Abstract
We define smooth zero-knowledge hash functions (SZKHFs) as smooth projective hash functions (SPHFs) for which the completeness holds even when the language parameter \(\mathtt {lpar}\) and the projection key \(\mathsf {hp}\) were maliciously generated. We prove that blackbox SZKHF in the plain model is impossible even if \(\mathtt {lpar}\) was honestly generated. We then define SZKHF in the registered public key (RPK) model, where both \(\mathtt {lpar}\) and \(\mathsf {hp}\) are possibly maliciously generated but accepted by an RPK server, and show that the CRS-model trapdoor SPHFs of Benhamouda et al. are also secure in the weaker RPK model. Then, we define and instantiate subversion-zero knowledge SZKHF in the plain model. In this case, both \(\mathtt {lpar}\) and \(\mathsf {hp}\) are completely untrusted, but one uses non-blackbox techniques in the security proof.
H. Khoshakhlagh—Funded by the Concordium Foundation under Concordium Blockchain Research Center, Aarhus.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
We considered other terms. This notion corresponds to completeness/projectivity when \(\mathtt {lpar}\) and \(\mathsf {hp}\) are subverted, and thus it could be called subversion-completeness/subversion-projectivity. For trapdoor SPHFs, it was called soundness in [10] and, finally, zero knowledge in [9]. Zero-knowledge is the most intuitive term since in a typical application of \(\mathsf {HF}\); it guarantees that a malicious creator of \(\mathsf {hp}\) does not learn anything new from seeing \(\mathsf {pH}\) compared to when she sees \(\mathsf {H}\) that does not depend on the witness.
- 2.
Couteau and Hartmann [13] considered \(\boldsymbol{\lambda } (\mathtt {x}, \mathtt {w}) := \mathtt {w}\) only; however, one can just redefine the witness to contain all elements of \(\boldsymbol{\lambda } (\mathtt {x}, \mathtt {w})\).
- 3.
In the case of blackbox ZK in the plain model, we will give the definition only for honestly generated \(\mathtt {lpar}\): since we will show that this definition is impossible to achieve, this will make our result only stronger.
- 4.
We emphasize that proving ZK in the case of subverted \(\mathtt {lpar}\) and \(\mathsf {hp}\) is paramount in applications where both \(\mathtt {lpar}\) and \(\mathsf {hp}\) are generated by the verifier (the party who checks that the values of \(\mathsf {hash}\) and \(\mathsf {projhash}\) are equal).
- 5.
Although this tuple is different from the usual DDH challenge \([x, y, z]_{2}\) where \(z = x y\) or random, it is not hard to show they are two versions of the same hardness problem.
- 6.
The existence of \(\varDelta _{\boldsymbol{\gamma }}\) comes from the parametric equations that describe all the solutions of the underlying system of equations.
References
Abdalla, M., Benhamouda, F., Pointcheval, D.: Disjunctions for Hash proof systems: new constructions and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 69–100. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_3
Abdolmaleki, B., Baghery, K., Lipmaa, H., Zając, M.: A subversion-resistant SNARK. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10626, pp. 3–33. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70700-6_1
Abdolmaleki, B., Khoshakhlagh, H., Lipmaa, H.: Smooth zero-knowledge hash functions. IACR Cryptol. ePrint Arch., 653 (2021)
Abdolmaleki, B., Lipmaa, H., Siim, J., Zając, M.: On QA-NIZK in the BPK model. In: Kiayias, A., Kohlweiss, M., Wallden, P., Zikas, V. (eds.) PKC 2020. LNCS, vol. 12110, pp. 590–620. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45374-9_20
Alwen, J., Persiano, G., Visconti, I.: Impossibility and feasibility results for zero knowledge with public keys. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 135–151. Springer, Heidelberg (2005). https://doi.org/10.1007/11535218_9
Barak, B., Canetti, R., Nielsen, J.B., Pass, R.: Universally composable protocols with relaxed set-up assumptions, pp. 186–195
Belenkiy, M., Chase, M., Kohlweiss, M., Lysyanskaya, A.: P-signatures and noninteractive anonymous credentials. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 356–374. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78524-8_20
