New Techniques for Non-interactive Zero-Knowledge

Non-interactive zero-knowledge (NIZK) proof systems are fundamental primitives used in many cryptographic constructions, including public-key encryption secure against chosen ciphertext attack, digital signatures, and various other cryptographic protocols. We introduce new techniques for constructing NIZK proofs based on groups with a bilinear map. Compared to previous constructions of NIZK proofs, our techniques yield dramatic reduction in the length of the common reference string (CRS) (our CRS is proportional to security parameter) and the size of the proofs (proportional to security parameter times the circuit size). Our novel techniques allow us to answer several long-standing open questions cryptography: • We construct the first perfect NIZK argument system for all NP; • We construct the first universally composable NIZK argument for all NP in the presence of an adaptive adversary. • We construct a non-interactive zap for all NP, which is the first that is based on a standard cryptographic security assumption. Another important contribution of this paper is the introduction of a new “parameter switching” technique in cryptography, later renamed “lossy encryption” and “dual encryption”. This technique has proven to be an important new tool for solving multiple other cryptographic problems.

[1]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[2]  Rafail Ostrovsky,et al.  Perfect Non-Interactive Zero Knowledge for NP , 2006, IACR Cryptol. ePrint Arch..

[3]  Leonid A. Levin,et al.  A hard-core predicate for all one-way functions , 1989, STOC '89.

[4]  Gilles Brassard,et al.  Non-transitive transfer of confidence: A perfect zero-knowledge interactive protocol for SAT and beyond , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[5]  Moni Naor,et al.  Adaptively secure multi-party computation , 1996, STOC '96.

[6]  Salil P. Vadhan,et al.  Derandomization in Cryptography , 2007, SIAM J. Comput..

[7]  Joe Kilian,et al.  An Efficient Noninteractive Zero-Knowledge Proof System for NP with General Assumptions , 1998, Journal of Cryptology.

[8]  Rafail Ostrovsky,et al.  Non-interactive Zaps and New Techniques for NIZK , 2006, CRYPTO.

[9]  Lance Fortnow,et al.  The Complexity of Perfect Zero-Knowledge , 1987, Proceeding Structure in Complexity Theory.

[10]  Juan A. Garay,et al.  Strengthening Zero-Knowledge Protocols Using Signatures , 2003, EUROCRYPT.

[11]  Abhi Shelat,et al.  Unconditional Characterizations of Non-interactive Zero-Knowledge , 2005, CRYPTO.

[12]  Johan Håstad,et al.  Statistical Zero-Knowledge Languages can be Recognized in Two Rounds , 1991, J. Comput. Syst. Sci..

[13]  Moni Naor,et al.  Cryptography and Game Theory: Designing Protocols for Exchanging Information , 2008, TCC.

[14]  Giovanni Di Crescenzo,et al.  Image Density is Complete for Non-Interactive-SZK (Extended Abstract) , 1998, ICALP.

[15]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[16]  Manuel Blum,et al.  Noninteractive Zero-Knowledge , 1991, SIAM J. Comput..

[17]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[18]  Rafael Pass,et al.  On Deniability in the Common Reference String and Random Oracle Model , 2003, CRYPTO.

[19]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[20]  SahaiAmit,et al.  A complete problem for statistical zero knowledge , 2003 .

[21]  Yehuda Lindell,et al.  Universally composable two-party and multi-party secure computation , 2002, STOC '02.

[22]  Brent Waters,et al.  Compact Group Signatures Without Random Oracles , 2006, EUROCRYPT.

[23]  Ke Yang,et al.  On Simulation-Sound Trapdoor Commitments , 2004, EUROCRYPT.

[24]  Dan Boneh,et al.  Evaluating 2-DNF Formulas on Ciphertexts , 2005, TCC.

[25]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[26]  Rafail Ostrovsky,et al.  Computational Complexity and Knowledge Complexity , 1994, Electron. Colloquium Comput. Complex..

[27]  Moni Naor,et al.  On Cryptographic Assumptions and Challenges , 2003, CRYPTO.

[28]  Ivan Damgård,et al.  Perfect Hiding and Perfect Binding Universally Composable Commitment Schemes with Constant Expansion Factor , 2001, CRYPTO.

[29]  Brent Waters,et al.  A Framework for Efficient and Composable Oblivious Transfer , 2008, CRYPTO.

[30]  Giovanni Di Crescenzo,et al.  Randomness-Optimal Characterization of Two NP Proof Systems , 2002, RANDOM.

[31]  Brent Waters,et al.  Full-Domain Subgroup Hiding and Constant-Size Group Signatures , 2007, Public Key Cryptography.

[32]  Jens Groth,et al.  Simulation-Sound NIZK Proofs for a Practical Language and Constant Size Group Signatures , 2006, ASIACRYPT.

[33]  Rafail Ostrovsky,et al.  Robust Non-interactive Zero Knowledge , 2001, CRYPTO.

[34]  Giovanni Di Crescenzo,et al.  Non-Interactive Zero-Knowledge: A Low-Randomness Characterization of NP , 1999, ICALP.

[35]  Adi Shamir,et al.  Multiple NonInteractive Zero Knowledge Proofs Under General Assumptions , 1999, SIAM J. Comput..

[36]  Moni Naor,et al.  Zaps and their applications , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[37]  Manuel Blum,et al.  Non-interactive zero-knowledge and its applications , 1988, STOC '88.

[38]  Amit Sahai,et al.  Can Statistical Zero Knowledge Be Made Non-interactive? or On the Relationship of SZK and NISZK , 1998, CRYPTO.

[39]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[40]  Serge Fehr,et al.  Perfect NIZK with Adaptive Soundness , 2007, TCC.

[41]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[42]  M. Rabin DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION , 1979 .

[43]  Rafail Ostrovsky,et al.  One-way functions, hard on average problems, and statistical zero-knowledge proofs , 1991, [1991] Proceedings of the Sixth Annual Structure in Complexity Theory Conference.

[44]  Ivan Damgård,et al.  Non-Interactive Circuit Based Proofs and Non-Interactive Perfect Zero-knowledge with Proprocessing , 1992, EUROCRYPT.

[45]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.