Skip to main content
Springer Nature Link
Log in

Subversion-Resistant Simulation (Knowledge) Sound NIZKs

  • Conference paper
  • First Online:
Cryptography and Coding (IMACC 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11929))

Included in the following conference series:

  • 523 Accesses

Abstract

In ASIACRYPT 2016, Bellare, Fuchsbauer and Scafuro studied security of non-interactive zero-knowledge (NIZK) arguments in the face of parameter subversion. They showed that achieving subversion soundness (soundness without trusting to the third party) and standard zero-knowledge is impossible at the same time. On the positive side, in the best case, they showed that one can achieve subversion zero-knowledge (zero-knowledge without trusting to the third party) and soundness at the same time. In this paper, we show that one can amplify their best positive result and construct NIZK arguments that can achieve subversion zero-knowledge and simulation (knowledge) soundness at the same time. Simulation (knowledge) soundness is a stronger notion in comparison with (knowledge) soundness, as it also guarantees non-malleability of proofs. Such stronger security guarantee is a must in practical systems. To prove the result, we show that given a NIZK argument that achieves Sub-ZK and (knowledge) soundness, one can use an OR-based construction to define a new language and build a NIZK argument that will guarantee Sub-ZK and simulation (knowledge) soundness at the same time. We instantiate the construction with the state-of-the-art zk-SNARK proposed by Groth [Eurocrypt 2016] and obtain an efficient SNARK that guarantees Sub-ZK and simulation knowledge soundness.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    A framework with practically optimized primitives which given a sound NIZK lifts it to a universally composable or more precisely a black-box simulation extractable NIZK argument [KZM+15].

  2. 2.

    It states that in an asymetric bilinear group, given \(\left[ 1\right] _{1}\) and \(\left[ 1\right] _{1}\), if an adversary manages to come out with \(\left[ a\right] _{1}\) and \(\left[ a\right] _{2}\), he must know a. Knowing a is formalized by showing that there exists an efficient non-black-box extractor that given access to source code and random coins of the adversary, it can extract a [Dam92].

  3. 3.

    It states that in a symmetric bilinear group, given \(\left[ 1\right] _{1}\), if an adversary manages to come out with \(\left[ a\right] _{1}\) and \(\left[ a^2\right] _{1}\), he must know a.

References

  1. Atapoor, S., Baghery, K.: Simulation extractability in groth’s zk-SNARK. In: Pérez-Solá, C., Navarro-Arribas, G., Biryukov, A., Garcia-Alfaro, J. (eds.) DPM/CBT-2019. LNCS, vol. 11737, pp. 336–354. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-31500-9_22

    Chapter  Google Scholar 

  2. Auerbach, B., Bellare, M., Kiltz, E.: Public-key encryption resistant to parameter subversion and its realization from efficiently-embeddable groups. In: Abdalla, M., Dahab, R. (eds.) PKC 2018, Part I. LNCS, vol. 10769, pp. 348–377. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-76578-5_12

    Chapter  MATH  Google Scholar 

  3. Abdolmaleki, B., Baghery, K., Lipmaa, H., Siim, J., Zając, M.: UC-secure CRS generation for SNARKs. In: Buchmann, J., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2019. LNCS, vol. 11627, pp. 99–117. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-23696-0_6

    Chapter  Google Scholar 

  4. Abdolmaleki, B., Baghery, K., Lipmaa, H., Zając, M.: A subversion-resistant SNARK. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017, Part III. LNCS, vol. 10626, pp. 3–33. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70700-6_1

    Chapter  Google Scholar 

  5. Abdolmaleki, B., Lipmaa, H., Siim, J. and Zajac, M.: On QA-NIZK in the BPK model. IACR Cryptology ePrint Archive, 2018:877 (2018). http://eprint.iacr.org/2018/877

  6. Ateniese, G., Magri, B., Venturi, D.: Subversion-resilient signatures: definitions, constructions and applications. Cryptology ePrint Archive, Report 2015/517 (2015). http://eprint.iacr.org/2015/517

  7. Baghery, K.: On the efficiency of privacy-preserving smart contract systems. In: Buchmann, J., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2019. LNCS, vol. 11627, pp. 118–136. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-23696-0_7

    Chapter  Google Scholar 

  8. Baghery, K.: Subversion-resistant commitment schemes: definitions and constructions. Cryptology ePrint Archive, Report 2019/1065 (2019). http://eprint.iacr.org/2019/1065

  9. Boneh, D., Boyen, X.: Short signatures without random oracles and the SDH assumption in bilinear groups. J. Cryptol. 21(2), 149–177 (2008)

    Article  MathSciNet  Google Scholar 

  10. Ball, J., Borger, J., Greenwald, G., et al.: Revealed: how us and uk spy agencies defeat internet privacy and security. The Guardian 6, 2–8 (2013)

    Google Scholar 

  11. Ben-Sasson, E., Chiesa, A., Green, M., Tromer, E., Virza, M.: Secure sampling of public parameters for succinct zero knowledge proofs. In: 2015 IEEE Symposium on Security and Privacy, pp. 287–304. IEEE Computer Society Press (2015)

    Google Scholar 

  12. Bitansky, N., Canetti, R., Paneth, O., Rosen, A.: On the existence of extractable one-way functions. In: Shmoys, D.B. (ed.) 46th ACM STOC, pp. 505–514. ACM Press, May/June 2014

    Google Scholar 

  13. Ben-Sasson, E., Chiesa, A., Tromer, E., Virza, M.: Succinct non-interactive arguments for a von neumann architecture. Cryptology ePrint Archive, Report 2013/879 (2013). http://eprint.iacr.org/2013/879

