Ran Canetti
Yilei Chen
ABSTRACT
We give new instantiations of the Fiat-Shamir transform using explicit, efficiently computable hash functions. We improve over prior work by reducing the security of these protocols to qualitatively simpler and weaker computational hardness assumptions. As a consequence of our framework, we obtain the following concrete results.
1) There exists a succinct publicly verifiable non-interactive argument system for log-space uniform computations, under the assumption that any one of a broad class of fully homomorphic encryption (FHE) schemes has almost optimal security against polynomial-time adversaries. The class includes all FHE schemes in the literature that are based on the learning with errors (LWE) problem.
2) There exists a non-interactive zero-knowledge argument system for in the common reference string model, under either of the following two assumptions: (i) Almost optimal hardness of search-LWE against polynomial-time adversaries, or (ii) The existence of a circular-secure FHE scheme with a standard (polynomial time, negligible advantage) level of security.
3) The classic quadratic residuosity protocol of [Goldwasser, Micali, and Rackoff, SICOMP ’89] is not zero knowledge when repeated in parallel, under any of the hardness assumptions above.
- {AABN02} Michel Abdalla, Jee Hea An, Mihir Bellare, and Chanathip Namprempre, From identification to signatures via the fiat-shamir transform: Minimizing assumptions for security and forward-security, International Conference on the Theory and Applications of Cryptographic Techniques, Springer, 2002, pp. 418–433. Google Scholar
Digital Library
- {ACPS09} Benny Applebaum, David Cash, Chris Peikert, and Amit Sahai, Fast cryptographic primitives and circular-secure encryption based on hard learning problems, Advances in Cryptology-CRYPTO 2009, Springer, 2009, pp. 595– 618.Google ScholarDigital Library
- {AIK04} Benny Applebaum, Yuval Ishai, and Eyal Kushilevitz, Cryptography in nc0, Foundations of Computer Science, 2004. Proceedings. 45th Annual IEEE Symposium on, IEEE, 2004, pp. 166–175.Google Scholar
- {AIK11}, How to garble arithmetic circuits, Proceedings of the 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science, IEEE Computer Society, 2011, pp. 120–129. {App11} Benny Applebaum, Key-dependent message security: Generic amplification and completeness, Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT), Springer, 2011, pp. 527–546. {Bar01} Boaz Barak, How to go beyond the black-box simulation barrier, FOCS, IEEE, 2001, p. 106.Google Scholar
- {BCKP14} Nir Bitansky, Ran Canetti, Yael Tauman Kalai, and Omer Paneth, On virtual grey box obfuscation for general circuits, International Cryptology Conference, Springer, 2014, pp. 108–125.Google ScholarCross Ref
- {BCS16} Eli Ben-Sasson, Alessandro Chiesa, and Nicholas Spooner, Interactive oracle proofs, Theory of Cryptography Conference, Springer, 2016, pp. 31–60. {BDG + 13} Nir Bitansky, Dana Dachman-Soled, Sanjam Garg, Abhishek Jain, Yael Tauman Kalai, Adriana López-Alt, and Daniel Wichs, Why "fiat-shamir for proofs" lacks a proof, Theory of Cryptography - 10th Theory of Cryptography Conference, TCC 2013, Tokyo, Japan, March 3-6, 2013. Proceedings, 2013, pp. 182–201.Google ScholarDigital Library
- {BG10} Zvika Brakerski and Shafi Goldwasser, Circular and leakage resilient publickey encryption under subgroup indistinguishability, Annual Cryptology Conference, Springer, 2010, pp. 1–20. Google ScholarDigital Library
- {BG14} Shi Bai and Steven D. Galbraith, Lattice decoding attacks on binary LWE, ACISP, Lecture Notes in Computer Science, vol. 8544, Springer, 2014, pp. 322–337. {BGI + 01} Boaz Barak, Oded Goldreich, Rusell Impagliazzo, Steven Rudich, Amit Sahai, Salil Vadhan, and Ke Yang, On the (im) possibility of obfuscating programs, Annual International Cryptology Conference – CRYPTO 2001, Springer, 2001, Journal version appears in JACM 2012, pp. 1–18. Google ScholarDigital Library
- {BGV12} Zvika Brakerski, Craig Gentry, and Vinod Vaikuntanathan, (leveled) fully homomorphic encryption without bootstrapping, Proceedings of the 3rd Innovations in Theoretical Computer Science Conference, ACM, 2012, pp. 309–325. Google ScholarDigital Library
- {BHHI10} Boaz Barak, Iftach Haitner, Dennis Hofheinz, and Yuval Ishai, Bounded key-dependent message security, Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT), Springer, 2010, pp. 423–444. Google ScholarDigital Library
