Article

Perfect NIZK with adaptive soundness

Authors:

Serge FehrAuthors Info & Claims

TCC'07: Proceedings of the 4th conference on Theory of cryptography

Pages 118 - 136

Published: 21 February 2007 Publication History

Abstract

This paper presents a very simple and efficient adaptively-sound perfect NIZK argument system for any NP-language. In contrast to recently proposed schemes by Groth, Ostrovsky and Sahai, our scheme does not pose any restriction on the statements to be proven. Besides, it enjoys a number of desirable properties: it allows to re-use the common reference string (CRS), it can handle arithmetic circuits, and the CRS can be set-up very efficiently without the need for an honest party. We then show an application of our techniques in constructing efficient NIZK schemes for proving arithmetic relations among committed secrets, whereas previous methods required expensive generic NP-reductions.

The security of the proposed schemes is based on a strong non-standard assumption, an extended version of the so-called Knowledge-of-Exponent Assumption (KEA) over bilinear groups. We give some justification for using such an assumption by showing that the commonly-used approach for proving NIZK arguments sound does not allow for adaptively-sound statistical NIZK arguments (unless NP ⊂ P/poly). Furthermore, we show that the assumption used in our construction holds with respect to generic adversaries that do not exploit the specific representation of the group elements. We also discuss how to avoid the non-standard assumption in a pre-processing model.

References

[1]

M. Abe and S. Fehr. Perfect NIZK with adaptive soundness. Cryptology ePrint Archive, Report 2006/423, 2006. http://eprint.iacr.org.

[2]

L. M. Adleman. Two theorems on random polynomial time. In 19th Annual IEEE Symposium on Foundations of Computer Science (FOCS), 1978.

Digital Library

[3]

W. Aiello and J. Håstad. Perfect zero-knowledge languages can be recognized in two rounds. In 28th Annual IEEE Symposium on Foundations of Computer Science (FOCS), 1987.

Digital Library

[4]

D. Beaver. Efficient multiparty protocols using circuit randomization. In Advances in Cryptology--CRYPTO '91, volume 576 of Lecture Notes in Computer Science. Springer, 1991.

Digital Library

[5]

M. Bellare and A. Palacio. The knowledge-of-exponent assumptions and 3-round zero-knowledge protocols. In Advances in Cryptology--CRYPTO '04, volume 3152 of Lecture Notes in Computer Science. Springer, 2004.

[6]

M. Blum, A. De Santis, S. Micali, and G. Persiano. Non-interactive zero-knowledge proof systems. SIAM Journal on Computing, 20(6), 1991.

Digital Library

[7]

M. Blum, P. Feldman, and S. Micali. Non-interactive zero-knowledge and its applications. In 20th Annual ACM Symposium on Theory of Computing (STOC), 1988.

Digital Library

[8]

G. Brassard, D. Chaum, and C. Crépeau. Minimum disclosure proofs of knowledge. Journal of Computer and System Science, 37(2), 1988.

Digital Library

[9]

G. Brassard and C. Crépeau. Non-transitive transfer of confidence: A perfect zero-knowledge interactive protocol for SAT and beyond. In 28th Annual IEEE Symposium on Foundations of Computer Science (FOCS), 1987.

[10]

R. Canetti. Universally composable security: a new paradigm for cryptographic protocols. In 42nd Annual IEEE Symposium on Foundations of Computer Science (FOCS), 2001. Full version available from http://eprint.iacr.org/2000/067.

Digital Library

[11]

R. Canetti, Y. Dodis, R. Pass, and S. Walfish. Universally composable security with global setup. In Theory of Cryptography Conference (TCC), Lecture Notes in Computer Science. Springer, 2007.

Digital Library

[12]

R. Cramer, I. B. Damgård, and Y. Ishai. Share conversion, pseudorandom secret-sharing and applications to secure computation. In Theory of Cryptography Conference (TCC), volume 3378 of Lecture Notes in Computer Science. Springer, 2005.

Digital Library

[13]

R. Cramer, I. B. Damgård, and P. MacKenzie. Efficient zero-knowledge proofs of knowledge without intractability assumptions. In Practice and Theory in Public Key Cryptography (PKC), volume 1751 of Lecture Notes in Computer Science. Springer, 2000.

Digital Library

[14]

I. B. Damgård. Towards practical public-key cryptosystems provably-secure against chosen ciphertext attacks. In Advances in Cryptology--CRYPTO '91, volume 576 of Lecture Notes in Computer Science. Springer, 1991.

Digital Library

[15]

I. B. Damgård. Non-interactive circuit based proofs and noninteractive perfect zero-knowledge with preprocessing. In Advances in Cryptology-- EUROCRYPT '92, volume 658 of Lecture Notes in Computer Science. Springer, 1992.

[16]

I. B. Damgård and Y. Ishai. Constant-round multiparty computation using a blackbox pseudorandom generator. In Advances in Cryptology--CRYPTO '05, volume 3621 of Lecture Notes in Computer Science. Springer, 2005.

