Exploring Constructions of Compact NIZKs from Various Assumptions

A non-interactive zero-knowledge (NIZK) protocol allows a prover to non-interactively convince a verifier of the truth of the statement without leaking any other information. In this study, we explore shorter NIZK proofs for all \(\mathbf{NP }\) languages. Our primary interest is NIZK proofs from falsifiable pairing/pairing-free group-based assumptions. Thus far, NIZKs in the common reference string model (CRS-NIZKs) for \(\mathbf{NP }\) based on falsifiable pairing-based assumptions all require a proof size at least as large as \(O(|C| \kappa )\), where C is a circuit computing the \(\mathbf{NP }\) relation and \(\kappa \) is the security parameter. This holds true even for the weaker designated-verifier NIZKs (DV-NIZKs). Notably, constructing a (CRS, DV)-NIZK with proof size achieving an additive-overhead \(O(|C|) + \mathsf {poly}(\kappa )\), rather than a multiplicative-overhead \(|C| \cdot \mathsf {poly}(\kappa )\), based on any falsifiable pairing-based assumptions is an open problem.

[1]  Dennis Hofheinz,et al.  Designated-verifier pseudorandom generators, and their applications , 2019, IACR Cryptol. ePrint Arch..

[2]  Ran Canetti,et al.  A Forward-Secure Public-Key Encryption Scheme , 2003, Journal of Cryptology.

[3]  Leonid A. Levin,et al.  A hard-core predicate for all one-way functions , 1989, STOC '89.

[4]  Silvio Micali,et al.  A Completeness Theorem for Protocols with Honest Majority , 1987, STOC 1987.

[5]  Shuichi Katsumata,et al.  On the Untapped Potential of Encoding Predicates by Arithmetic Circuits and Their Applications , 2017, ASIACRYPT.

[6]  Ivan Damgård,et al.  Non-interactive Zero-Knowledge from Homomorphic Encryption , 2006, TCC.

[7]  Ron Rothblum,et al.  Fiat-Shamir: from practice to theory , 2019, STOC.

[8]  Moni Naor,et al.  Nonmalleable Cryptography , 2000, SIAM Rev..

[9]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[10]  Daniel Wichs,et al.  Leveled Fully Homomorphic Signatures from Standard Lattices , 2015, IACR Cryptol. ePrint Arch..

[11]  Jens Groth,et al.  On the Size of Pairing-Based Non-interactive Arguments , 2016, EUROCRYPT.

[12]  M. Kasahara,et al.  A New Traitor Tracing , 2002, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[13]  Yuval Ishai,et al.  Breaking the Circuit Size Barrier for Secure Computation Under DDH , 2016, CRYPTO.

[14]  Ryo Nishimaki,et al.  Designated Verifier/Prover and Preprocessing NIZKs from Diffie-Hellman Assumptions , 2019, IACR Cryptol. ePrint Arch..

[15]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[16]  Amit Sahai,et al.  Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[17]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[18]  Vinod Vaikuntanathan,et al.  Functional Encryption with Bounded Collusions via Multi-party Computation , 2012, CRYPTO.

[19]  Abhi Shelat,et al.  Adaptively Secure MPC with Sublinear Communication Complexity , 2019, Journal of Cryptology.

[20]  Silvio Micali,et al.  Non-Interactive Zero-Knowledge with Preprocessing , 1988, CRYPTO.

[21]  Abhi Shelat,et al.  Construction of a Non-malleable Encryption Scheme from Any Semantically Secure One , 2006, CRYPTO.

[22]  Moti Yung,et al.  Certifying Permutations: Noninteractive zero-knowledge based on any trapdoor permutation , 1996, Journal of Cryptology.

[23]  Jens Groth,et al.  Making Sigma-Protocols Non-interactive Without Random Oracles , 2015, Public Key Cryptography.

[24]  George Danezis,et al.  Square Span Programs with Applications to Succinct NIZK Arguments , 2014, ASIACRYPT.

