Skip to main content
SpringerLink
Log in

A Note on Non-interactive Zero-Knowledge from CDH

  • Conference paper
  • First Online:
Advances in Cryptology – CRYPTO 2023 (CRYPTO 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14084))

Included in the following conference series:

  • 947 Accesses

Abstract

We build non-interactive zero-knowledge (NIZK) and ZAP arguments for all \(\textsf{NP} \) where soundness holds for infinitely-many security parameters, and against uniform adversaries, assuming the subexponential hardness of the Computational Diffie-Hellman (CDH) assumption. We additionally prove the existence of NIZK arguments with these same properties assuming the polynomial hardness of both CDH and the Learning Parity with Noise (LPN) assumption. In both cases, the CDH assumption does not require a group equipped with a pairing.

Infinitely-often uniform security is a standard byproduct of commonly used non-black-box techniques that build on disjunction arguments on the (in)security of some primitive. In the course of proving our results, we develop a new variant of this non-black-box technique that yields improved guarantees: we obtain explicit constructions (previous works generally only obtained existential results) where security holds for a relatively dense set of security parameters (as opposed to an arbitrary infinite set of security parameters). We demonstrate that our technique can have applications beyond our main results.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Throughout this work, we focus on NIZKs in the common reference string (CRS) model. In the Random Oracle model, NIZKs are known to be in Minicrypt.

  2. 2.

    In a designated-verifier NIZK, the verifier receives a private verification key that is sampled together with the CRS, which can be used to verify many proofs.

  3. 3.

    [35] actually provides two NIZKs. The first one provides statistical zero-knowledge, but only non-adaptive soundness. The second is adaptively-sound and computationally zero-knowledge. Because our approach can only yield computational zero-knowledge, we will use the second version.

  4. 4.

    Technically, [35] imposes mild restrictions on the supported cryptographic groups, that we also inherit. We will ignore this for the sake of this overview, and refer to Sect. 3.1 for more details.

  5. 5.

    Assuming the (family of) group is of prime order.

  6. 6.

    Formalizing such a statement turns out to require quite a bit of care, because of subtleties specific to the precise soundness statement of [35]. We will not develop these difficulties further here, as we will directly prove a stronger statement below.

  7. 7.

    The actual statement we prove is slightly more technical, due to subtleties in the proof of soundness of [35]. We refer to Theorem 20 for more details.

  8. 8.

    We only know how to instantiate our universal breaker using a superpolynomial (resp. inverse superpolynomial) function t (resp. \(\varepsilon \)) so that \(\lambda \in \textsf{SECURE}\) implies that DDH is polynomially hard on \(\lambda \) against uniform adversaries. We therefore still need to rely on complexity leveraging, resulting in a superpolynomial gap.

  9. 9.

    This is because the ZAP argument of [35] is only non-adaptively sound.

  10. 10.

    Intuitively, multi-theorem zero-knowledge ensures that a simulator can provide many simulated proofs under a common simulated CRS.

  11. 11.

    See the paragraph on infinitely-often security in Sect. 3.2 for a definition of soundness w.r.t. an infinite set E.

  12. 12.

    Taking any other subexponential upper-bound for t would suffice for us, but would result in additional unnecessary notation.

  13. 13.

    The universal breaker from Lemma 25 is already a strong breaker, so the proof of Lemma 15 can directly argued combining Lemma 18 with Theorem 12, without explicitly using Lemma 17. This is because we internally amplified the success probability of \(\textsf{UnivBreak}\) in Lemma 25 (using Lemma 17).

  14. 14.

    We use the \(\textsf{VPRG} \)-based NIZK to prove statements of size \(|x| = \textsf{poly} (\lambda )\) which are subexponential in its internal security parameter \(\lambda '\). The \(\textsf{VPRG} \)-based NIZK of Lemma 15 remains subexponentially secure in that setting; see Remarks 13 and 16.

  15. 15.

    See the paragraph on infinitely-often security in Sect. 3.2 for a definition of soudness w.r.t. an infinite set E.

