Perfect nizk with adaptive soundness (2007)
Cached
Download Links
- [homepages.cwi.nl]
- [eprint.iacr.org]
- [eprint.iacr.org]
- DBLP
Other Repositories/Bibliography
| Venue: | In proceedings of TCC ’07, LNCS series |
| Citations: | 15 - 0 self |
BibTeX
@INPROCEEDINGS{Abe07perfectnizk,
author = {Masayuki Abe and Serge Fehr},
title = {Perfect nizk with adaptive soundness},
booktitle = {In proceedings of TCC ’07, LNCS series},
year = {2007},
pages = {118--136},
publisher = {Springer-Verlag}
}
Bookmark
 |
 |
 |
 |
 |
 |
OpenURL
Abstract
Abstract. The notion of non-interactive zero-knowledge (NIZK) is of fundamental importance in cryptography. Despite the vast attention the concept of NIZK has attracted since its introduction, one question has remained very resistant: Is it possible to construct NIZK schemes for any NPlanguage with statistical or even perfect ZK? Groth, Ostrovsky and Sahai recently answered this question in the affirmative. However, in order to achieve adaptive soundness, i.e., soundness against dishonest provers who may choose the target statement depending on the common reference string (CRS), their schemes require some restriction to be put upon the statements to be proven, e.g. an a-priori bound on its size. In this work, we first present a very simple and efficient adaptively-sound perfect NIZK argument system for any NP-language. Besides being the first adaptively-sound statistical NIZK argument for all NP that does not pose any restriction on the statements to be proven, it enjoys a number of additional desirable properties: it allows to re-use the CRS, it can handle arithmetic circuits, and the CRS can be set-up very efficiently without the need for an honest party. We then show an application of our techniques in constructing efficient NIZK schemes for proving arithmetic relations among committed secrets, whereas previous methods required expensive generic NP-reductions. The security of the proposed schemes is based on a strong non-standard assumption, an extended version of the so-called Knowledge-of-Exponent Assumption (KEA) over bilinear groups. We give some justification for using such an assumption by showing that the commonly-used approach for proving NIZK arguments sound does not allow for adaptively-sound statistical NIZK arguments (unless NP ⊂ P/poly). Furthermore, we show that the assumption used in our construction holds with respect to generic adversaries that do not exploit the specific representation of the group elements. We also discuss how to avoid the non-standard assumption in a pre-processing model.