[25]  Ran Canetti,et al.  Certifying Trapdoor Permutations, Revisited , 2018, IACR Cryptol. ePrint Arch..

[26]  Adi Shamir,et al.  Multiple NonInteractive Zero Knowledge Proofs Under General Assumptions , 1999, SIAM J. Comput..

[27]  Craig Gentry,et al.  Separating succinct non-interactive arguments from all falsifiable assumptions , 2011, STOC '11.

[28]  Hamza Abusalah,et al.  Generic Instantiations Of The Hidden Bits Model For Non-Interactive Zero-Knowledge Proofs For NP by , 2017 .

[29]  Damien Stehlé,et al.  Fully Secure Functional Encryption for Inner Products, from Standard Assumptions , 2016, CRYPTO.

[30]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[31]  Ivan Damgård,et al.  Non-Interactive Circuit Based Proofs and Non-Interactive Perfect Zero-knowledge with Proprocessing , 1992, EUROCRYPT.

[32]  Amit Sahai,et al.  Efficient Noninteractive Proof Systems for Bilinear Groups , 2008, SIAM J. Comput..

[33]  Chris Peikert,et al.  Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller , 2012, IACR Cryptol. ePrint Arch..

[34]  Rafail Ostrovsky,et al.  Minimum resource zero-knowledge proofs (extended abstracts) , 1989, CRYPTO 1989.

[35]  Jens Groth,et al.  Short Pairing-Based Non-interactive Zero-Knowledge Arguments , 2010, ASIACRYPT.

[36]  Joe Kilian,et al.  On the complexity of bounded-interaction and noninteractive zero-knowledge proofs , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[37]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[38]  Geoffroy Couteau,et al.  Efficient Designated-Verifier Non-Interactive Zero-Knowledge Proofs of Knowledge , 2018, IACR Cryptol. ePrint Arch..

[39]  Craig Gentry,et al.  A fully homomorphic encryption scheme , 2009 .

[40]  Mihir Bellare,et al.  Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions , 2003, EUROCRYPT.

[41]  Carmine Ventre,et al.  Co-sound Zero-Knowledge with Public Keys , 2009, AFRICACRYPT.

[42]  Manuel Blum,et al.  Non-interactive zero-knowledge and its applications , 1988, STOC '88.

[43]  B. Barak Fully Homomorphic Encryption and Post Quantum Cryptography , 2010 .

[44]  Nir Bitansky,et al.  Perfect Structure on the Edge of Chaos - Trapdoor Permutations from Indistinguishability Obfuscation , 2016, TCC.

[45]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[46]  Rafail Ostrovsky,et al.  Zero-Knowledge Proofs from Secure Multiparty Computation , 2009, SIAM J. Comput..

[47]  Georg Fuchsbauer,et al.  Structure-Preserving Signatures and Commitments to Group Elements , 2010, Journal of Cryptology.

[48]  Helger Lipmaa,et al.  Optimally Sound Sigma Protocols Under DCRA , 2017, Financial Cryptography.

[49]  Ron Rothblum,et al.  Fiat-Shamir and Correlation Intractability from Strong KDM-Secure Encryption , 2018, IACR Cryptol. ePrint Arch..

[50]  Yael Tauman Kalai,et al.  How to Leak a Secret: Theory and Applications of Ring Signatures , 2001, Essays in Memory of Shimon Even.

[51]  Yuval Ishai,et al.  Using Fully Homomorphic Hybrid Encryption to Minimize Non-interative Zero-Knowledge Proofs , 2015, Journal of Cryptology.

[52]  Rafail Ostrovsky,et al.  Minimum Resource Zero-Knowledge Proofs (Extended Abstract) , 1989, CRYPTO.

[53]  Dario Fiore,et al.  Practical Homomorphic Message Authenticators for Arithmetic Circuits , 2016, Journal of Cryptology.

