Succinct Diophantine-Satisfiability Arguments

A Diophantine equation is a multi-variate polynomial equation with integer coefficients, and it is satisfiable if it has a solution with all unknowns taking integer values. Davis, Putnam, Robinson and Matiyasevich showed that the general Diophantine satisfiability problem is undecidable (giving a negative answer to Hilbert’s tenth problem) but it is nevertheless possible to argue in zero-knowledge the knowledge of a solution, if a solution is known to a prover. We provide the first succinct honest-verifier zero-knowledge argument for the satisfiability of Diophantine equations with a communication complexity and a round complexity that grows logarithmically in the size of the polynomial equation. The security of our argument relies on standard assumptions on hidden-order groups. As the argument requires to commit to integers, we introduce a new integer-commitment scheme that has much smaller parameters than Damgård and Fujisaki’s scheme. We finally show how to succinctly argue knowledge of solutions to several NP-complete problems and cryptographic problems by encoding them as Diophantine equations.

[1]  Ivan Damgård,et al.  A Statistically-Hiding Integer Commitment Scheme Based on Groups with Hidden Order , 2002, ASIACRYPT.

[2]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[3]  Hofreiter Diophantische Gleichungen , 1939 .

[4]  Jens Groth,et al.  Efficient Zero-Knowledge Arguments for Arithmetic Circuits in the Discrete Log Setting , 2016, EUROCRYPT.

[5]  Arkadii Slinko,et al.  A Generalization of Komlos Theorem on Random Matrices , 2000 .

[6]  Dan Boneh,et al.  Bulletproofs: Short Proofs for Confidential Transactions and More , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[7]  H. Bateman Book Review: Ergebnisse der Mathematik und ihrer Grenzgebiete , 1933 .

[8]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[9]  E. Bareiss Sylvester’s identity and multistep integer-preserving Gaussian elimination , 1968 .

[10]  R. Tennant Algebra , 1941, Nature.

[11]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[12]  Ben Fisch,et al.  Transparent SNARKs from DARK Compilers , 2020, IACR Cryptol. ePrint Arch..

[13]  Roberto Maria Avanzi The Complexity of Certain Multi-Exponentiation Techniques in Cryptography , 2004, Journal of Cryptology.

[14]  Jens Groth,et al.  Linear Algebra with Sub-linear Zero-Knowledge Arguments , 2009, CRYPTO.

[15]  Fabrice Boudot,et al.  Efficient Proofs that a Committed Number Lies in an Interval , 2000, EUROCRYPT.

[16]  Jens Groth,et al.  Non-interactive Zero-Knowledge Arguments for Voting , 2005, ACNS.

[17]  Markulf Kohlweiss,et al.  One-Out-of-Many Proofs: Or How to Leak a Secret and Spend a Coin , 2015, EUROCRYPT.

[18]  Birgit Pfitzmann,et al.  Collision-Free Accumulators and Fail-Stop Signature Schemes Without Trees , 1997, EUROCRYPT.

[19]  Jean-Jacques Quisquater,et al.  A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory , 1988, EUROCRYPT.

[20]  Jens Groth,et al.  Simulation-Sound NIZK Proofs for a Practical Language and Constant Size Group Signatures , 2006, ASIACRYPT.

[21]  Johannes A. Buchmann,et al.  A Signature Scheme Based on the Intractability of Computing Roots , 2002, Des. Codes Cryptogr..

[22]  Pierre-Alain Fouque,et al.  On the Security of RDSA , 2003, EUROCRYPT.

[23]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[24]  Ju. V. Matijasevic,et al.  ENUMERABLE SETS ARE DIOPHANTINE , 2003 .

[25]  David Pointcheval,et al.  Removing the Strong RSA Assumption from Arguments over the Integers , 2017, IACR Cryptol. ePrint Arch..

[26]  Vadim Lyubashevsky,et al.  Short Discrete Log Proofs for FHE and Ring-LWE Ciphertexts , 2019, IACR Cryptol. ePrint Arch..

[27]  Melissa Chase,et al.  Efficient Zero-Knowledge Proof of Algebraic and Non-Algebraic Statements with Applications to Privacy Preserving Credentials , 2016, CRYPTO.

[28]  Jens Groth,et al.  Zero-Knowledge Argument for Polynomial Evaluation with Application to Blacklists , 2013, EUROCRYPT.

[29]  Helger Lipmaa,et al.  On Diophantine Complexity and Statistical Zero-Knowledge Arguments , 2003, ASIACRYPT.

[30]  Alfred Menezes,et al.  The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.

[31]  Tatsuaki Okamoto,et al.  Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations , 1997, CRYPTO.

[32]  Rafail Ostrovsky,et al.  Perfect Non-Interactive Zero Knowledge for NP , 2006, IACR Cryptol. ePrint Arch..

[33]  R. Gregory Taylor,et al.  Modern computer algebra , 2002, SIGA.

[34]  Jan Camenisch,et al.  Efficient Group Signature Schemes for Large Groups (Extended Abstract) , 1997, CRYPTO.