NIZK from SNARG

We give a construction of a non-interactive zero-knowledge (NIZK) argument for all NP languages based on a succinct non-interactive argument (SNARG) for all NP languages and a one-way function. The succinctness requirement for the SNARG is rather mild: We only require that the proof size be |π| = poly(λ)(|x|+ |w|) for some constant c < 1/2, where |x| is the statement length, |w| is the witness length, and λ is the security parameter. Especially, we do not require anything about the efficiency of the verification. Based on this result, we also give a generic conversion from a SNARG to a zero-knowledge SNARG assuming the existence of CPA secure public-key encryption. For this conversion, we require a SNARG to have efficient verification, i.e., the computational complexity of the verification algorithm is poly(λ)(|x|+ |w|). Before this work, such a conversion was only known if we additionally assume the existence of a NIZK. Along the way of obtaining our result, we give a generic compiler to upgrade a NIZK for all NP languages with non-adaptive zero-knowledge to one with adaptive zero-knowledge. Though this can be shown by carefully combining known results, to the best of our knowledge, no explicit proof of this generic conversion has been presented.

[1]  Ilan Komargodski,et al.  SPARKs: Succinct Parallelizable Arguments of Knowledge , 2020, EUROCRYPT.

[2]  Jens Groth,et al.  Short Pairing-Based Non-interactive Zero-Knowledge Arguments , 2010, ASIACRYPT.

[3]  Moni Naor,et al.  Bit commitment using pseudorandomness , 1989, Journal of Cryptology.

[4]  Ran Canetti,et al.  Certifying Trapdoor Permutations, Revisited , 2018, IACR Cryptol. ePrint Arch..

[5]  Dan Boneh,et al.  Verifiable Delay Functions , 2018, IACR Cryptol. ePrint Arch..

[6]  Peter Manohar,et al.  Succinct Arguments in the Quantum Random Oracle Model , 2019, IACR Cryptol. ePrint Arch..

[7]  David J. Wu,et al.  Multi-Theorem Preprocessing NIZKs from Lattices , 2018, IACR Cryptol. ePrint Arch..

[8]  Manuel Blum,et al.  Non-Interactive Zero-Knowledge and Its Applications (Extended Abstract) , 1988, STOC 1988.

[9]  Ron Rothblum,et al.  Fiat-Shamir and Correlation Intractability from Strong KDM-Secure Encryption , 2018, IACR Cryptol. ePrint Arch..

[10]  Oded Goldreich Basing Non-Interactive Zero-Knowledge on (Enhanced) Trapdoor Permutations: The State of the Art , 2011, Studies in Complexity and Cryptography.

[11]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[12]  Ran Canetti,et al.  A Forward-Secure Public-Key Encryption Scheme , 2003, Journal of Cryptology.

[13]  Ron Rothblum,et al.  Enhancements of Trapdoor Permutations , 2012, Journal of Cryptology.

[14]  Mihir Bellare,et al.  Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions , 2003, EUROCRYPT.

[15]  Yael Tauman Kalai,et al.  How to Leak a Secret: Theory and Applications of Ring Signatures , 2001, Essays in Memory of Shimon Even.

[16]  Silvio Micali,et al.  Computationally Sound Proofs , 2000, SIAM J. Comput..

[17]  Yevgeniy Dodis,et al.  Efficient Public-Key Cryptography in the Presence of Key Leakage , 2010, ASIACRYPT.

[18]  Oded Goldreich,et al.  Definitions and properties of zero-knowledge proof systems , 1994, Journal of Cryptology.

[19]  Adi Shamir,et al.  Multiple NonInteractive Zero Knowledge Proofs Under General Assumptions , 1999, SIAM J. Comput..

[20]  Hoeteck Wee,et al.  New Constructions of Statistical NIZKs: Dual-Mode DV-NIZKs and More , 2020, IACR Cryptol. ePrint Arch..

[21]  Silvio Micali,et al.  A Completeness Theorem for Protocols with Honest Majority , 1987, STOC 1987.

