Line-Point Zero Knowledge and Its Applications

We introduce and study a simple kind of proof system called line-point zero knowledge (LPZK). In an LPZK proof, the prover encodes the witness as an affine line v(t) := at + b in a vector space F, and the verifier queries the line at a single random point t = α. LPZK is motivated by recent practical protocols for vector oblivious linear evaluation (VOLE), which can be used to compile LPZK proof systems into lightweight designated-verifier NIZK protocols. We construct LPZK systems for proving satisfiability of arithmetic circuits with attractive efficiency features. These give rise to designated-verifier NIZK protocols that require only 2-5 times the computation of evaluating the circuit in the clear (following an input-independent preprocessing phase), and where the prover communicates roughly 2 field elements per multiplication gate, or roughly 1 element in the random oracle model with a modestly higher computation cost. On the theoretical side, our LPZK systems give rise to the first linear interactive proofs (Bitansky et al., TCC 2013) that are zero knowledge against a malicious verifier. We then apply LPZK towards simplifying and improving recent constructions of reusable non-interactive secure computation (NISC) from VOLE (Chase et al., Crypto 2019). As an application, we give concretely efficient and reusable NISC protocols over VOLE for bounded inner product, where the sender’s input vector should have a bounded L2-norm.

[1]  Rafail Ostrovsky,et al.  Efficient Non-interactive Secure Computation , 2011, EUROCRYPT.

[2]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[3]  Jesper Madsen,et al.  ZKBoo: Faster Zero-Knowledge for Boolean Circuits , 2016, USENIX Security Symposium.

[4]  Moni Naor,et al.  Oblivious Polynomial Evaluation , 2006, SIAM J. Comput..

[5]  Alex J. Malozemoff,et al.  Mac'n'Cheese: Zero-Knowledge Proofs for Arithmetic Circuits with Nested Disjunctions , 2020, IACR Cryptol. ePrint Arch..

[6]  Yael Tauman Kalai,et al.  Delegating computation: interactive proofs for muggles , 2008, STOC.

[7]  Jens Groth,et al.  On the Size of Pairing-Based Non-interactive Arguments , 2016, EUROCRYPT.

[8]  Yuval Ishai,et al.  Compressing Vector OLE , 2018, CCS.

[9]  Rafail Ostrovsky,et al.  Round Optimal Black-Box “Commit-and-Prove” , 2018, IACR Cryptol. ePrint Arch..

[10]  Rafail Ostrovsky,et al.  Reusable Non-Interactive Secure Computation , 2019, IACR Cryptol. ePrint Arch..

[11]  Dawn Song,et al.  Transparent Polynomial Delegation and Its Applications to Zero Knowledge Proof , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[12]  Craig Gentry,et al.  Quadratic Span Programs and Succinct NIZKs without PCPs , 2013, IACR Cryptol. ePrint Arch..

[13]  Ivan Damgård,et al.  Semi-Homomorphic Encryption and Multiparty Computation , 2011, IACR Cryptol. ePrint Arch..

[14]  Ivan Damgård,et al.  Multiparty Computation from Somewhat Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[15]  Benny Pinkas,et al.  Non-Interactive Secure Computation Based on Cut-and-Choose , 2014, IACR Cryptol. ePrint Arch..

[16]  Rafail Ostrovsky,et al.  Efficient Arguments without Short PCPs , 2007, Twenty-Second Annual IEEE Conference on Computational Complexity (CCC'07).

[17]  Yuval Ishai,et al.  Perfectly Secure Multiparty Computation and the Computational Overhead of Cryptography , 2010, IACR Cryptol. ePrint Arch..

[18]  Yuval Ishai,et al.  Efficient Pseudorandom Correlation Generators: Silent OT Extension and More , 2019, IACR Cryptol. ePrint Arch..

[19]  Yuval Ishai,et al.  Perfect Constant-Round Secure Computation via Perfect Randomizing Polynomials , 2002, ICALP.

