Non-Malleable Multi-Prover Interactive Proofs and Witness Signatures

We explore a new man-in-the-middle adversarial model for multi-prover interactive proofs (MIPs), and construct round-optimal, unconditionally secure, non-malleable MIPs. We compile from a large sub-class of Σ-protocols to a non-malleable MIP, avoiding the use of expensive NP-reductions to Graph Hamiltonicity or other NP-complete problems. Our compiler makes novel use of non-malleable codes – in particular, we rely on many-many non-malleable codes constructed recently by Chattopadhyay, Goyal and Li (STOC 2016). We introduce another (seemingly unrelated) primitive – witness signatures – which are motivated by the goal of removing central trust assumptions from cryptography. Witness signatures allow any party with a valid witness to an NP statement to sign a message on behalf of that statement. These signatures must be unforgeable – that is, signing a new message, even given several signatures, should be as hard as computing a witness to the NP statement itself. We first observe that most natural notions of witness signatures are impossible to achieve in the plain model. While still wanting to avoid a central trusted setup, we turn to the tamper proof hardware token model of Katz (Eurocrypt 2007). We show that non-malleable MIPs yield efficient, unconditional witness signatures in the hardware token model. However, our construction of unconditional witness signatures only supports bounded verification. We also obtain unbounded polynomial verification assuming the existence of one-way functions. Finally, we give a matching lower bound – obtaining unconditional unbounded-verifiable witness signatures with black-box extraction, is impossible even with access to an unbounded number of stateful tamper-proof hardware tokens. ∗Microsoft Research, India. Email: vipul@microsoft.com. †UCLA, USA. Email: aayushjainiitd@gmail.com. Work done in part while at Microsoft Research, India. ‡UCLA, USA. Email: dakshita@cs.ucla.edu. Work done in part during an internship at Microsoft Research, India.

[1]  Yevgeniy Dodis,et al.  Non-malleable Reductions and Applications , 2015, Electron. Colloquium Comput. Complex..

[2]  Moni Naor,et al.  Nonmalleable Cryptography , 2000, SIAM Rev..

[3]  Gil Cohen,et al.  Local Correlation Breakers and Applications to Three-Source Extractors and Mergers , 2015, 2015 IEEE 56th Annual Symposium on Foundations of Computer Science.

[4]  Yuval Ishai,et al.  Interactive Locking, Zero-Knowledge PCPs, and Unconditional Cryptography , 2010, Electron. Colloquium Comput. Complex..

[5]  Rafael Pass,et al.  Bounded-concurrent secure multi-party computation with a dishonest majority , 2004, STOC '04.

[6]  Omer Reingold,et al.  Inaccessible entropy , 2009, STOC '09.

[7]  David Zuckerman,et al.  Non-malleable Codes against Constant Split-State Tampering , 2014, 2014 IEEE 55th Annual Symposium on Foundations of Computer Science.

[8]  Amit Sahai,et al.  New Constructions for UC Secure Computation Using Tamper-Proof Hardware , 2008, EUROCRYPT.

[9]  Yehuda Lindell,et al.  An Efficient Transform from Sigma Protocols to NIZK with a CRS and Non-programmable Random Oracle , 2015, TCC.

[10]  Yehuda Lindell,et al.  Universally composable two-party and multi-party secure computation , 2002, STOC '02.

[11]  Gérard D. Cohen,et al.  Secure network coding and non-malleable codes: Protection against linear tampering , 2012, 2012 IEEE International Symposium on Information Theory Proceedings.

[12]  Gil Segev,et al.  David and Goliath Commitments: UC Computation for Asymmetric Parties Using Tamper-Proof Hardware , 2008, EUROCRYPT.

[13]  Amit Sahai,et al.  Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[14]  Brent Waters,et al.  Witness encryption and its applications , 2013, STOC '13.

[15]  Manoj Prabhakaran,et al.  Explicit Non-malleable Codes Against Bit-Wise Tampering and Permutations , 2015, CRYPTO.

[16]  Daniel Wichs,et al.  Efficient Non-Malleable Codes and Key Derivation for Poly-Size Tampering Circuits , 2014, IEEE Transactions on Information Theory.

[17]  Adi Shamir,et al.  A one-round, two-prover, zero-knowledge protocol for NP , 1995, Comb..

[18]  Ran Raz,et al.  A parallel repetition theorem , 1995, STOC '95.

[19]  Michael Mitzenmacher,et al.  Proceedings of the 41st Annual ACM Symposium on Theory of Computing, STOC 2009, Bethesda, MD, USA, May 31 - June 2, 2009 , 2009, STOC.

[20]  Omer Reingold,et al.  Finding Collisions in Interactive Protocols - A Tight Lower Bound on the Round Complexity of Statistically-Hiding Commitments , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[21]  Moni Naor,et al.  Non-Malleable Cryptography (Extended Abstract) , 1991, STOC 1991.

[22]  Rafael Pass,et al.  A unified framework for concurrent security: universal composability from stand-alone non-malleability , 2009, STOC '09.

[23]  Venkatesan Guruswami,et al.  Non-malleable Coding Against Bit-Wise and Split-State Tampering , 2013, Journal of Cryptology.

[24]  Gérard D. Cohen,et al.  Non-malleable codes from the wire-tap channel , 2011, 2011 IEEE Information Theory Workshop.

[25]  Yuval Ishai,et al.  Founding Cryptography on Tamper-Proof Hardware Tokens , 2010, IACR Cryptol. ePrint Arch..

[26]  Yevgeniy Dodis,et al.  Non-malleable extractors and symmetric key cryptography from weak secrets , 2009, STOC '09.

[27]  Pratyay Mukherjee,et al.  Continuous Non-malleable Codes , 2014, IACR Cryptol. ePrint Arch..

[28]  Shachar Lovett,et al.  Non-malleable codes from additive combinatorics , 2014, STOC.

[29]  B. Abdolmaleki Non-Malleable Codes , 2017 .

[30]  Mark Zhandry,et al.  How to Avoid Obfuscation Using Witness PRFs , 2016, TCC.

[31]  Hugo Krawczyk,et al.  On the Composition of Zero-Knowledge Proof Systems , 1990, ICALP.

[32]  Jonathan Katz,et al.  Universally Composable Multi-party Computation Using Tamper-Proof Hardware , 2007, EUROCRYPT.

[33]  Rafail Ostrovsky,et al.  Robust Non-interactive Zero Knowledge , 2001, CRYPTO.

[34]  Vipul Goyal,et al.  Non-malleable extractors and codes, with their many tampered extensions , 2015, IACR Cryptol. ePrint Arch..

[35]  Melissa Chase,et al.  On Signatures of Knowledge , 2006, CRYPTO.

[36]  Yael Tauman Kalai,et al.  One-Time Programs , 2008, CRYPTO.

[37]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[38]  Aggelos Kiayias,et al.  BiTR: Built-in Tamper Resilience , 2011, IACR Cryptol. ePrint Arch..

[39]  Avi Wigderson,et al.  Multi-prover interactive proofs: how to remove intractability assumptions , 2019, STOC '88.

[40]  Adi Shamir,et al.  A One-Round, Two-Prover, Zero-Knowledge Protocol for NP , 1991, CRYPTO.

[41]  Feng-Hao Liu,et al.  Tamper and Leakage Resilience in the Split-State Model , 2012, IACR Cryptol. ePrint Arch..