Digital Library

[17]

A. De Santis, G. Di Crescenzo, R. Ostrovsky, G. Persiano, and A. Sahai. Robust non-interactive zero knowledge. In Advances in Cryptology--CRYPTO '01, volume 2139 of Lecture Notes in Computer Science. Springer, 2001.

Digital Library

[18]

A. De Santis, S. Micali, and G. Persiano. Non-interactive zero-knowledge with preprocessing. In Advances in Cryptology--CRYPTO '88, volume 403 of Lecture Notes in Computer Science. Springer, 1988.

Digital Library

[19]

A. De Santis and G. Persiano. Zero-knowledge proofs of knowledge without interaction. In 33rd Annual IEEE Symposium on Foundations of Computer Science (FOCS), 1992.

Digital Library

[20]

A. W. Dent. The hardness of the DHK problem in the generic group model. Cryptology ePrint Archive, Report 2006/156, 2006. http://eprint.iacr.org.

[21]

C. Dwork and M. Naor. Zaps and their applications. In 41st Annual IEEE Symposium on Foundations of Computer Science (FOCS), 2000.

Digital Library

[22]

U. Feige, D. Lapidot, and A. Shamir. Multiple non-interactive zero-knowledge proofs based on a single random string. In 31st Annual IEEE Symposium on Foundations of Computer Science (FOCS), 1990.

Digital Library

[23]

A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identification and signature problems. In Advances in Cryptology--CRYPTO '86, volume 263 of Lecture Notes in Computer Science. Springer, 1986.

Digital Library

[24]

L. Fortnow. The complexity of perfect zero-knowledge. In 19th Annual ACM Symposium on Theory of Computing (STOC), 1987.

Digital Library

[25]

O. Goldreich, S. Micali, and A. Wigderson. Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems. Journal of the ACM, 38(3), 1991.

Digital Library

[26]

J. Groth, R. Ostrovsky, and A. Sahai. Perfect non-interactive zero knowledge for NP. In Advances in Cryptology--EUROCRYPT '06, volume 4004 of Lecture Notes in Computer Science. Springer, 2006.

[27]

S. Hada and T. Tanaka. On the existence of 3-round zero-knowledge protocols. In Advances in Cryptology--CRYPTO '98, volume 1462 of Lecture Notes in Computer Science. Springer, 1998. Full version available from http://eprint.iacr.org/1999/009.

Digital Library

[28]

J. Kilian, S. Micali, and C. Rackoff. Minimum resource zero-knowledge proofs. In Advances in Cryptology--CRYPTO '89, volume 435 of Lecture Notes in Computer Science. Springer, 1989.

Digital Library

[29]

J. Kilian and E. Petrank. An efficient noninteractive zero-knowledge proof system for NP with general assumptions. Journal of Cryptology, 11(1), 1998.

Digital Library

[30]

M. Naor. On cryptographic assumptions and challenges. In Advances in Cryptology--CRYPTO '03, volume 2729 of Lecture Notes in Computer Science. Springer, 2003.

[31]

V. I. Nechaev. Complexity of a determinate algorithm for the discrete logarithm. Mathematical Notes, 55(2), 1994.

[32]

R. Pass and A. Shelat. Unconditional characterizations of non-interactive zeroknowledge. In Advances in Cryptology--CRYPTO '05, volume 3621 of Lecture Notes in Computer Science. Springer, 2005.

Digital Library

[33]

J. T. Schwartz. Fast probabilistic algorithms for verification of polynomial identities. Journal of the ACM, 27(4), 1980.

Digital Library

[34]

V. Shoup. Lower bounds for discrete logarithms and related problems. In Advances in Cryptology--EUROCRYPT '97, volume 1233 of Lecture Notes in Computer Science. Springer, 1997.

Digital Library

Cited By

Zhao YGalbraith SRussello GSusilo WGollmann DKirda ELiang Z(2019)Practical Aggregate Signature from General Elliptic Curves, and Applications to BlockchainProceedings of the 2019 ACM Asia Conference on Computer and Communications Security10.1145/3321705.3329826(529-538)Online publication date: 2-Jul-2019
https://dl.acm.org/doi/10.1145/3321705.3329826
Bitansky NCanetti RChiesa AGoldwasser SLin HRubinstein ATromer E(2017)The Hunting of the SNARKJournal of Cryptology10.1007/s00145-016-9241-930:4(989-1066)Online publication date: 1-Oct-2017
https://dl.acm.org/doi/10.1007/s00145-016-9241-9
Groth J(2016)On the Size of Pairing-Based Non-interactive ArgumentsProceedings, Part II, of the 35th Annual International Conference on Advances in Cryptology --- EUROCRYPT 2016 - Volume 966610.5555/3081738.3081749(305-326)Online publication date: 8-May-2016
https://dl.acm.org/doi/10.5555/3081738.3081749
Show More Cited By