References

  1. Badrinarayanan, S., Fernando, R., Jain, A., Khurana, D., Sahai, A.: Statistical ZAP arguments. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12107, pp. 642–667. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45727-3_22

    Chapter  Google Scholar 

  2. Bellare, M., Micciancio, D., Warinschi, B.: Foundations of group signatures: formal definitions, simplified requirements, and a construction based on general assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 614–629. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_38

    Chapter  Google Scholar 

  3. Bellare, M., Yung, M.: Certifying cryptographic tools: the case of trapdoor permutations. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 442–460. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-48071-4_31

    Chapter  Google Scholar 

  4. Ben-Sasson, E., et al.: Zerocash: decentralized anonymous payments from bitcoin. In: 2014 IEEE Symposium on Security and Privacy, SP 2014, Berkeley, CA, USA, May 18–21, 2014, pp. 459–474. IEEE Computer Society (2014)

    Google Scholar 

  5. Bender, A., Katz, J., Morselli, R.: Ring signatures: stronger definitions, and constructions without random Oracles. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 60–79. Springer, Heidelberg (2006). https://doi.org/10.1007/11681878_4

    Chapter  Google Scholar 

  6. Blum, M., Feldman, P., Micali, S.: Non-interactive zero-knowledge and its applications (extended abstract). In: 20th ACM STOC, pp. 103–112. ACM Press, May 1988

    Google Scholar 

  7. Boneh, D., Lipton, R.J.: Algorithms for black-box fields and their application to cryptography. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 283–297. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68697-5_22

    Chapter  Google Scholar 

  8. Boyle, E., Couteau, G., Meyer, P.: Sublinear secure computation from new assumptions. In: TCC 2022, Part II, pp. 121–150. LNCS, Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-22365-5_5

  9. Brakerski, Z., Koppula, V., Mour, T.: NIZK from LPN and trapdoor hash via correlation intractability for approximable relations. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12172, pp. 738–767. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56877-1_26

    Chapter  Google Scholar 

  10. Canetti, R., Chen, Y., Holmgren, J., Lombardi, A., Rothblum, G.N., Rothblum, R.D., Wichs, D.: Fiat-Shamir: from practice to theory. In: Charikar, M., Cohen, E. (eds.) 51st ACM STOC, pp. 1082–1090. ACM Press (June 2019)

    Google Scholar 

  11. Canetti, R., Chen, Y., Reyzin, L., Rothblum, R.D.: Fiat-Shamir and correlation intractability from strong KDM-secure encryption. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10820, pp. 91–122. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78381-9_4

    Chapter  Google Scholar 

  12. Canetti, R., Halevi, S., Katz, J.: A forward-secure public-key encryption scheme. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 255–271. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_16

    Chapter  Google Scholar 

  13. Canetti, R., Lichtenberg, A.: Certifying trapdoor permutations, revisited. In: Beimel, A., Dziembowski, S. (eds.) TCC 2018. LNCS, vol. 11239, pp. 476–506. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03807-6_18

    Chapter  Google Scholar 

  14. Cash, D., Kiltz, E., Shoup, V.: The Twin Diffie-Hellman problem and applications. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 127–145. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78967-3_8

    Chapter  Google Scholar 

  15. Couteau, G., Hofheinz, D.: Designated-verifier pseudorandom generators, and their applications. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11477, pp. 562–592. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17656-3_20

    Chapter  Google Scholar 

  16. Couteau, G., Katsumata, S., Sadeghi, E., Ursu, B.: Statistical ZAPs from group-based assumptions. In: Nissim, K., Waters, B. (eds.) TCC 2021. LNCS, vol. 13042, pp. 466–498. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-90459-3_16

    Chapter  Google Scholar 

  17. Couteau, G., Katsumata, S., Ursu, B.: Non-interactive zero-knowledge in pairing-free groups from weaker assumptions. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12107, pp. 442–471. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45727-3_15

    Chapter  MATH  Google Scholar 

  18. Cramer, R., Shoup, V.: Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 45–64. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-46035-7_4

    Chapter  Google Scholar 

  19. De Santis, A., Micali, S., Persiano, G.: Non-interactive zero-knowledge proof systems. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 52–72. Springer, Heidelberg (1988). https://doi.org/10.1007/3-540-48184-2_5

    Chapter  Google Scholar 

  20. Deng, Y.: Magic adversaries versus individual reduction: science wins either way. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10211, pp. 351–377. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56614-6_12