[22]  Ivan Damgård,et al.  Bounded Tamper Resilience: How to Go Beyond the Algebraic Barrier , 2013, Journal of Cryptology.

[23]  Moni Naor,et al.  Zaps and their applications , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[24]  Nicholas Spooner,et al.  Fractal: Post-Quantum and Transparent Recursive Proofs from Holography , 2020, IACR Cryptol. ePrint Arch..

[25]  Craig Gentry,et al.  Separating succinct non-interactive arguments from all falsifiable assumptions , 2011, IACR Cryptol. ePrint Arch..

[26]  Brent Waters,et al.  How to use indistinguishability obfuscation: deniable encryption, and more , 2014, IACR Cryptol. ePrint Arch..

[27]  Yael Tauman Kalai,et al.  From Obfuscation to the Security of Fiat-Shamir for Proofs , 2017, CRYPTO.

[28]  Shuichi Katsumata,et al.  Non-interactive Zero-Knowledge in Pairing-Free Groups from Weaker Assumptions , 2020, EUROCRYPT.

[29]  Yuval Ishai,et al.  Quasi-Optimal SNARGs via Linear Multi-Prover Interactive Proofs , 2018, IACR Cryptol. ePrint Arch..

[30]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[31]  Vinod Vaikuntanathan,et al.  Signature Schemes with Bounded Leakage Resilience , 2009, ASIACRYPT.

[32]  Carmit Hazay,et al.  Leakage-Resilient Cryptography from Minimal Assumptions , 2015, Journal of Cryptology.

[33]  Yuval Ishai,et al.  Lattice-Based SNARGs and Their Application to More Efficient Obfuscation , 2017, EUROCRYPT.

[34]  Eli Ben-Sasson,et al.  Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[35]  Hoeteck Wee,et al.  On Round-Efficient Argument Systems , 2005, ICALP.

[36]  Nir Bitansky,et al.  Succinct Non-Interactive Arguments via Linear Interactive Proofs , 2013, Journal of Cryptology.

[37]  Nir Bitansky,et al.  Succinct Arguments from Multi-prover Interactive Proofs and Their Efficiency Benefits , 2012, CRYPTO.

[38]  Rafail Ostrovsky,et al.  New Techniques for Noninteractive Zero-Knowledge , 2012, JACM.

[39]  Ryo Nishimaki,et al.  Exploring Constructions of Compact NIZKs from Various Assumptions , 2019, IACR Cryptol. ePrint Arch..

[40]  Nir Bitansky,et al.  The Hunting of the SNARK , 2016, Journal of Cryptology.

[41]  Chris Peikert,et al.  Noninteractive Zero Knowledge for NP from (Plain) Learning With Errors , 2019, IACR Cryptol. ePrint Arch..

[42]  Vinod Vaikuntanathan,et al.  Simultaneous Hardcore Bits and Cryptography against Memory Attacks , 2009, TCC.

[43]  Ben Fisch,et al.  Transparent SNARKs from DARK Compilers , 2020, IACR Cryptol. ePrint Arch..

[44]  Jens Groth,et al.  On the Size of Pairing-Based Non-interactive Arguments , 2016, EUROCRYPT.

[45]  Ron Rothblum,et al.  Fiat-Shamir: from practice to theory , 2019, STOC.

[46]  Paul Valiant,et al.  Incrementally Verifiable Computation or Proofs of Knowledge Imply Time/Space Efficiency , 2008, TCC.

[47]  Abhi Shelat,et al.  Unconditional Characterizations of Non-interactive Zero-Knowledge , 2005, CRYPTO.

[48]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[49]  Craig Gentry,et al.  Quadratic Span Programs and Succinct NIZKs without PCPs , 2013, IACR Cryptol. ePrint Arch..

[50]  Ron Rothblum,et al.  Reusable Designated-Verifier NIZKs for all NP from CDH , 2019, IACR Cryptol. ePrint Arch..

[51]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[52]  Mary Maller,et al.  Marlin: Preprocessing zkSNARKs with Universal and Updatable SRS , 2020, IACR Cryptol. ePrint Arch..