Recommendations

Shorter Quasi-Adaptive NIZK Proofs for Linear Subspaces

We define a novel notion of quasi-adaptive non-interactive zero-knowledge (NIZK) proofs for probability distributions on parameterized languages. It is quasi-adaptive in the sense that the common reference string (CRS) generator can generate the CRS ...
Unprovable Security of Perfect NIZK and Non-interactive Non-malleable Commitments

We present barriers to provable security of two important cryptographic primitives, perfect non-interactive zero knowledge (NIZK) and non-interactive non-alleable commitments: źBlack-box reductions cannot be used to demonstrate adaptive soundness (i.e., ...
Shorter Quasi-Adaptive NIZK Proofs for Linear Subspaces
Part I of the Proceedings of the 19th International Conference on Advances in Cryptology - ASIACRYPT 2013 - Volume 8269

We define a novel notion of quasi-adaptive non-interactive zero knowledge NIZK proofs for probability distributions on parametri- zed languages. It is quasi-adaptive in the sense that the common reference string CRS generator can generate the CRS ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

TCC'07: Proceedings of the 4th conference on Theory of cryptography

February 2007

595 pages

ISBN:9783540709350

Editor:
Salil P. Vadhan
Harvard University, Division of Engineering & Applied Sciences, Cambridge, MA

Sponsors

IACR: The International Association for Cryptologic Research

In-Cooperation

Mathematisch Instituut, Universiteit Leiden
Centrum voor Wiskunde en Informatica (CWI)

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 21 February 2007

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

27
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 10 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Zhao YGalbraith SRussello GSusilo WGollmann DKirda ELiang Z(2019)Practical Aggregate Signature from General Elliptic Curves, and Applications to BlockchainProceedings of the 2019 ACM Asia Conference on Computer and Communications Security10.1145/3321705.3329826(529-538)Online publication date: 2-Jul-2019
https://dl.acm.org/doi/10.1145/3321705.3329826
Bitansky NCanetti RChiesa AGoldwasser SLin HRubinstein ATromer E(2017)The Hunting of the SNARKJournal of Cryptology10.1007/s00145-016-9241-930:4(989-1066)Online publication date: 1-Oct-2017
https://dl.acm.org/doi/10.1007/s00145-016-9241-9
Groth J(2016)On the Size of Pairing-Based Non-interactive ArgumentsProceedings, Part II, of the 35th Annual International Conference on Advances in Cryptology --- EUROCRYPT 2016 - Volume 966610.5555/3081738.3081749(305-326)Online publication date: 8-May-2016
https://dl.acm.org/doi/10.5555/3081738.3081749
Kolesnikov VKrawczyk HLindell YMalozemoff ARabin TWeippl EKatzenbeisser SKruegel CMyers AHalevi S(2016)Attribute-based Key Exchange with General PoliciesProceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security10.1145/2976749.2978359(1451-1463)Online publication date: 24-Oct-2016
https://dl.acm.org/doi/10.1145/2976749.2978359
Kiayias ALiu FTselekounis YWeippl EKatzenbeisser SKruegel CMyers AHalevi S(2016)Practical Non-Malleable Codes from l-more Extractable Hash FunctionsProceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security10.1145/2976749.2978352(1317-1328)Online publication date: 24-Oct-2016
https://dl.acm.org/doi/10.1145/2976749.2978352
Abe MFuchsbauer GGroth JHaralambiev KOhkubo M(2016)Structure-Preserving Signatures and Commitments to Group ElementsJournal of Cryptology10.1007/s00145-014-9196-729:2(363-421)Online publication date: 1-Apr-2016
https://dl.acm.org/doi/10.1007/s00145-014-9196-7
Fauzi PLipmaa H(2016)Efficient Culpably Sound NIZK Shuffle Argument Without Random OraclesProceedings of the RSA Conference on Topics in Cryptology - CT-RSA 2016 - Volume 961010.1007/978-3-319-29485-8_12(200-216)Online publication date: 29-Feb-2016
https://dl.acm.org/doi/10.1007/978-3-319-29485-8_12
Zhang TLi H(2015)Fully Leakage-Resilient Non-malleable Identification Schemes in the Bounded-Retrieval ModelProceedings of the 10th International Workshop on Advances in Information and Computer Security - Volume 924110.1007/978-3-319-22425-1_10(153-172)Online publication date: 26-Aug-2015
https://dl.acm.org/doi/10.1007/978-3-319-22425-1_10
Yao AZhao YSadeghi AGligor VYung M(2013)OAKEProceedings of the 2013 ACM SIGSAC conference on Computer & communications security10.1145/2508859.2516695(1113-1128)Online publication date: 4-Nov-2013
https://dl.acm.org/doi/10.1145/2508859.2516695
Ben-Sasson EChiesa AGenkin DTromer EKleinberg R(2013)Fast reductions from RAMs to delegatable succinct constraint satisfaction problemsProceedings of the 4th conference on Innovations in Theoretical Computer Science10.1145/2422436.2422481(401-414)Online publication date: 9-Jan-2013
https://dl.acm.org/doi/10.1145/2422436.2422481
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents