, pp. 88–99, 2012. c  Springer-Verlag Berlin Heidelberg 2012