skip to main content
10.1145/3313276.3316380acmconferencesArticle/Chapter ViewAbstractPublication PagesstocConference Proceedingsconference-collections
research-article

Fiat-Shamir: from practice to theory

Published: 23 June 2019 Publication History

Abstract

We give new instantiations of the Fiat-Shamir transform using explicit, efficiently computable hash functions. We improve over prior work by reducing the security of these protocols to qualitatively simpler and weaker computational hardness assumptions. As a consequence of our framework, we obtain the following concrete results.
1) There exists a succinct publicly verifiable non-interactive argument system for log-space uniform computations, under the assumption that any one of a broad class of fully homomorphic encryption (FHE) schemes has almost optimal security against polynomial-time adversaries. The class includes all FHE schemes in the literature that are based on the learning with errors (LWE) problem.
2) There exists a non-interactive zero-knowledge argument system for in the common reference string model, under either of the following two assumptions: (i) Almost optimal hardness of search-LWE against polynomial-time adversaries, or (ii) The existence of a circular-secure FHE scheme with a standard (polynomial time, negligible advantage) level of security.
3) The classic quadratic residuosity protocol of [Goldwasser, Micali, and Rackoff, SICOMP ’89] is not zero knowledge when repeated in parallel, under any of the hardness assumptions above.

References

[1]
{AABN02} Michel Abdalla, Jee Hea An, Mihir Bellare, and Chanathip Namprempre, From identification to signatures via the fiat-shamir transform: Minimizing assumptions for security and forward-security, International Conference on the Theory and Applications of Cryptographic Techniques, Springer, 2002, pp. 418–433.
[2]
{ACPS09} Benny Applebaum, David Cash, Chris Peikert, and Amit Sahai, Fast cryptographic primitives and circular-secure encryption based on hard learning problems, Advances in Cryptology-CRYPTO 2009, Springer, 2009, pp. 595– 618.
[3]
{AIK04} Benny Applebaum, Yuval Ishai, and Eyal Kushilevitz, Cryptography in nc0, Foundations of Computer Science, 2004. Proceedings. 45th Annual IEEE Symposium on, IEEE, 2004, pp. 166–175.
[4]
{AIK11}, How to garble arithmetic circuits, Proceedings of the 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science, IEEE Computer Society, 2011, pp. 120–129. {App11} Benny Applebaum, Key-dependent message security: Generic amplification and completeness, Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT), Springer, 2011, pp. 527–546. {Bar01} Boaz Barak, How to go beyond the black-box simulation barrier, FOCS, IEEE, 2001, p. 106.
[5]
{BCKP14} Nir Bitansky, Ran Canetti, Yael Tauman Kalai, and Omer Paneth, On virtual grey box obfuscation for general circuits, International Cryptology Conference, Springer, 2014, pp. 108–125.
[6]
{BCS16} Eli Ben-Sasson, Alessandro Chiesa, and Nicholas Spooner, Interactive oracle proofs, Theory of Cryptography Conference, Springer, 2016, pp. 31–60. {BDG + 13} Nir Bitansky, Dana Dachman-Soled, Sanjam Garg, Abhishek Jain, Yael Tauman Kalai, Adriana López-Alt, and Daniel Wichs, Why "fiat-shamir for proofs" lacks a proof, Theory of Cryptography - 10th Theory of Cryptography Conference, TCC 2013, Tokyo, Japan, March 3-6, 2013. Proceedings, 2013, pp. 182–201.
[7]
{BG10} Zvika Brakerski and Shafi Goldwasser, Circular and leakage resilient publickey encryption under subgroup indistinguishability, Annual Cryptology Conference, Springer, 2010, pp. 1–20.
[8]
{BG14} Shi Bai and Steven D. Galbraith, Lattice decoding attacks on binary LWE, ACISP, Lecture Notes in Computer Science, vol. 8544, Springer, 2014, pp. 322–337. {BGI + 01} Boaz Barak, Oded Goldreich, Rusell Impagliazzo, Steven Rudich, Amit Sahai, Salil Vadhan, and Ke Yang, On the (im) possibility of obfuscating programs, Annual International Cryptology Conference – CRYPTO 2001, Springer, 2001, Journal version appears in JACM 2012, pp. 1–18.
[9]
{BGV12} Zvika Brakerski, Craig Gentry, and Vinod Vaikuntanathan, (leveled) fully homomorphic encryption without bootstrapping, Proceedings of the 3rd Innovations in Theoretical Computer Science Conference, ACM, 2012, pp. 309–325.
[10]
{BHHI10} Boaz Barak, Iftach Haitner, Dennis Hofheinz, and Yuval Ishai, Bounded key-dependent message security, Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT), Springer, 2010, pp. 423–444.
[11]
{BHHO08} Dan Boneh, Shai Halevi, Mike Hamburg, and Rafail Ostrovsky, Circularsecure encryption from decision diffie-hellman, Annual International Cryptology Conference, Springer, 2008, pp. 108–125.
[12]
{BHY09} Mihir Bellare, Dennis Hofheinz, and Scott Yilek, Possibility and impossibility results for encryption and commitment secure under selective opening, Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, 2009, pp. 1–35.
[13]
{BLSV18} Zvika Brakerski, Alex Lombardi, Gil Segev, and Vinod Vaikuntanathan, Anonymous IBE, leakage resilience and circular security from new assumptions, Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, 2018, pp. 535–564.
[14]
{BLV03} B Barak, Y Lindell, and S Vadhan, Lower bounds for non-black-box zero knowledge, Foundations of Computer Science, 2003. Proceedings. 44th Annual IEEE Symposium on, IEEE, 2003, pp. 384–393.
[15]
{BMR90} Donald Beaver, Silvio Micali, and Phillip Rogaway, The round complexity of secure protocols, Proceedings of the twenty-second annual ACM symposium on Theory of computing, ACM, 1990, pp. 503–513. {Bra12} Zvika Brakerski, Fully homomorphic encryption without modulus switching from classical GapSVP, Advances in Cryptology–CRYPTO 2012, Springer, 2012, pp. 868–886.
[16]
{BV11} Zvika Brakerski and Vinod Vaikuntanathan, Efficient fully homomorphic encryption from (standard) LWE, Proceedings of the 2011 IEEE 52nd Annual Fiat-Shamir: From Practice to Theory STOC ’19, June 23–26, 2019, Phoenix, AZ, USA Symposium on Foundations of Computer Science, IEEE Computer Society, 2011, pp. 97–106.
[17]
{BV14}, Lattice-based FHE as secure as PKE, Proceedings of the 5th conference on Innovations in theoretical computer science, ACM, 2014, pp. 1–12. {CCH + 18} Ran Canetti, Yilei Chen, Justin Holmgren, Alex Lombardi, Guy N. Rothblum, and Ron D. Rothblum, Fiat-shamir: From practice to theory, part i (fiat-shamir from simpler assumptions), IACR Cryptology ePrint Archive 2018 (2018).
[18]
{CCR16} Ran Canetti, Yilei Chen, and Leonid Reyzin, On the correlation intractability of obfuscated pseudorandom functions, Theory of Cryptography Conference, Springer, 2016, pp. 389–415.
[19]
{CCRR18} Ran Canetti, Yilei Chen, Leonid Reyzin, and Ron D Rothblum, Fiat-Shamir and correlation intractability from strong KDM-secure encryption, Annual International Conference on the Theory and Applications of Cryptographic Techniques – EUROCRYPT 2018, Springer, 2018, pp. 91–122.
[20]
{CGH04} Ran Canetti, Oded Goldreich, and Shai Halevi, The random oracle methodology, revisited, Journal of the ACM (JACM) 51 (2004), no. 4, 557–594.
[21]
{CLW18} Ran Canetti, Alex Lombardi, and Daniel Wichs, Fiat-shamir: From practice to theory, part ii (non-interactive zero knowledge and correlation intractability from circular-secure fhe), IACR Cryptology ePrint Archive 2018 (2018).
[22]
{DNRS99} Cynthia Dwork, Moni Naor, Omer Reingold, and Larry J. Stockmeyer, Magic functions, FOCS, IEEE Computer Society, 1999, pp. 523–534.
[23]
{FLS99} Uriel Feige, Dror Lapidot, and Adi Shamir, Multiple noninteractive zero knowledge proofs under general assumptions, SIAM Journal on Computing 29 (1999), no. 1, 1–28.
[24]
{FS86} Amos Fiat and Adi Shamir, How to prove yourself: Practical solutions to identification and signature problems, Conference on the Theory and Application of Cryptographic Techniques, Springer, 1986, pp. 186–194. {GGH + 13} Sanjam Garg, Craig Gentry, Shai Halevi, Mariana Raykova, Amit Sahai, and Brent Waters, Candidate Indistinguishability Obfuscation and Functional Encryption for all Circuits, Foundations of Computer Science (FOCS), 2013 IEEE 54th Annual Symposium on, 2013, pp. 40–49.
[25]
{GK03} Shafi Goldwasser and Yael Tauman Kalai, On the (in) security of the Fiat-Shamir paradigm, Foundations of Computer Science, 2003. Proceedings. 44th Annual IEEE Symposium on, IEEE, 2003, pp. 102–113.
[26]
{GK16}, Cryptographic assumptions: A position paper, Theory of Cryptography Conference, Springer, 2016, pp. 505–522.
[27]
{GKR08} Shafi Goldwasser, Yael Tauman Kalai, and Guy N. Rothblum, Delegating computation: interactive proofs for muggles, Proceedings of the fortieth annual ACM symposium on Theory of computing, ACM, 2008, pp. 113–122.
[28]
{GMR89} Shafi Goldwasser, Silvio Micali, and Charles Rackoff, The knowledge complexity of interactive proof systems, SIAM Journal on computing 18 (1989), no. 1, 186–208.
[29]
{GMW91} Oded Goldreich, Silvio Micali, and Avi Wigderson, Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems, Journal of the ACM (JACM) 38 (1991), no. 3, 690–728.
[30]
{GOS12} Jens Groth, Rafail Ostrovsky, and Amit Sahai, New techniques for noninteractive zero-knowledge, J. ACM 59 (2012), no. 3, 11:1–11:35.
[31]
{GSW13} Craig Gentry, Amit Sahai, and Brent Waters, Homomorphic encryption from learning with errors: Conceptually-simpler, asymptotically-faster, attributebased, Advances in Cryptology–CRYPTO 2013, Springer, 2013, pp. 75–92.
[32]
{GW11} Craig Gentry and Daniel Wichs, Separating succinct non-interactive arguments from all falsifiable assumptions, Proceedings of the forty-third annual ACM symposium on Theory of computing, ACM, 2011, pp. 99–108.
[33]
{HL18} Justin Holmgren and Alex Lombardi, Cryptographic hashing from strong one-way functions, Proceedings - Annual IEEE Symposium on Foundations of Computer Science, FOCS, 2018, to appear.
[34]
{HMR08} Shai Halevi, Steven Myers, and Charles Rackoff, On seed-incompressible functions, Theory of Cryptography Conference, Springer, 2008, pp. 19–36.
[35]
{HW15} Pavel Hubacek and Daniel Wichs, On the communication complexity of secure function evaluation with long output, Proceedings of the 2015 Conference on Innovations in Theoretical Computer Science, ACM, 2015, pp. 163–172.
[36]
{KN08} Gillat Kol and Moni Naor, Cryptography and game theory: Designing protocols for exchanging information, Theory of Cryptography Conference, Springer, 2008, pp. 320–339.
[37]
{KRR17} Yael Tauman Kalai, Guy N. Rothblum, and Ron D. Rothblum, From obfuscation to the security of fiat-shamir for proofs, CRYPTO (2), Lecture Notes in Computer Science, vol. 10402, Springer, 2017, pp. 224–251. {Mic00} Silvio Micali, Computationally sound proofs, SIAM Journal on Computing 30 (2000), no. 4, 1253–1298.
[38]
{Nao03} Moni Naor, On cryptographic assumptions and challenges, Annual International Cryptology Conference – CRYPTO 2003, Springer, 2003, pp. 96–109. {Pas13} Rafael Pass, Unprovable security of perfect nizk and non-interactive nonmalleable commitments, Proceedings of the 10th theory of cryptography conference on Theory of Cryptography, Springer-Verlag, 2013, pp. 334– 354.
[39]
{PS96} David Pointcheval and Jacques Stern, Security proofs for signature schemes, International Conference on the Theory and Applications of Cryptographic Techniques, Springer, 1996, pp. 387–398.

Cited By

View all
  • (2025)Round-Optimal Compiler for Semi-Honest to Malicious Oblivious Transfer via CIHIACR Communications in Cryptology10.62056/abe0wa3y61:4Online publication date: 13-Jan-2025
  • (2025)A New Paradigm for Server-Aided MPCIACR Communications in Cryptology10.62056/ab3wa0l5vt1:4Online publication date: 13-Jan-2025
  • (2025)Blockchain-Assisted Self-Sovereign Identities on Education: A SurveyBlockchains10.3390/blockchains30100033:1(3)Online publication date: 11-Feb-2025
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
STOC 2019: Proceedings of the 51st Annual ACM SIGACT Symposium on Theory of Computing
June 2019
1258 pages
ISBN:9781450367059
DOI:10.1145/3313276
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 June 2019

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Fiat-Shamir heuristic
  2. cryptographic protocols
  3. delegation of computation
  4. zero-knowledge protocols

Qualifiers

  • Research-article

Conference

STOC '19
Sponsor:

Acceptance Rates

Overall Acceptance Rate 1,469 of 4,586 submissions, 32%

Upcoming Conference

STOC '25
57th Annual ACM Symposium on Theory of Computing (STOC 2025)
June 23 - 27, 2025
Prague , Czech Republic

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)268
  • Downloads (Last 6 weeks)29
Reflects downloads up to 20 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2025)Round-Optimal Compiler for Semi-Honest to Malicious Oblivious Transfer via CIHIACR Communications in Cryptology10.62056/abe0wa3y61:4Online publication date: 13-Jan-2025
  • (2025)A New Paradigm for Server-Aided MPCIACR Communications in Cryptology10.62056/ab3wa0l5vt1:4Online publication date: 13-Jan-2025
  • (2025)Blockchain-Assisted Self-Sovereign Identities on Education: A SurveyBlockchains10.3390/blockchains30100033:1(3)Online publication date: 11-Feb-2025
  • (2025)The Fiat-Shamir Identification Protocol and the Feige-Fiat-Shamir Signature SchemeEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_319(2597-2598)Online publication date: 8-Jan-2025
  • (2024)Direct Range Proofs for Paillier Cryptosystem and Their ApplicationsProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690261(899-913)Online publication date: 2-Dec-2024
  • (2024)Functional Adaptor Signatures: Beyond All-or-Nothing Blockchain-based PaymentsProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690240(1493-1507)Online publication date: 2-Dec-2024
  • (2024)Constant-Size Verifiable Timed Signatures from RSA Group for Bitcoin-Based Voting ProtocolsIEEE Transactions on Services Computing10.1109/TSC.2023.334752617:4(1414-1425)Online publication date: Jul-2024
  • (2024)Efficient Noninteractive Polynomial Commitment Scheme in the Discrete Logarithm SettingIEEE Internet of Things Journal10.1109/JIOT.2023.331933811:5(8078-8089)Online publication date: 1-Mar-2024
  • (2024)A Trusted Secret Sharing Method for Industrial Internet Based on Secure Multi-Party Computation2024 IEEE 7th International Conference on Computer and Communication Engineering Technology (CCET)10.1109/CCET62233.2024.10838079(210-216)Online publication date: 16-Aug-2024
  • (2024)Dual-Mode Encryption for UC-Secure String OT from Learning with ErrorsIET Information Security10.1049/2024/55132922024Online publication date: 1-Jan-2024
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media