Non-Interactive Zero Knowledge from Sub-exponential DDH

We provide the rst constructions of non-interactive zero-knowledge and Zap arguments for NP based on the sub-exponential hardness of Decisional Di e-Hellman against polynomial time adversaries (without use of groups with pairings). Central to our results, and of independent interest, is a new notion of interactive trapdoor hashing protocols.

[1]  Moni Naor,et al.  On Cryptographic Assumptions and Challenges , 2003, CRYPTO.

[2]  Moti Yung,et al.  Certifying Cryptographic Tools: The Case of Trapdoor Permutations , 1992, CRYPTO.

[3]  Shuichi Katsumata,et al.  Non-interactive Zero-Knowledge in Pairing-Free Groups from Weaker Assumptions , 2020, EUROCRYPT.

[4]  Zhengzhong Jin,et al.  Statistical Zaps and New Oblivious Transfer Protocols , 2020, IACR Cryptol. ePrint Arch..

[5]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[6]  Igor Carboni Oliveira,et al.  Parity helps to compute majority , 2019, Electron. Colloquium Comput. Complex..

[7]  Rafail Ostrovsky,et al.  Perfect Non-Interactive Zero Knowledge for NP , 2006, IACR Cryptol. ePrint Arch..

[8]  Rafael Pass,et al.  Unprovable Security of Perfect NIZK and Non-interactive Non-malleable Commitments , 2013, computational complexity.

[9]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[10]  Jonathan Katz,et al.  A Forward-Secure Public-Key Encryption Scheme , 2003, Journal of Cryptology.

[11]  Roman Smolensky,et al.  Algebraic methods in the theory of lower bounds for Boolean circuit complexity , 1987, STOC.

[12]  J. Reif,et al.  On Threshold Circuits and Polynomial Computation , 1992, SIAM J. Comput..

[13]  Nir Bitansky,et al.  ZAPs and Non-Interactive Witness Indistinguishability from Indistinguishability Obfuscation , 2015, TCC.

[14]  Ron Rothblum,et al.  Enhancements of Trapdoor Permutations , 2012, Journal of Cryptology.

[15]  Yuval Ishai,et al.  Breaking the Circuit Size Barrier for Secure Computation Under DDH , 2016, CRYPTO.

[16]  Manuel Blum,et al.  Non-Interactive Zero-Knowledge and Its Applications (Extended Abstract) , 1988, STOC 1988.

[17]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[18]  Don Coppersmith,et al.  Discrete logarithms inGF(p) , 2005, Algorithmica.

[19]  Moni Naor,et al.  Cryptography and Game Theory: Designing Protocols for Exchanging Information , 2008, TCC.

[20]  Brent Waters,et al.  Functional Encryption: Definitions and Challenges , 2011, TCC.

[21]  Ran Canetti,et al.  A Forward-Secure Public-Key Encryption Scheme , 2003, Journal of Cryptology.

[22]  Vinod Vaikuntanathan,et al.  Statistical ZAPR Arguments from Bilinear Maps , 2020, IACR Cryptol. ePrint Arch..

[23]  Joe Kilian,et al.  A note on efficient zero-knowledge proofs and arguments (extended abstract) , 1992, STOC '92.

[24]  Yael Tauman Kalai,et al.  From Obfuscation to the Security of Fiat-Shamir for Proofs , 2017, CRYPTO.

[25]  Silvio Micali,et al.  A Completeness Theorem for Protocols with Honest Majority , 1987, STOC 1987.

[26]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[27]  Ran Canetti,et al.  Certifying Trapdoor Permutations, Revisited , 2018, IACR Cryptol. ePrint Arch..

[28]  Mihir Bellare,et al.  Possibility and Impossibility Results for Encryption and Commitment Secure under Selective Opening , 2009, EUROCRYPT.

[29]  Leonard M. Adleman,et al.  A subexponential algorithm for the discrete logarithm problem with applications to cryptography , 1979, 20th Annual Symposium on Foundations of Computer Science (sfcs 1979).

[30]  Manuel Blum,et al.  How to Prove a Theorem So No One Else Can Claim It , 2010 .

[31]  Brent Waters,et al.  A Framework for Efficient and Composable Oblivious Transfer , 2008, CRYPTO.

[32]  Ron Rothblum,et al.  Fiat-Shamir: from practice to theory , 2019, STOC.

[33]  Silvio Micali,et al.  CS Proofs (Extended Abstracts) , 1994, FOCS 1994.

[34]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[35]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[36]  Adi Shamir,et al.  Multiple non-interactive zero knowledge proofs based on a single random string , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[37]  Rafail Ostrovsky,et al.  Trapdoor Hash Functions and Their Applications , 2019, IACR Cryptol. ePrint Arch..

[38]  Rafail Ostrovsky,et al.  Non-interactive Zaps and New Techniques for NIZK , 2006, CRYPTO.

[39]  Mihir Bellare,et al.  Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions , 2003, EUROCRYPT.

[40]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[41]  Guy N. Rothblum,et al.  Finding a Nash equilibrium is no easier than breaking Fiat-Shamir , 2019, IACR Cryptol. ePrint Arch..

[42]  Amit Sahai,et al.  How to Achieve Non-Malleability in One or Two Rounds , 2017, 2017 IEEE 58th Annual Symposium on Foundations of Computer Science (FOCS).

[43]  Alex Lombardi,et al.  Cryptographic Hashing from Strong One-Way Functions (Or: One-Way Product Functions and Their Applications) , 2018, 2018 IEEE 59th Annual Symposium on Foundations of Computer Science (FOCS).

[44]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[45]  Adam O'Neill,et al.  Definitional Issues in Functional Encryption , 2010, IACR Cryptol. ePrint Arch..

[46]  Eli Ben-Sasson,et al.  Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[47]  Rafael Pass Unprovable Security of Perfect NIZK and Non-interactive Non-malleable Commitments , 2013, TCC.

[48]  Yael Tauman Kalai,et al.  Statistical Witness Indistinguishability (and more) in Two Messages , 2018, IACR Cryptol. ePrint Arch..

[49]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[50]  Vinod Vaikuntanathan,et al.  2-Message Publicly Verifiable WI from (Subexponential) LWE , 2019, IACR Cryptol. ePrint Arch..

[51]  Marc Joye,et al.  Weierstraß Elliptic Curves and Side-Channel Attacks , 2002, Public Key Cryptography.

[52]  Chris Peikert,et al.  Noninteractive Zero Knowledge for NP from (Plain) Learning With Errors , 2019, IACR Cryptol. ePrint Arch..

[53]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[54]  Moni Naor,et al.  Efficient oblivious transfer protocols , 2001, SODA '01.

[55]  Zvika Brakerski,et al.  NIZK from LPN and Trapdoor Hash via Correlation Intractability for Approximable Relations , 2020, IACR Cryptol. ePrint Arch..

[56]  Silvio Micali,et al.  Non-Interactive Zero-Knowledge Proof Systems , 1987, CRYPTO.

[57]  Moni Naor,et al.  Zaps and their applications , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[58]  Nico Döttling,et al.  Identity-Based Encryption from the Diffie-Hellman Assumption , 2017, CRYPTO.

[59]  Ran Canetti,et al.  On the Correlation Intractability of Obfuscated Pseudorandom Functions , 2016, TCC.

[60]  Moni Naor,et al.  Non-Malleable Cryptography (Extended Abstract) , 1991, STOC 1991.

[61]  Brent Waters,et al.  How to use indistinguishability obfuscation: deniable encryption, and more , 2014, IACR Cryptol. ePrint Arch..

[62]  Vinod Vaikuntanathan,et al.  Fiat-Shamir for Repeated Squaring with Applications to PPAD-Hardness and VDFs , 2020, IACR Cryptol. ePrint Arch..

[63]  Jonathan Katz,et al.  Ring Signatures: Stronger Definitions, and Constructions without Random Oracles , 2005, IACR Cryptol. ePrint Arch..

[64]  R. Smolensky On representations by low-degree polynomials , 1993, Proceedings of 1993 IEEE 34th Annual Foundations of Computer Science.

[65]  Rex Fernando,et al.  Statistical ZAP Arguments , 2019, IACR Cryptol. ePrint Arch..

[66]  Ron Rothblum,et al.  Fiat-Shamir and Correlation Intractability from Strong KDM-Secure Encryption , 2018, IACR Cryptol. ePrint Arch..