  14. Blum, M., Feldman, P., Micali, S.: Non-interactive zero-knowledge and its applications (extended abstract). In: 20th ACM STOC, pp. 103–112. ACM Press, May 1988

    Google Scholar 

  15. Bellare, M., Fuchsbauer, G., Scafuro, A.: NIZKs with an untrusted CRS: security in the face of parameter subversion. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016, Part II. LNCS, vol. 10032, pp. 777–804. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53890-6_26

    Chapter  MATH  Google Scholar 

  16. Bellare, M., Goldwasser, S.: New paradigms for digital signatures and message authentication based on non-interactive zero knowledge proofs. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 194–211. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_19

    Chapter  Google Scholar 

  17. Bellare, M., Paterson, K.G., Rogaway, P.: Security of symmetric encryption against mass surveillance. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part I. LNCS, vol. 8616, pp. 1–19. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44371-2_1

    Chapter  Google Scholar 

  18. Damgård, I.: Towards practical public key systems secure against chosen ciphertext attacks. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 445–456. Springer, Heidelberg (1992). https://doi.org/10.1007/3-540-46766-1_36

    Chapter  Google Scholar 

  19. De Santis, A., Di Crescenzo, G., Ostrovsky, R., Persiano, G., Sahai, A.: Robust non-interactive zero knowledge. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 566–598. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_33

    Chapter  Google Scholar 

  20. Fuchsbauer, G., Orrù, M.: Non-interactive zaps of knowledge. In: Preneel, B., Vercauteren, F. (eds.) ACNS 2018. LNCS, vol. 10892, pp. 44–62. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93387-0_3

    Chapter  Google Scholar 

  21. Fuchsbauer, G.: Subversion-zero-knowledge SNARKs. In: Abdalla, M., Dahab, R. (eds.) PKC 2018, Part I. LNCS, vol. 10769, pp. 315–347. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-76578-5_11

    Chapter  Google Scholar 

  22. Gabizon, A.: On the security of the BCTV pinocchio zk-SNARK variant. IACR Cryptology ePrint Archive, 2019:119 (2019)

    Google Scholar 

  23. Gennaro, R., Gentry, C., Parno, B., Raykova, M.: Quadratic span programs and succinct NIZKs without PCPs. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 626–645. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_37

    Chapter  Google Scholar 

  24. Groth, J., Maller, M.: Snarky Signatures: minimal signatures of knowledge from simulation-extractable SNARKs. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017, Part II. LNCS, vol. 10402, pp. 581–612. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63715-0_20

    Chapter  Google Scholar 

  25. Groth, J., Ostrovsky, R., Sahai, A.: Non-interactive zaps and new techniques for NIZK. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 97–111. Springer, Heidelberg (2006). https://doi.org/10.1007/11818175_6

    Chapter  Google Scholar 

  26. Greenwald, G.: No Place to Hide: Edward Snowden, the NSA, and the US Surveillance State. Macmillan, London (2014)

    Google Scholar 

  27. Groth, J.: Short pairing-based non-interactive zero-knowledge arguments. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 321–340. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17373-8_19

    Chapter  Google Scholar 

  28. Groth, J.: On the size of pairing-based non-interactive arguments. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016, Part II. LNCS, vol. 9666, pp. 305–326. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49896-5_11

    Chapter  Google Scholar 

  29. Haenni, R.: Swiss post public intrusion test: undetectable attack against vote integrity and secrecy (2019). https://e-voting.bfh.ch/app/download/7833162361/PIT2.pdf?t=1552395691

  30. Kosba, A., Miller, A.: The blockchain model of cryptography and privacy-preserving smart contracts. In: 2016 IEEE Symposium on Security and Privacy, pp. 839–858. IEEE Computer Society Press, May 2016

    Google Scholar 

  31. Kosba, A.E., et al.: A framework for building composable zero-knowledge proofs. Technical report 2015/1093, 10 November 2015. http://eprint.iacr.org/2015/1093. Accessed 9 Apr 2017

  32. Lipmaa, H.: Progression-free sets and sublinear pairing-based non-interactive zero-knowledge arguments. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 169–189. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28914-9_10

    Chapter  Google Scholar 

  33. Lipmaa, H.: Simulation-extractable SNARKs revisited. Cryptology ePrint Archive, Report 2019/612 (2019). http://eprint.iacr.org/2019/612

  34. Lewis, S.J., Pereira, O., Teague, V.: Trapdoor commitments in the swisspost e-voting shuffle proof (2019). https://people.eng.unimelb.edu.au/vjteague/SwissVote

  35. Parno, B., Howell, J., Gentry, C., Raykova, M.: Pinocchio: nearly practical verifiable computation. In: 2013 IEEE Symposium on Security and Privacy, pp. 238–252. IEEE Computer Society Press, May 2013

    Google Scholar 

  36. Perlroth, N., Larson, J., Shane, S.: NSA able to foil basic safeguards of privacy on web. The New York Times, 5 (2013)

    Google Scholar 

Download references

Acknowledgement

This work was supported in part by the Estonian Research Council grant PRG49.

Author information

Authors and Affiliations

  1. University of Tartu, Tartu, Estonia

    Karim Baghery

Authors
  1. Karim Baghery
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Karim Baghery .

Editor information

Editors and Affiliations

  1. Royal Holloway, University of London, London, UK

    Martin Albrecht

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Baghery, K. (2019). Subversion-Resistant Simulation (Knowledge) Sound NIZKs. In: Albrecht, M. (eds) Cryptography and Coding. IMACC 2019. Lecture Notes in Computer Science(), vol 11929. Springer, Cham. https://doi.org/10.1007/978-3-030-35199-1_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-35199-1_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-35198-4

  • Online ISBN: 978-3-030-35199-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics