Short Pairing-Based Non-interactive Zero-Knowledge Arguments

We construct non-interactive zero-knowledge arguments for circuit satisfiability with perfect completeness, perfect zero-knowledge and computational soundness. The non-interactive zero-knowledge arguments have sub-linear size and very efficient public verification. The size of the non-interactive zero-knowledge arguments can even be reduced to a constant number of group elements if we allow the common reference string to be large. Our constructions rely on groups with pairings and security is based on two new cryptographic assumptions; we do not use the Fiat-Shamir heuristic or random oracles.

[1]  Tatsuaki Okamoto,et al.  Public Key Cryptography - PKC 2007, 10th International Conference on Practice and Theory in Public-Key Cryptography, Beijing, China, April 16-20, 2007, Proceedings , 2007, Public Key Cryptography.

[2]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[3]  Brent Waters,et al.  Compact Group Signatures Without Random Oracles , 2006, EUROCRYPT.

[4]  Silvio Micali,et al.  Computationally Sound Proofs , 2000, SIAM J. Comput..

[5]  Ueli Maurer,et al.  Indifferentiability, Impossibility Results on Reductions, and Applications to the Random Oracle Methodology , 2004, TCC.

[6]  Ran Canetti,et al.  On the Random-Oracle Methodology as Applied to Length-Restricted Signature Schemes , 2004, TCC.

[7]  Amit Sahai,et al.  Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[8]  Moni Naor,et al.  On Cryptographic Assumptions and Challenges , 2003, CRYPTO.

[9]  Rafail Ostrovsky,et al.  Perfect Non-Interactive Zero Knowledge for NP , 2006, IACR Cryptol. ePrint Arch..

[10]  Serge Vaudenay,et al.  Advances in Cryptology - EUROCRYPT 2006 , 2006, Lecture Notes in Computer Science.

[11]  Rainer A. Rueppel Advances in Cryptology — EUROCRYPT’ 92 , 2001, Lecture Notes in Computer Science.

[12]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.

[13]  Ivan Damgård,et al.  Non-interactive Zero-Knowledge from Homomorphic Encryption , 2006, TCC.

[14]  Rafail Ostrovsky,et al.  Cryptography in the Multi-string Model , 2007, CRYPTO.

[15]  Moni Naor,et al.  Zaps and Their Applications , 2007, SIAM J. Comput..

[16]  Dan Boneh,et al.  Advances in Cryptology - CRYPTO 2003 , 2003, Lecture Notes in Computer Science.

[17]  Yair Oren,et al.  On the cunning power of cheating verifiers: Some observations about zero knowledge proofs , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[18]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[19]  Manuel Blum,et al.  Non-interactive zero-knowledge and its applications , 1988, STOC '88.

[20]  Adi Shamir,et al.  Multiple NonInteractive Zero Knowledge Proofs Under General Assumptions , 1999, SIAM J. Comput..

[21]  Pil Joong Lee,et al.  Advances in Cryptology — ASIACRYPT 2001 , 2001, Lecture Notes in Computer Science.

[22]  Jens Groth,et al.  Simulation-Sound NIZK Proofs for a Practical Language and Constant Size Group Signatures , 2006, ASIACRYPT.

[23]  Ronald Cramer,et al.  Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack , 2003, SIAM J. Comput..

[24]  Rafail Ostrovsky,et al.  Robust Non-interactive Zero Knowledge , 2001, CRYPTO.

[25]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[26]  A. J. Menezes,et al.  Advances in Cryptology - CRYPTO 2007, 27th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19-23, 2007, Proceedings , 2007, CRYPTO.

[27]  Serge Fehr,et al.  Perfect NIZK with Adaptive Soundness , 2007, TCC.

[28]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[29]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[30]  Kefei Chen,et al.  Advances in Cryptology - ASIACRYPT 2006, 12th International Conference on the Theory and Application of Cryptology and Information Security, Shanghai, China, December 3-7, 2006, Proceedings , 2006, ASIACRYPT.

[31]  Cynthia Dwork,et al.  Advances in Cryptology – CRYPTO 2020: 40th Annual International Cryptology Conference, CRYPTO 2020, Santa Barbara, CA, USA, August 17–21, 2020, Proceedings, Part III , 2020, Annual International Cryptology Conference.

[32]  Nigel P. Smart,et al.  Advances in Cryptology - EUROCRYPT 2008, 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Istanbul, Turkey, April 13-17, 2008. Proceedings , 2008, EUROCRYPT.

[33]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[34]  Mihir Bellare,et al.  Towards Plaintext-Aware Public-Key Encryption Without Random Oracles , 2004, ASIACRYPT.

[35]  Mihir Bellare,et al.  An Uninstantiable Random-Oracle-Model Scheme for a Hybrid-Encryption Problem , 2004, EUROCRYPT.

[36]  Robin Milner,et al.  On Observing Nondeterminism and Concurrency , 1980, ICALP.

[37]  R. Cramer,et al.  Linear Zero-Knowledgde. A Note on Efficient Zero-Knowledge Proofs and Arguments , 1996 .

[38]  Silvio Micali,et al.  The Knowledge Complexity of Interactive Proof Systems , 1989, SIAM J. Comput..

[39]  Jens Groth,et al.  Linear Algebra with Sub-linear Zero-Knowledge Arguments , 2009, CRYPTO.

[40]  Jesper Buus Nielsen,et al.  Separating Random Oracle Proofs from Complexity Theoretic Proofs: The Non-committing Encryption Case , 2002, CRYPTO.

[41]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[42]  Ivan Damgård,et al.  Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks , 1991, CRYPTO.

[43]  Yael Tauman Kalai,et al.  On the (In)security of the Fiat-Shamir paradigm , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[44]  Ivan Damgård,et al.  Non-Interactive Circuit Based Proofs and Non-Interactive Perfect Zero-knowledge with Proprocessing , 1992, EUROCRYPT.

[45]  Joe Kilian,et al.  An Efficient Noninteractive Zero-Knowledge Proof System for NP with General Assumptions , 1998, Journal of Cryptology.

[46]  Amit Sahai,et al.  Ring Signatures of Sub-linear Size Without Random Oracles , 2007, ICALP.

[47]  Jens Groth,et al.  Short Non-interactive Zero-Knowledge Proofs , 2010, ASIACRYPT.

[48]  Alfredo De Santis,et al.  Zero-knowledge proofs of knowledge without interaction , 1992, Proceedings., 33rd Annual Symposium on Foundations of Computer Science.

[49]  Ran Canetti,et al.  Universally composable protocols with relaxed set-up assumptions , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[50]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[51]  Giovanni Di Crescenzo,et al.  Randomness-Optimal Characterization of Two NP Proof Systems , 2002, RANDOM.

[52]  Brent Waters,et al.  Full-Domain Subgroup Hiding and Constant-Size Group Signatures , 2007, Public Key Cryptography.

[53]  Charles Clos,et al.  A study of non-blocking switching networks , 1953 .

[54]  José D. P. Rolim,et al.  Randomization and Approximation Techniques in Computer Science , 2002, Lecture Notes in Computer Science.

[55]  Hugo Krawczyk,et al.  On the Composition of Zero-Knowledge Proof Systems , 1990, ICALP.

[56]  Oded Goldreich,et al.  Definitions and properties of zero-knowledge proof systems , 1994, Journal of Cryptology.

[57]  Rafail Ostrovsky,et al.  Non-interactive Zaps and New Techniques for NIZK , 2006, CRYPTO.