[20]  Yuval Ishai,et al.  How to Garble Arithmetic Circuits , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[21]  Claudio Orlandi,et al.  Privacy-Free Garbled Circuits with Applications To Efficient Zero-Knowledge , 2015, IACR Cryptol. ePrint Arch..

[22]  Yuval Ishai,et al.  Circuits resilient to additive attacks with applications to secure computation , 2014, STOC.

[23]  Ron Rothblum,et al.  Reusable Designated-Verifier NIZKs for all NP from CDH , 2019, IACR Cryptol. ePrint Arch..

[24]  Yuval Ishai,et al.  Secure Arithmetic Computation with No Honest Majority , 2008, IACR Cryptol. ePrint Arch..

[25]  Yuval Ishai,et al.  Correlated Pseudorandom Functions from Variable-Density LPN , 2020, 2020 IEEE 61st Annual Symposium on Foundations of Computer Science (FOCS).

[26]  Kang Yang,et al.  Fast, Scalable, and Communication-Efficient Zero-Knowledge Proofs for Boolean and Arithmetic Circuits , 2020, IACR Cryptol. ePrint Arch..

[27]  Payman Mohassel,et al.  Non-interactive Secure 2PC in the Offline/Online and Batch Settings , 2017, EUROCRYPT.

[28]  Mariana Raykova,et al.  Distributed Vector-OLE: Improved Constructions and Implementation , 2019, IACR Cryptol. ePrint Arch..

[29]  Nir Bitansky,et al.  Succinct Non-Interactive Arguments via Linear Interactive Proofs , 2013, Journal of Cryptology.

[30]  Ron Rothblum,et al.  New Constructions of Reusable Designated-Verifier NIZKs , 2019, IACR Cryptol. ePrint Arch..

[31]  Weijie Wang,et al.  Doubly Efficient Interactive Proofs for General Arithmetic Circuits with Linear Prover Time , 2021, IACR Cryptol. ePrint Arch..

[32]  Dawn Xiaodong Song,et al.  Libra: Succinct Zero-Knowledge Proofs with Optimal Prover Computation , 2019, IACR Cryptol. ePrint Arch..

[33]  Yuval Ishai,et al.  Efficient Pseudorandom Correlation Generators from Ring-LPN , 2020, CRYPTO.

[34]  Carsten Lund,et al.  Proof verification and hardness of approximation problems , 1992, Proceedings., 33rd Annual Symposium on Foundations of Computer Science.

[35]  Jonathan Katz,et al.  Improved Non-Interactive Zero Knowledge with Applications to Post-Quantum Signatures , 2018, IACR Cryptol. ePrint Arch..

[36]  Jens Groth,et al.  Linear-Time Zero-Knowledge Proofs for Arithmetic Circuit Satisfiability , 2017, IACR Cryptol. ePrint Arch..

[37]  Yuval Ishai,et al.  Secure Arithmetic Computation with Constant Computational Overhead , 2017, CRYPTO.

[38]  Peter Scholl,et al.  Efficient Protocols for Oblivious Linear Function Evaluation from Ring-LWE , 2020, IACR Cryptol. ePrint Arch..

[39]  Yuval Ishai,et al.  Efficient Two-Round OT Extension and Silent Non-Interactive Secure Computation , 2019, IACR Cryptol. ePrint Arch..

[40]  Rafail Ostrovsky,et al.  Zero-Knowledge Proofs from Secure Multiparty Computation , 2009, SIAM J. Comput..

[41]  Manuel Blum,et al.  Non-Interactive Zero-Knowledge and Its Applications (Extended Abstract) , 1988, STOC 1988.

[42]  Daniel Slamanig,et al.  Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives , 2017, CCS.

[43]  Eli Ben-Sasson,et al.  Scalable Zero Knowledge with No Trusted Setup , 2019, CRYPTO.

[44]  Vinod Vaikuntanathan,et al.  Fast Vector Oblivious Linear Evaluation from Ring Learning with Errors , 2020, IACR Cryptol. ePrint Arch..

[45]  David Heath,et al.  Stacked Garbling for Disjunctive Zero-Knowledge Proofs , 2020, IACR Cryptol. ePrint Arch..

[46]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.