Toward Non-interactive Zero-Knowledge Proofs for NP from LWE

Springer Science and Business Media LLC - Tập 34 - Trang 1-35 - 2021

Ron D. Rothblum¹, Adam Sealfon², Katerina Sotiraki²

¹Technion, Haifa, Israel

²UC Berkeley, Berkeley, USA

Tóm tắt

Non-interactive zero-knowledge ( $$\mathsf {NIZK}$$ ) is a fundamental primitive that is widely used in the construction of cryptographic schemes and protocols. Our main result is a reduction from constructing $$\mathsf {NIZK}$$ proof systems for all of $$\mathbf {NP}$$ based on $$\mathsf {LWE}$$ , to constructing a $$\mathsf {NIZK}$$ proof system for a particular computational problem on lattices, namely a decisional variant of the bounded distance decoding ( $$\mathsf {BDD}$$ ) problem. That is, we show that assuming $$\mathsf {LWE}$$ , every language $$L \in \mathbf {NP}$$ has a $$\mathsf {NIZK}$$ proof system if (and only if) the decisional $$\mathsf {BDD}$$ problem has a $$\mathsf {NIZK}$$ proof system. This (almost) confirms a conjecture of Peikert and Vaikuntanathan (CRYPTO, 2008). To construct our $$\mathsf {NIZK}$$ proof system, we introduce a new notion that we call prover-assisted oblivious ciphertext sampling ( $$\mathsf {POCS}$$ ), which we believe to be of independent interest. This notion extends the idea of oblivious ciphertext sampling, which allows one to sample ciphertexts without knowing the underlying plaintext. Specifically, we augment the oblivious ciphertext sampler with access to an (untrusted) prover to help it accomplish this task. We show that the existence of encryption schemes with a $$\mathsf {POCS}$$ procedure, as well as some additional natural requirements, suffices for obtaining $$\mathsf {NIZK}$$ proofs for $$\mathbf {NP}$$ . We further show that such encryption schemes can be instantiated based on $$\mathsf {LWE}$$ , assuming the existence of a $$\mathsf {NIZK}$$ proof system for the decisional $$\mathsf {BDD}$$ problem.

Tài liệu tham khảo

B. Applebaum, D. Cash, C. Peikert, and A. Sahai. Fast cryptographic primitives and circular-secure encryption based on hard learning problems. In CRYPTO, 2009.

S. Agrawal, D.M. Freeman, and V. Vaikuntanathan. Functional encryption for inner product predicates from learning with errors. In ASIACRYPT, 2011.

N. Alamati, C. Peikert, and N. Stephens-Davidowitz. New (and old) proof systems for lattice problems. Cryptology ePrint Archive, Report 2017/1226, 2017.

M. Blum, A. De Santis, S. Micali, and G. Persiano. Noninteractive zero-knowledge. SIAM Journal on Computing, 20(6):1084–1118, 1991.

M. Blum, P. Feldman, and S. Micali. Non-interactive zero-knowledge and its applications (extended abstract). In STOC, 1988.

A. Bender, J. Katz, and R. Morselli. Ring signatures: Stronger definitions, and constructions without random oracles. In TCC. Springer, 2006.

M. Bellare, D. Micciancio, and B. Warinschi. Foundations of group signatures: Formal definitions, simplified requirements, and a construction based on general assumptions. In EUROCRYPT, 2003.

N. Bitansky and O. Paneth. Zaps and non-interactive witness indistinguishability from indistinguishability obfuscation. In TCC, 2015.

M. Bellare and P. Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In CCS, 1993.

I. Berman, R.D. Rothblum, and V. Vaikuntanathan. Zero-knowledge proofs of proximity. IACR Cryptology ePrint Archive, 2017:114, 2017.

Z. Brakerski and V. Vaikuntanathan. Efficient fully homomorphic encryption from (standard) LWE. SIAM J. Comput., 43(2):831–871, 2014.

M. Bellare and M. Yung. Certifying permutations: Noninteractive zero-knowledge based on any trapdoor permutation. J. Cryptology, 9(3):149–166, 1996.

R. Canetti, Y. Chen, J. Holmgren, A. Lombardi, G.N. Rothblum, R.D. Rothblum, and D. Wichs. Fiat-Shamir: from practice to theory. In STOC, 2019.

R. Canetti, Y. Chen, L. Reyzin, and R.D. Rothblum. Fiat-Shamir and correlation intractability from strong kdm-secure encryption. Cryptology ePrint Archive, Report 2018/131, 2018.

R. Canetti, O. Goldreich, and S. Halevi. The random oracle methodology, revisited. J. ACM, 51(4):557–594, 2004.

G. Couteau and D. Hofheinz. Designated-verifier pseudorandom generators, and their applications. In EUROCRYPT, 2019.

R. Canetti and A. Lichtenberg. Certifying trapdoor permutations, revisited. IACR Cryptology ePrint Archive, 2017:631, 2017.

D. Dolev, C. Dwork, and M. Naor. Nonmalleable cryptography. SIAM Review, 45(4):727–784, 2003.

C. Dwork and M. Naor. Zaps and their applications. SIAM J. Comput., 36(6):1513–1543, 2007.

R. del Pino and V. Lyubashevsky. Amortization with fewer equations for proving knowledge of small secrets. In CRYPTO, 2017.

U. Feige, D. Lapidot, and A. Shamir. Multiple noninteractive zero knowledge proofs under general assumptions. SIAM J. Comput., 29(1):1–28, 1999.

A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identification and signature problems. In CRYPTO, 1986.

O. Goldreich and S. Goldwasser. On the limits of nonapproximability of lattice problems. J. Comput. Syst. Sci., 60(3):540–563, 2000.

S. Goldwasser and Y.T. Kalai. On the (in)security of the fiat-shamir paradigm. In FOCS, 2003.

S. Goldwasser and D. Kharchenko. Proof of plaintext knowledge for the ajtai-dwork cryptosystem. In TCC, 2005.

Y. Gertner, S. Kannan, T. Malkin, O. Reingold, and M. Viswanathan. The relationship between public key encryption and oblivious transfer. In FOCS, 2000.

S. Goldwasser, Y. Kalai, R.A. Popa, V. Vaikuntanathan, and N. Zeldovich. Reusable garbled circuits and succinct functional encryption. In STOC, 2013.

R. Goyal, V. Koppula, and B. Waters. Lockable obfuscation. IACR Cryptology ePrint Archive, 2017:274, 2017.

S. Goldwasser and S. Micali. Probabilistic encryption. J. Comput. Syst. Sci., 28(2):270–299, 1984.

O. Goldreich. The Foundations of Cryptography - Volume 1, Basic Techniques. Cambridge University Press, 2001.

O. Goldreich. The Foundations of Cryptography - Volume 2, Basic Applications. Cambridge University Press, 2004.

O. Goldreich. Basing non-interactive zero-knowledge on (enhanced) trapdoor permutations: The state of the art. In Studies in Complexity and Cryptography. Springer Berlin Heidelberg, 2011.

J. Groth, R. Ostrovsky, and A. Sahai. New techniques for noninteractive zero-knowledge. J. ACM, 59(3):11:1–11:35, 2012.

O. Goldreich and R.D. Rothblum. Enhancements of trapdoor permutations. J. Cryptology, 26(3):484–512, 2013.

J. Groth. Short pairing-based non-interactive zero-knowledge arguments. In ASIACRYPT, 2010.

J. Groth and A. Sahai. Efficient non-interactive proof systems for bilinear groups. In EUROCRYPT, 2008.

S. Gorbunov, V. Vaikuntanathan, and H. Wee. Predicate encryption for circuits from lwe. In CRYPTO. Springer, 2015.

S. Katsumata, R. Nishimaki, S. Yamada, and T. Yamakawa. Designated verifier/prover and preprocessing nizks from diffie-hellman assumptions. In EUROCRYPT, 2019.

Y.T. Kalai, G.N. Rothblum, and R.D. Rothblum. From obfuscation to the security of fiat-shamir for proofs. In CRYPTO, 2017.

A. Kawachi, K. Tanaka, and K. Xagawa. Concurrently secure identification schemes based on the worst-case hardness of lattice problems. In ASIACRYPT, 2008.

S. Kim and D.J. Wu. Multi-theorem preprocessing nizks from lattices. In CRYPTO, 2018.

B. Libert, S. Ling, F. Mouhartem, K. Nguyen, and H. Wang. Signature schemes with efficient protocols and dynamic group signatures from lattice assumptions. In ASIACRYPT, 2016.

V. Lyubashevsky and D. Micciancio. On bounded distance decoding, unique shortest vectors, and the minimum distance problem. In CRYPTO, 2009.