Bellare, M., Fuchsbauer, G., Scafuro, A.: NIZKs with an untrusted CRS: security in the face of parameter subversion. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 777–804. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53890-6_26
Hamouda-Guichoux, F.B.: Diverse modules and zero-knowledge. Ph.D. Thesis, PSL Research University (2016)
Benhamouda, F., Blazy, O., Chevalier, C., Pointcheval, D., Vergnaud, D.: New techniques for SPHFs and efficient one-round PAKE protocols. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 449–475. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40041-4_25
Blum, M., Feldman, P., Micali, S.: Non-interactive zero-knowledge and its applications (extended abstract), pp. 103–112
Canetti, R., Goldreich, O., Goldwasser, S., Micali, S.: Resettable zero-knowledge (extended abstract), pp. 235–244
Couteau, G., Hartmann, D.: Shorter non-interactive zero-knowledge arguments and ZAPs for algebraic languages. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12172, pp. 768–798. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56877-1_27
Cramer, R., Shoup, V.: Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 45–64. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-46035-7_4
Escala, A., Herold, G., Kiltz, E., Ràfols, C., Villar, J.: An algebraic framework for Diffie-Hellman assumptions. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 129–147. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40084-1_8
Fuchsbauer, G.: Subversion-zero-knowledge SNARKs. In: Abdalla, M., Dahab, R. (eds.) PKC 2018. LNCS, vol. 10769, pp. 315–347. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-76578-5_11
Fuchsbauer, G., Kiltz, E., Loss, J.: The algebraic group model and its applications. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 33–62. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96881-0_2
Galbraith, S.D., Paterson, K.G., Smart, N.P.: Pairings for cryptographers. Discret. Appl. Math. 156(16), 3113–3121 (2008)
Garg, S., Gentry, C., Sahai, A., Waters, B.: Witness encryption and its applications, pp. 467–476
Gennaro, R., Lindell, Y.: A framework for password-based authenticated key exchange. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 524–543. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_33
Gjøsteen, K.: A new security proof for damgård’s ElGamal, pp. 150–158
Goldreich, O., Oren, Y.: Definitions and properties of zero-knowledge proof systems. J. Cryptology 7, 1–32 (1994). https://doi.org/10.1007/BF00195207
Jutla, C.S., Roy, A.: Shorter quasi-adaptive NIZK proofs for linear subspaces, pp. 1–20
Katz, J., Vaikuntanathan, V.: Round-optimal password-based authenticated key exchange. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 293–310. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19571-6_18
Kiltz, E., Wee, H.: Quasi-adaptive NIZK for linear subspaces revisited. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 101–128. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_4
Lipmaa, H.: On the CCA1-security of Elgamal and Damgård’s Elgamal. In: Lai, X., Yung, M., Lin, D. (eds.) Inscrypt 2010. LNCS, vol. 6584, pp. 18–35. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21518-6_2
Lipmaa, H.: Simulation-Extractable ZK-SNARKs Revisited. Technical Report 2019/612, IACR (2019). https://eprint.iacr.org/2019/612, Accessed 13 July 2019
Micali, S., Reyzin, L.: Soundness in the public-key model. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 542–565. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_32
Wee, H.: Lower bounds for non-interactive zero-knowledge. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 103–117. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-70936-7_6
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Abdolmaleki, B., Khoshakhlagh, H., Lipmaa, H. (2021). Smooth Zero-Knowledge Hash Functions. In: Adhikari, A., Küsters, R., Preneel, B. (eds) Progress in Cryptology – INDOCRYPT 2021. INDOCRYPT 2021. Lecture Notes in Computer Science(), vol 13143. Springer, Cham. https://doi.org/10.1007/978-3-030-92518-5_23
Download citation
DOI: https://doi.org/10.1007/978-3-030-92518-5_23
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-92517-8
Online ISBN: 978-3-030-92518-5
eBook Packages: Computer ScienceComputer Science (R0)