[54]  Stephen A. Cook,et al.  Log Depth Circuits for Division and Related Problems , 1986, SIAM J. Comput..

[55]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[56]  Craig Gentry,et al.  Pinocchio: Nearly Practical Verifiable Computation , 2013, 2013 IEEE Symposium on Security and Privacy.

[57]  Jacques Stern,et al.  A new public key cryptosystem based on higher residues , 1998, CCS '98.

[58]  Helger Lipmaa,et al.  Succinct Non-Interactive Zero Knowledge Arguments from Span Programs and Linear Error-Correcting Codes , 2013, IACR Cryptol. ePrint Arch..

[59]  Allison Bishop,et al.  Decentralizing Attribute-Based Encryption , 2011, IACR Cryptol. ePrint Arch..

[60]  Oded Goldreich,et al.  Definitions and properties of zero-knowledge proof systems , 1994, Journal of Cryptology.

[61]  Nir Bitansky,et al.  ZAPs and Non-Interactive Witness Indistinguishability from Indistinguishability Obfuscation , 2015, TCC.

[62]  Moni Naor,et al.  Number-theoretic constructions of efficient pseudo-random functions , 2004, JACM.

[63]  David J. Wu,et al.  Multi-Theorem Preprocessing NIZKs from Lattices , 2018, IACR Cryptol. ePrint Arch..

[64]  Manuel Blum,et al.  Non-Interactive Zero-Knowledge and Its Applications (Extended Abstract) , 1988, STOC 1988.

[65]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[66]  Angelo De Caro,et al.  Simple Functional Encryption Schemes for Inner Products , 2015, IACR Cryptol. ePrint Arch..

[67]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[68]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[69]  Jens Groth,et al.  Short Non-interactive Zero-Knowledge Proofs , 2010, ASIACRYPT.

[70]  Brent Waters,et al.  Candidate Indistinguishability Obfuscation and Functional Encryption for all Circuits , 2013, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science.

[71]  Rafail Ostrovsky,et al.  New Techniques for Noninteractive Zero-Knowledge , 2012, JACM.

[72]  Ivan Damgård,et al.  Secret-Key Zero-Knowlegde and Non-interactive Verifiable Exponentiation , 2004, TCC.

[73]  Adi Shamir,et al.  Publicly Verifiable Non-Interactive Zero-Knowledge Proofs , 1990, CRYPTO.

[74]  Hoeteck Wee,et al.  Laconic Function Evaluation and Applications , 2018, 2018 IEEE 59th Annual Symposium on Foundations of Computer Science (FOCS).

[75]  Nir Bitansky,et al.  From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again , 2012, ITCS '12.

[76]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[77]  Brent Waters,et al.  How to use indistinguishability obfuscation: deniable encryption, and more , 2014, IACR Cryptol. ePrint Arch..

[78]  Joe Kilian,et al.  An Efficient Noninteractive Zero-Knowledge Proof System for NP with General Assumptions , 1998, Journal of Cryptology.

[79]  Yael Tauman Kalai,et al.  From Obfuscation to the Security of Fiat-Shamir for Proofs , 2017, CRYPTO.

[80]  Craig Gentry,et al.  Quadratic Span Programs and Succinct NIZKs without PCPs , 2013, IACR Cryptol. ePrint Arch..

[81]  Oded Goldreich,et al.  The Foundations of Cryptography - Volume 2: Basic Applications , 2001 .

[82]  Moni Naor,et al.  On Cryptographic Assumptions and Challenges , 2003, CRYPTO.

[83]  Helger Lipmaa,et al.  Progression-Free Sets and Sublinear Pairing-Based Non-Interactive Zero-Knowledge Arguments , 2012, TCC.

[84]  Ron Rothblum,et al.  Reusable Designated-Verifier NIZKs for all NP from CDH , 2019, IACR Cryptol. ePrint Arch..