Triply Adaptive UC NIZK

The only known non-interactive zero-knowledge (NIZK) protocol that is secure against adaptive corruption of the prover is based on that of Groth-Ostrovsky-Sahai (JACM’11) (GOS). However that protocol does not guarantee full adaptive soundness. Abe and Fehr (TCC’07) construct an adaptively sound variant of the GOS protocol under a knowledge-of-exponent assumption, but knowledge assumptions of this type are inherently incompatible with universally composable (UC) security. We show the first NIZK which is triply adaptive: it is a UC NIZK protocol in a multiparty, multi-instance setting, with adaptive corruptions and no data erasures. Furthermore, the protocol provides full adaptive soundness. Our construction is very different than that of GOS: it is based on the recent NIZK of Canetti et al (STOC’19), and can be based on a variety of assumptions (e.g. LWE, or LPN and DDH). We also show how to get a succinct reference string assuming LWE or DDH from GOS-like techniques. ∗Member of the CPIIS. Supported by NSF Awards 1931714, 1801564, 1414119, and the DARPA SIEVE program.

[1]  Rafail Ostrovsky,et al.  New Techniques for Noninteractive Zero-Knowledge , 2012, JACM.

[2]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[3]  Daniel Wichs,et al.  Leveled Fully Homomorphic Signatures from Standard Lattices , 2015, IACR Cryptol. ePrint Arch..

[4]  John Rompel,et al.  One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.

[5]  Ivan Damgård,et al.  Improved Non-committing Encryption Schemes Based on a General Complexity Assumption , 2000, CRYPTO.

[6]  Manuel Blum,et al.  Proving Security Against Chosen Cyphertext Attacks , 1988, CRYPTO.

[7]  Ron Rothblum,et al.  Enhancements of Trapdoor Permutations , 2012, Journal of Cryptology.

[8]  Mihir Bellare,et al.  Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions , 2003, EUROCRYPT.

[9]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[10]  Abhi Shelat,et al.  How to Use SNARKs in Universally Composable Protocols , 2015, IACR Cryptol. ePrint Arch..

[11]  Serge Fehr,et al.  Perfect NIZK with Adaptive Soundness , 2007, TCC.

[12]  Ivan Damgård,et al.  Adaptively Secure Multi-Party Computation from LWE (via Equivocal FHE) , 2016, Public Key Cryptography.

[13]  Yuval Ishai,et al.  Using Fully Homomorphic Hybrid Encryption to Minimize Non-interative Zero-Knowledge Proofs , 2015, Journal of Cryptology.

[14]  Ryo Nishimaki,et al.  Exploring Constructions of Compact NIZKs from Various Assumptions , 2019, IACR Cryptol. ePrint Arch..

[15]  Eli Ben-Sasson,et al.  Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[16]  Yehuda Lindell,et al.  Universally composable two-party and multi-party secure computation , 2002, STOC '02.

[17]  Manuel Blum,et al.  Noninteractive Zero-Knowledge , 1991, SIAM J. Comput..

[18]  Chris Peikert,et al.  Noninteractive Zero Knowledge for NP from (Plain) Learning With Errors , 2019, IACR Cryptol. ePrint Arch..

[19]  Ran Canetti,et al.  Efficient and Round-Optimal Oblivious Transfer and Commitment with Adaptive Security , 2020, IACR Cryptol. ePrint Arch..

[20]  Florian Kerschbaum,et al.  Zero-knowledge using garbled circuits: how to prove non-algebraic statements efficiently , 2013, IACR Cryptol. ePrint Arch..

[21]  Abhi Shelat,et al.  Adaptively Secure MPC with Sublinear Communication Complexity , 2019, Journal of Cryptology.

[22]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[23]  Jonathan Katz,et al.  Ring Signatures: Stronger Definitions, and Constructions without Random Oracles , 2005, IACR Cryptol. ePrint Arch..

[24]  Ran Canetti,et al.  Universally Composable Commitments , 2001, CRYPTO.

[25]  Ivan Visconti,et al.  Online/Offline OR Composition of Sigma Protocols , 2016, IACR Cryptol. ePrint Arch..

[26]  Ivan Visconti,et al.  Improved OR Composition of Sigma-Protocols , 2016, IACR Cryptol. ePrint Arch..

[27]  Rafail Ostrovsky,et al.  Perfect Non-Interactive Zero Knowledge for NP , 2006, IACR Cryptol. ePrint Arch..

[28]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[29]  Rafail Ostrovsky,et al.  Robust Non-interactive Zero Knowledge , 2001, CRYPTO.

[30]  Moni Naor,et al.  Non-Malleable Cryptography (Extended Abstract) , 1991, STOC 1991.

[31]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[32]  Adi Shamir,et al.  Multiple NonInteractive Zero Knowledge Proofs Under General Assumptions , 1999, SIAM J. Comput..

[33]  Marc Fischlin,et al.  The Representation Problem Based on Factoring , 2002, CT-RSA.

[34]  Ryo Nishimaki,et al.  Compact NIZKs from Standard Assumptions on Bilinear Maps , 2020, IACR Cryptol. ePrint Arch..

[35]  Juan A. Garay,et al.  Strengthening Zero-Knowledge Protocols Using Signatures , 2003, Journal of Cryptology.

[36]  Brent Waters,et al.  Homomorphic Encryption from Learning with Errors: Conceptually-Simpler, Asymptotically-Faster, Attribute-Based , 2013, CRYPTO.

[37]  Rafail Ostrovsky,et al.  Trapdoor Hash Functions and Their Applications , 2019, IACR Cryptol. ePrint Arch..

[38]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[39]  Ke Yang,et al.  On Simulation-Sound Trapdoor Commitments , 2004, EUROCRYPT.

[40]  Zvika Brakerski,et al.  NIZK from LPN and Trapdoor Hash via Correlation Intractability for Approximable Relations , 2020, IACR Cryptol. ePrint Arch..

[41]  Daniele Venturi,et al.  On Adaptive Security of Delayed-Input Sigma Protocols and Fiat-Shamir NIZKs , 2020, IACR Cryptol. ePrint Arch..

[42]  Silvio Micali,et al.  A Completeness Theorem for Protocols with Honest Majority , 1987, STOC 1987.

[43]  Ron Rothblum,et al.  Fiat-Shamir: from practice to theory , 2019, STOC.

[44]  Tatsuaki Okamoto,et al.  Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes , 1992, CRYPTO.