S. Ling, K. Nguyen, D. Stehlé, and H. Wang. Improved zero-knowledge proofs of knowledge for the ISIS problem, and applications. In PKC, 2013.

A. Lombardi, W. Quach, R.D. Rothblum, D. Wichs, and D.J. Wu. New constructions of reusable designated-verifier nizks. IACR Cryptology ePrint Archive, 2019:242, 2019.

V. Lyubashevsky. Lattice-based identification schemes secure under active attacks. In PKC, 2008.

D. Micciancio and S. Vadhan. Statistical zero-knowledge proofs with efficient provers: Lattice problems and more. CRYPTO, 2003.

P. Mukherjee and D. Wichs. Two round multiparty computation via multi-key FHE. In EUROCRYPT, 2016.

M. Naor. On cryptographic assumptions and challenges. In CRYPTO, 2003.

M. Naor and M. Yung. Public-key cryptosystems provably secure against chosen ciphertext attacks. In STOC, 1990.

C. Peikert. Public-key cryptosystems from the worst-case shortest vector problem: extended abstract. In STOC, 2009.

C. Peikert and S. Shiehian. Noninteractive zero knowledge for NP from (plain) learning with errors. IACR Cryptology ePrint Archive, 2019:158, 2019.

C. Peikert and V. Vaikuntanathan. Noninteractive statistical zero-knowledge proofs for lattice problems. In CRYPTO, 2008.

C. Peikert, V. Vaikuntanathan, and B. Waters. A framework for efficient and composable oblivious transfer. In CRYPTO, 2008.

C. Peikert and B. Waters. Lossy trapdoor functions and their applications. In STOC, 2008.

W. Quach, R.D. Rothblum, and D. Wichs. Reusable designated-verifier nizks for all NP from CDH. In EUROCRYPT, 2019.

M.O. Rabin. Digitalized Signatures and Public-key Functions as Intractable as Factorization. Laboratory for Computer Science. Massachusetts Institute of Technology, Laboratory for Computer Science, 1979.

O. Regev. On lattices, learning with errors, random linear codes, and cryptography. J. ACM, 56(6):34:1–34:40, 2009.

R.D. Rothblum, A. Sealfon, and K. Sotiraki. Towards non-interactive zero-knowledge for np from lwe. In D. Lin and K. Sako, editors, Public-Key Cryptography – PKC 2019, pages 472–503, Cham, 2019. Springer International Publishing.

A. Sahai. Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security. In FOCS, 1999.

P.W. Shor. Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM Review, 41(2):303–332, 1999.

J. Stern. A new paradigm for public key identification. IEEE Trans. Information Theory, 42(6):1757–1768, 1996.

A. Sahai and B. Waters. How to use indistinguishability obfuscation: deniable encryption, and more. In STOC, 2014.

S.P. Vadhan. A Study of Statistical Zero-Knowledge Proofs. PhD thesis, Massachusetts Institute of Technology, Cambridge, MA, USA, 1999.

J. Von Neumann. Various techniques used in connection with random digits, paper no. 13 in “Monte Carlo method”. NBS Applied Mathematics Series, 1961.

D. Wichs and G. Zirdelis. Obfuscating compute-and-compare programs under LWE. IACR Cryptology ePrint Archive, 2017:276, 2017.

Scholar Hub - Công cụ hỗ trợ trích dẫn và phân tích khoa học Việt Nam

Về chúng tôi

Scholar Hub là công cụ hỗ trợ trích dẫn và phân tích các bài báo, công bố khoa học Việt Nam. Công cụ trợ giúp người nghiên cứu, tạp chí, đơn vị nghiên cứu tra cứu, phân tích và thống kê dữ liệu nghiên cứu khoa học tại Việt Nam và quốc tế.
ScholarHub KHÔNG đăng thông tin tổng hợp, KHÔNG đăng lại nội dung từ các trang báo chí Việt Nam hoặc trang thông tin điện tử khác tại Việt Nam.

Thông tin, cập nhật

Đăng ký Tạp chí tham gia vào Scholar Hub

Phản hồi ý kiến về Scholar Hub

Bài viết, nội dung cập nhật

Chủ đề khoa học

Website liên kết

Phần mềm kiểm tra trùng lặp Kiểm Tra Tài Liệu

Phần mềm xuất bản tạp chí điện tử VOJS

Công cụ kiểm tra chính tả và thể thức Viver

Nền tảng trắc nghiệm và đề thi đa lĩnh vực LetQA