    Chapter  Google Scholar 

  21. Dolev, D., Dwork, C., Naor, M.: Non-malleable cryptography (extended abstract). In: 23rd ACM STOC, pp. 542–552. ACM Press, May 1991

    Google Scholar 

  22. Döttling, N., Garg, S., Hajiabadi, M., Masny, D., Wichs, D.: Two-round oblivious transfer from CDH or LPN. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 768–797. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45724-2_26

    Chapter  Google Scholar 

  23. Döttling, N., Garg, S., Ishai, Y., Malavolta, G., Mour, T., Ostrovsky, R.: Trapdoor hash functions and their applications. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11694, pp. 3–32. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26954-8_1

    Chapter  Google Scholar 

  24. Dwork, C., Naor, M.: Zaps and their applications. In: 41st FOCS, pp. 283–293. IEEE Computer Society Press, November 2000

    Google Scholar 

  25. Feige, U., Lapidot, D., Shamir, A.: Multiple non-interactive zero knowledge proofs based on a single random string (extended abstract). In: 31st FOCS, pp. 308–317. IEEE Computer Society Press, October 1990

    Google Scholar 

  26. Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987). https://doi.org/10.1007/3-540-47721-7_12

    Chapter  Google Scholar 

  27. Garg, S., Hajiabadi, M.: Trapdoor functions from the computational Diffie-Hellman assumption. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 362–391. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96881-0_13

    Chapter  Google Scholar 

  28. Goldreich, O., Levin, L.A.: A hard-core predicate for all one-way functions. In: 21st ACM STOC, pp. 25–32. ACM Press, May 1989

    Google Scholar 

  29. Goldreich, O., Rothblum, R.D.: Enhancements of trapdoor permutations. J. Cryptol. 26(3), 484–512 (2013)

    Article  MathSciNet  MATH  Google Scholar 

  30. Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof-systems (extended abstract). In: 17th ACM STOC, pp. 291–304. ACM Press, May 1985

    Google Scholar 

  31. Goyal, V., Jain, A., Jin, Z., Malavolta, G.: Statistical zaps and new oblivious transfer protocols. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12107, pp. 668–699. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45727-3_23

    Chapter  Google Scholar 

  32. Groth, J., Ostrovsky, R., Sahai, A.: Non-interactive zaps and new techniques for NIZK. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 97–111. Springer, Heidelberg (2006). https://doi.org/10.1007/11818175_6

    Chapter  Google Scholar 

  33. Groth, J., Ostrovsky, R., Sahai, A.: Perfect non-interactive zero knowledge for NP. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 339–358. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679_21

    Chapter  Google Scholar 

  34. Haitner, I., Nissim, K., Omri, E., Shaltiel, R., Silbak, J.: Computational two-party correlation: a dichotomy for key-agreement protocols. In: Thorup, M. (ed.) 59th FOCS, pp. 136–147. IEEE Computer Society Press, October 2018

    Google Scholar 

  35. Jain, A., Jin, Z.: Non-interactive Zero Knowledge from Sub-exponential DDH. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12696, pp. 3–32. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77870-5_1

    Chapter  Google Scholar 

  36. Katsumata, S., Nishimaki, R., Yamada, S., Yamakawa, T.: Designated verifier/prover and preprocessing NIZKs from Diffie-Hellman assumptions. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11477, pp. 622–651. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17656-3_22

    Chapter  Google Scholar 

  37. Komargodski, I., Yogev, E.: On distributional collision resistant hashing. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 303–327. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96881-0_11

    Chapter  Google Scholar 

  38. Lombardi, A., Quach, W., Rothblum, R.D., Wichs, D., Wu, D.J.: New constructions of reusable designated-verifier NIZKs. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11694, pp. 670–700. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26954-8_22

    Chapter  Google Scholar 

  39. Lombardi, A., Vaikuntanathan, V., Wichs, D.: 2-message publicly verifiable WI from (subexponential) LWE. Cryptology ePrint Archive, Report 2019/808 (2019). https://eprint.iacr.org/2019/808

  40. Maji, H.K., Prabhakaran, M., Sahai, A.: On the computational complexity of coin flipping. In: 51st FOCS, pp. 613–622. IEEE Computer Society Press, October 2010

    Google Scholar 

  41. Maurer, U.M.: Towards the equivalence of breaking the Diffie-Hellman protocol and computing discrete logarithms. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 271–281. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48658-5_26