- {BHHO08} Dan Boneh, Shai Halevi, Mike Hamburg, and Rafail Ostrovsky, Circularsecure encryption from decision diffie-hellman, Annual International Cryptology Conference, Springer, 2008, pp. 108–125. Google ScholarDigital Library
- {BHY09} Mihir Bellare, Dennis Hofheinz, and Scott Yilek, Possibility and impossibility results for encryption and commitment secure under selective opening, Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, 2009, pp. 1–35.Google ScholarDigital Library
- {BLSV18} Zvika Brakerski, Alex Lombardi, Gil Segev, and Vinod Vaikuntanathan, Anonymous IBE, leakage resilience and circular security from new assumptions, Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, 2018, pp. 535–564.Google Scholar
- {BLV03} B Barak, Y Lindell, and S Vadhan, Lower bounds for non-black-box zero knowledge, Foundations of Computer Science, 2003. Proceedings. 44th Annual IEEE Symposium on, IEEE, 2003, pp. 384–393. Google ScholarDigital Library
- {BMR90} Donald Beaver, Silvio Micali, and Phillip Rogaway, The round complexity of secure protocols, Proceedings of the twenty-second annual ACM symposium on Theory of computing, ACM, 1990, pp. 503–513. {Bra12} Zvika Brakerski, Fully homomorphic encryption without modulus switching from classical GapSVP, Advances in Cryptology–CRYPTO 2012, Springer, 2012, pp. 868–886. Google ScholarDigital Library
- {BV11} Zvika Brakerski and Vinod Vaikuntanathan, Efficient fully homomorphic encryption from (standard) LWE, Proceedings of the 2011 IEEE 52nd Annual Fiat-Shamir: From Practice to Theory STOC ’19, June 23–26, 2019, Phoenix, AZ, USA Symposium on Foundations of Computer Science, IEEE Computer Society, 2011, pp. 97–106.Google ScholarDigital Library
- {BV14}, Lattice-based FHE as secure as PKE, Proceedings of the 5th conference on Innovations in theoretical computer science, ACM, 2014, pp. 1–12. {CCH + 18} Ran Canetti, Yilei Chen, Justin Holmgren, Alex Lombardi, Guy N. Rothblum, and Ron D. Rothblum, Fiat-shamir: From practice to theory, part i (fiat-shamir from simpler assumptions), IACR Cryptology ePrint Archive 2018 (2018).Google Scholar
- {CCR16} Ran Canetti, Yilei Chen, and Leonid Reyzin, On the correlation intractability of obfuscated pseudorandom functions, Theory of Cryptography Conference, Springer, 2016, pp. 389–415. Google ScholarDigital Library
- {CCRR18} Ran Canetti, Yilei Chen, Leonid Reyzin, and Ron D Rothblum, Fiat-Shamir and correlation intractability from strong KDM-secure encryption, Annual International Conference on the Theory and Applications of Cryptographic Techniques – EUROCRYPT 2018, Springer, 2018, pp. 91–122.Google ScholarCross Ref
- {CGH04} Ran Canetti, Oded Goldreich, and Shai Halevi, The random oracle methodology, revisited, Journal of the ACM (JACM) 51 (2004), no. 4, 557–594. Google ScholarDigital Library
- {CLW18} Ran Canetti, Alex Lombardi, and Daniel Wichs, Fiat-shamir: From practice to theory, part ii (non-interactive zero knowledge and correlation intractability from circular-secure fhe), IACR Cryptology ePrint Archive 2018 (2018).Google Scholar
- {DNRS99} Cynthia Dwork, Moni Naor, Omer Reingold, and Larry J. Stockmeyer, Magic functions, FOCS, IEEE Computer Society, 1999, pp. 523–534.Google Scholar
- {FLS99} Uriel Feige, Dror Lapidot, and Adi Shamir, Multiple noninteractive zero knowledge proofs under general assumptions, SIAM Journal on Computing 29 (1999), no. 1, 1–28.Google ScholarDigital Library
- {FS86} Amos Fiat and Adi Shamir, How to prove yourself: Practical solutions to identification and signature problems, Conference on the Theory and Application of Cryptographic Techniques, Springer, 1986, pp. 186–194. {GGH + 13} Sanjam Garg, Craig Gentry, Shai Halevi, Mariana Raykova, Amit Sahai, and Brent Waters, Candidate Indistinguishability Obfuscation and Functional Encryption for all Circuits, Foundations of Computer Science (FOCS), 2013 IEEE 54th Annual Symposium on, 2013, pp. 40–49. Google ScholarDigital Library
- {GK03} Shafi Goldwasser and Yael Tauman Kalai, On the (in) security of the Fiat-Shamir paradigm, Foundations of Computer Science, 2003. Proceedings. 44th Annual IEEE Symposium on, IEEE, 2003, pp. 102–113. Google ScholarDigital Library
- {GK16}, Cryptographic assumptions: A position paper, Theory of Cryptography Conference, Springer, 2016, pp. 505–522. Google ScholarDigital Library
- {GKR08} Shafi Goldwasser, Yael Tauman Kalai, and Guy N. Rothblum, Delegating computation: interactive proofs for muggles, Proceedings of the fortieth annual ACM symposium on Theory of computing, ACM, 2008, pp. 113–122. Google ScholarDigital Library
- {GMR89} Shafi Goldwasser, Silvio Micali, and Charles Rackoff, The knowledge complexity of interactive proof systems, SIAM Journal on computing 18 (1989), no. 1, 186–208. Google ScholarDigital Library
- {GMW91} Oded Goldreich, Silvio Micali, and Avi Wigderson, Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems, Journal of the ACM (JACM) 38 (1991), no. 3, 690–728. Google ScholarDigital Library
- {GOS12} Jens Groth, Rafail Ostrovsky, and Amit Sahai, New techniques for noninteractive zero-knowledge, J. ACM 59 (2012), no. 3, 11:1–11:35. Google ScholarDigital Library
- {GSW13} Craig Gentry, Amit Sahai, and Brent Waters, Homomorphic encryption from learning with errors: Conceptually-simpler, asymptotically-faster, attributebased, Advances in Cryptology–CRYPTO 2013, Springer, 2013, pp. 75–92.Google Scholar
- {GW11} Craig Gentry and Daniel Wichs, Separating succinct non-interactive arguments from all falsifiable assumptions, Proceedings of the forty-third annual ACM symposium on Theory of computing, ACM, 2011, pp. 99–108. Google ScholarDigital Library
- {HL18} Justin Holmgren and Alex Lombardi, Cryptographic hashing from strong one-way functions, Proceedings - Annual IEEE Symposium on Foundations of Computer Science, FOCS, 2018, to appear.Google Scholar
- {HMR08} Shai Halevi, Steven Myers, and Charles Rackoff, On seed-incompressible functions, Theory of Cryptography Conference, Springer, 2008, pp. 19–36. Google ScholarDigital Library
- {HW15} Pavel Hubacek and Daniel Wichs, On the communication complexity of secure function evaluation with long output, Proceedings of the 2015 Conference on Innovations in Theoretical Computer Science, ACM, 2015, pp. 163–172. Google ScholarDigital Library
- {KN08} Gillat Kol and Moni Naor, Cryptography and game theory: Designing protocols for exchanging information, Theory of Cryptography Conference, Springer, 2008, pp. 320–339. Google ScholarDigital Library
- {KRR17} Yael Tauman Kalai, Guy N. Rothblum, and Ron D. Rothblum, From obfuscation to the security of fiat-shamir for proofs, CRYPTO (2), Lecture Notes in Computer Science, vol. 10402, Springer, 2017, pp. 224–251. {Mic00} Silvio Micali, Computationally sound proofs, SIAM Journal on Computing 30 (2000), no. 4, 1253–1298.Google ScholarCross Ref
- {Nao03} Moni Naor, On cryptographic assumptions and challenges, Annual International Cryptology Conference – CRYPTO 2003, Springer, 2003, pp. 96–109. {Pas13} Rafael Pass, Unprovable security of perfect nizk and non-interactive nonmalleable commitments, Proceedings of the 10th theory of cryptography conference on Theory of Cryptography, Springer-Verlag, 2013, pp. 334– 354. Google ScholarDigital Library
- {PS96} David Pointcheval and Jacques Stern, Security proofs for signature schemes, International Conference on the Theory and Applications of Cryptographic Techniques, Springer, 1996, pp. 387–398. Google ScholarDigital Library
Index Terms
- Fiat-Shamir: from practice to theory
Recommendations
SNARGs for bounded depth computations and PPAD hardness from sub-exponential LWE
STOC 2021: Proceedings of the 53rd Annual ACM SIGACT Symposium on Theory of ComputingWe construct a succinct non-interactive publicly-verifiable delegation scheme for any log-space uniform circuit under the sub-exponential Learning With Errors (LWE) assumption. For a circuit C:{0,1}N→{0,1} of size S and depth D, the prover runs in time ...
Fiat–Shamir via list-recoverable codes (or: parallel repetition of GMW is not zero-knowledge)
STOC 2021: Proceedings of the 53rd Annual ACM SIGACT Symposium on Theory of ComputingIn a seminal work, Goldreich, Micali and Wigderson (CRYPTO ’86) demonstrated the wide applicability of zero-knowledge proofs by constructing such a proof system for the NP-complete problem of graph 3-coloring. A long-standing open question has been ...
Fiat-Shamir with Aborts: From Identification Schemes to Linkable Ring Signatures
Security, Privacy, and Applied Cryptography EngineeringAbstractFiat-Shamir with aborts is a technique to transform a lattice-based identification scheme to a signature scheme introduced by Lyubashevsky (in Asiacrypt 2009). The scheme is also provably secure based on some standard lattice problems. In this ...
Comments