    Chapter  Google Scholar 

  42. Naor, M., Yung, M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: 22nd ACM STOC, pp. 427–437. ACM Press, May 1990

    Google Scholar 

  43. Okamoto, T., Pietrzak, K., Waters, B., Wichs, D.: New realizations of somewhere statistically binding hashing and positional accumulators. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 121–145. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48797-6_6

    Chapter  Google Scholar 

  44. Pass, R., shelat, Vaikuntanathan, V.: Construction of a non-malleable encryption scheme from any semantically secure one. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 271–289. Springer, Heidelberg (2006). https://doi.org/10.1007/11818175_16

  45. Pass, R., Venkitasubramaniam, M.: Is it easier to prove theorems that are guaranteed to be true? In: 61st FOCS, pp. 1255–1267. IEEE Computer Society Press, November 2020

    Google Scholar 

  46. Peikert, C., Shiehian, S.: Noninteractive zero knowledge for np from (plain) learning with errors. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11692, pp. 89–114. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26948-7_4

    Chapter  Google Scholar 

  47. Peikert, C., Waters, B.: Lossy trapdoor functions and their applications. In: Ladner, R.E., Dwork, C. (eds.) 40th ACM STOC, pp. 187–196. ACM Press (May 2008)

    Google Scholar 

  48. Quach, W., Rothblum, R.D., Wichs, D.: Reusable designated-verifier NIZKs for all NP from CDH. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11477, pp. 593–621. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17656-3_21

    Chapter  Google Scholar 

  49. Reingold, O., Trevisan, L., Vadhan, S.: Notions of reducibility between cryptographic primitives. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 1–20. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24638-1_1

    Chapter  MATH  Google Scholar 

  50. Rothblum, R.D., Vasudevan, P.N.: Collision-resistance from multi-collision-resistance. In: CRYPTO 2022, Part III, pp. 503–529. LNCS, Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-15982-4_17

  51. Sahai, A., Waters, B.: How to use indistinguishability obfuscation: deniable encryption, and more. In: Shmoys, D.B. (ed.) 46th ACM STOC, pp. 475–484. ACM Press (May/June 2014)

    Google Scholar 

  52. Zhandry, M.: Quantum lightning never strikes the same state twice. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11478, pp. 408–438. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17659-4_14

    Chapter  Google Scholar 

Download references

Acknowledgements

G. Couteau is supported by the French Agence Nationale de la Recherche (ANR), under grant ANR-20-CE39-0001 (project SCENE), and the France 2030 ANR Project ANR22-PECY-003 SecureCompute. The second author was supported in part by NSF CNS-1814919, NSF CAREER 1942789, Johns Hopkins University Catalyst award, JP Morgan Faculty Award, and research gifts from Ethereum, Stellar and Cisco. Zhengzhong Jin was supported in part by DARPA under Agreement No. HR00112020023 and by an NSF grant CNS-2154149. Willy Quach was supported by NSF grant CNS-1750795, CNS-2055510

Author information

Authors and Affiliations

  1. Université Paris Cité, CNRS, IRIF, Paris, France

    Geoffroy Couteau

  2. Johns Hopkins University, Baltimore, MD, USA

    Abhishek Jain

  3. MIT, Cambridge, MA, USA

    Zhengzhong Jin

  4. Northeastern University, Boston, MA, USA

    Willy Quach

Authors
  1. Geoffroy Couteau
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Abhishek Jain
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zhengzhong Jin
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Willy Quach
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Geoffroy Couteau .

Editor information

Editors and Affiliations

  1. Rambus Inc., San Jose, CA, USA

    Helena Handschuh

  2. Brown University, Providence, RI, USA

    Anna Lysyanskaya

Rights and permissions

Reprints and permissions

Copyright information

© 2023 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Couteau, G., Jain, A., Jin, Z., Quach, W. (2023). A Note on Non-interactive Zero-Knowledge from CDH. In: Handschuh, H., Lysyanskaya, A. (eds) Advances in Cryptology – CRYPTO 2023. CRYPTO 2023. Lecture Notes in Computer Science, vol 14084. Springer, Cham. https://doi.org/10.1007/978-3-031-38551-3_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-38551-3_23

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-38550-6

  • Online ISBN: 978-3-031-38551-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation