research-article

Succinct Arguments for Bilinear Group Arithmetic: Practical Structure-Preserving Cryptography

Authors:
Russell W. F. Lai

Friedrich-Alexander University Erlangen-Nuremberg, Erlangen, Germany

Friedrich-Alexander University Erlangen-Nuremberg, Erlangen, Germany
View Profile

,
Giulio Malavolta

Carnegie Mellon University, Pittsburgh, PA, USA

Carnegie Mellon University, Pittsburgh, PA, USA
View Profile

,
Viktoria Ronge

Friedrich-Alexander University Erlangen-Nuremberg, Erlangen, Germany

Friedrich-Alexander University Erlangen-Nuremberg, Erlangen, Germany
View Profile

CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications SecurityNovember 2019Pages 2057–2074https://doi.org/10.1145/3319535.3354262

Published:06 November 2019Publication History

CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

Pages 2057–2074

ABSTRACT

In their celebrated work, Groth and Sahai [EUROCRYPT'08, SICOMP' 12] constructed non-interactive zero-knowledge (NIZK) proofs for general bilinear group arithmetic relations, which spawned the entire subfield of structure-preserving cryptography. This branch of the theory of cryptography focuses on modular design of advanced cryptographic primitives. Although the proof systems of Groth and Sahai are a powerful toolkit, their efficiency hits a barrier when the size of the witness is large, as the proof size is linear in that of the witness. In this work, we revisit the problem of proving knowledge of general bilinear group arithmetic relations in zero-knowledge. Specifically, we construct a succinct zero-knowledge argument for such relations, where the communication complexity is logarithmic in the integer and source group components of the witness. Our argument has public-coin setup and verifier and can therefore be turned non-interactive using the Fiat-Shamir transformation in the random oracle model. For the special case of non-bilinear group arithmetic relations with only integer unknowns, our system can be instantiated in non-bilinear groups. In many applications, our argument system can serve as a drop-in replacement of Groth-Sahai proofs, turning existing advanced primitives in the vast literature of structure-preserving cryptography into practically efficient systems with short proofs.

Supplemental Material

p2057-lai.webm

webm

92.1 MB

Download

References

Masayuki Abe. 2015. Structure-Preserving Cryptography. In Advances in Cryptology - Asiacrypt 2015 (Lecture Notes in Computer Science), Vol. 9452. 1. https://www.iacr.org/archive/asiacrypt2015/94520356/94520356.pdf Abstract of invited talk.Google Scholar
Masayuki Abe, Georg Fuchsbauer, Jens Groth, Kristiyan Haralambiev, and Miyako Ohkubo. 2010. Structure-Preserving Signatures and Commitments to Group Elements. In CRYPTO 2010 (LNCS ), Tal Rabin (Ed.), Vol. 6223. Springer, Heidelberg, 209--236. https://doi.org/10.1007/978--3--642--14623--7_12Google ScholarCross Ref
Masayuki Abe, Georg Fuchsbauer, Jens Groth, Kristiyan Haralambiev, and Miyako Ohkubo. 2016. Structure-Preserving Signatures and Commitments to Group Elements. Journal of Cryptology, Vol. 29, 2 (April 2016), 363--421. https://doi.org/10.1007/s00145-014--9196--7Google ScholarDigital Library
Masayuki Abe, Kristiyan Haralambiev, and Miyako Ohkubo. 2012. Group to Group Commitments Do Not Shrink. In EUROCRYPT 2012 (LNCS ), David Pointcheval and Thomas Johansson (Eds.), Vol. 7237. Springer, Heidelberg, 301--317. https://doi.org/10.1007/978--3--642--29011--4_19Google ScholarDigital Library
Shashank Agrawal, Shweta Agrawal, Saikrishna Badrinarayanan, Abishek Kumarasubramanian, Manoj Prabhakaran, and Amit Sahai. 2015. On the Practical Security of Inner Product Functional Encryption. In PKC 2015 (LNCS ), Jonathan Katz (Ed.), Vol. 9020. Springer, Heidelberg, 777--798. https://doi.org/10.1007/978--3--662--46447--2_35Google Scholar
Scott Ames, Carmit Hazay, Yuval Ishai, and Muthuramakrishnan Venkitasubramaniam. 2017. Ligero: Lightweight Sublinear Arguments Without a Trusted Setup. In ACM CCS 2017, Bhavani M. Thuraisingham, David Evans, Tal Malkin, and Dongyan Xu (Eds.). ACM Press, 2087--2104. https://doi.org/10.1145/3133956.3134104Google ScholarDigital Library
Paulo S. L. M. Barreto and Michael Naehrig. 2006. Pairing-Friendly Elliptic Curves of Prime Order. In SAC 2005 (LNCS ), Bart Preneel and Stafford Tavares (Eds.), Vol. 3897. Springer, Heidelberg, 319--331. https://doi.org/10.1007/11693383_22Google Scholar
Eli Ben-Sasson, Iddo Bentov, Yinon Horesh, and Michael Riabzev. 2018. Scalable, transparent, and post-quantum secure computational integrity. Cryptology ePrint Archive, Report 2018/046. https://eprint.iacr.org/2018/046.Google Scholar
Eli Ben-Sasson, Alessandro Chiesa, Michael Riabzev, Nicholas Spooner, Madars Virza, and Nicholas P. Ward. 2019. Aurora: Transparent Succinct Arguments for R1CS. In EUROCRYPT 2019, Part I (LNCS ), Yuval Ishai and Vincent Rijmen (Eds.), Vol. 11476. Springer, Heidelberg, 103--128. https://doi.org/10.1007/978--3-030--17653--2_4Google ScholarDigital Library
Eli Ben-Sasson, Alessandro Chiesa, and Nicholas Spooner. 2016. Interactive Oracle Proofs. In TCC 2016-B, Part II (LNCS ), Martin Hirt and Adam D. Smith (Eds.), Vol. 9986. Springer, Heidelberg, 31--60. https://doi.org/10.1007/978--3--662--53644--5_2Google Scholar
Manuel Blum, Paul Feldman, and Silvio Micali. 1988. Non-Interactive Zero-Knowledge and Its Applications (Extended Abstract). In 20th ACM STOC. ACM Press, 103--112. https://doi.org/10.1145/62212.62222Google ScholarDigital Library
Dan Boneh and Matthew K. Franklin. 2001. Identity-Based Encryption from the Weil Pairing. In CRYPTO 2001 (LNCS ), Joe Kilian (Ed.), Vol. 2139. Springer, Heidelberg, 213--229. https://doi.org/10.1007/3--540--44647--8_13Google Scholar
Jonathan Bootle, Andrea Cerulli, Pyrros Chaidos, Jens Groth, and Christophe Petit. 2016. Efficient Zero-Knowledge Arguments for Arithmetic Circuits in the Discrete Log Setting, See citeNEC16--2, 327--357. https://doi.org/10.1007/978--3--662--49896--5_12Google Scholar
Benedikt Bünz, Jonathan Bootle, Dan Boneh, Andrew Poelstra, Pieter Wuille, and Greg Maxwell. 2018. Bulletproofs: Short Proofs for Confidential Transactions and More, See citeNSP18, 315--334. https://doi.org/10.1109/SP.2018.00020Google Scholar
Jan Camenisch, Kristiyan Haralambiev, Markulf Kohlweiss, Jorn Lapon, and Vincent Naessens. 2011. Structure Preserving CCA Secure Encryption and Applications, See citeNAC11, 89--106. https://doi.org/10.1007/978--3--642--25385-0_5Google Scholar
Jan Camenisch and Victor Shoup. 2003. Practical Verifiable Encryption and Decryption of Discrete Logarithms. In CRYPTO 2003 (LNCS ), Dan Boneh (Ed.), Vol. 2729. Springer, Heidelberg, 126--144. https://doi.org/10.1007/978--3--540--45146--4_8Google Scholar
Julien Cathalo, Beno^it Libert, and Moti Yung. 2009. Group Encryption: Non-interactive Realization in the Standard Model. In ASIACRYPT 2009 (LNCS ), Mitsuru Matsui (Ed.), Vol. 5912. Springer, Heidelberg, 179--196. https://doi.org/10.1007/978--3--642--10366--7_11Google Scholar
Melissa Chase, Markulf Kohlweiss, Anna Lysyanskaya, and Sarah Meiklejohn. 2012. Malleable Proof Systems and Applications. Cryptology ePrint Archive, Report 2012/012. http://eprint.iacr.org/2012/012.Google Scholar
Taher ElGamal. 1985. A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. IEEE Transactions on Information Theory, Vol. 31 (1985), 469--472.Google ScholarDigital Library
Amos Fiat and Adi Shamir. 1987. How to Prove Yourself: Practical Solutions to Identification and Signature Problems. In CRYPTO'86 (LNCS ), Andrew M. Odlyzko (Ed.), Vol. 263. Springer, Heidelberg, 186--194. https://doi.org/10.1007/3--540--47721--7_12Google Scholar
Marc Fischlin and Jean-Sé bastien Coron (Eds.). 2016. EUROCRYPT 2016, Part II. LNCS, Vol. 9666. Springer, Heidelberg.Google Scholar
Georg Fuchsbauer. 2011. Commuting Signatures and Verifiable Encryption. In EUROCRYPT 2011 (LNCS ), Kenneth G. Paterson (Ed.), Vol. 6632. Springer, Heidelberg, 224--245. https://doi.org/10.1007/978--3--642--20465--4_14Google Scholar
Rosario Gennaro, Craig Gentry, Bryan Parno, and Mariana Raykova. 2013. Quadratic Span Programs and Succinct NIZKs without PCPs. In EUROCRYPT 2013 (LNCS ), Thomas Johansson and Phong Q. Nguyen (Eds.), Vol. 7881. Springer, Heidelberg, 626--645. https://doi.org/10.1007/978--3--642--38348--9_37Google ScholarCross Ref
Craig Gentry and Daniel Wichs. 2011. Separating succinct non-interactive arguments from all falsifiable assumptions. In 43rd ACM STOC, Lance Fortnow and Salil P. Vadhan (Eds.). ACM Press, 99--108. https://doi.org/10.1145/1993636.1993651Google Scholar
Essam Ghadafi, Nigel P. Smart, and Bogdan Warinschi. 2010. Groth-Sahai Proofs Revisited. In PKC 2010 (LNCS ), Phong Q. Nguyen and David Pointcheval (Eds.), Vol. 6056. Springer, Heidelberg, 177--192. https://doi.org/10.1007/978--3--642--13013--7_11Google Scholar
Vipul Goyal, Omkant Pandey, Amit Sahai, and Brent Waters. 2006. Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data. In ACM CCS 2006, Ari Juels, Rebecca N. Wright, and Sabrina De Capitani di Vimercati (Eds.). ACM Press, 89--98. https://doi.org/10.1145/1180405.1180418 Available as Cryptology ePrint Archive Report 2006/309.Google ScholarDigital Library
Jens Groth. 2006. Simulation-Sound NIZK Proofs for a Practical Language and Constant Size Group Signatures. In ASIACRYPT 2006 (LNCS ), Xuejia Lai and Kefei Chen (Eds.), Vol. 4284. Springer, Heidelberg, 444--459. https://doi.org/10.1007/11935230_29Google ScholarDigital Library
Jens Groth. 2011. Efficient Zero-Knowledge Arguments from Two-Tiered Homomorphic Commitments, See citeNAC11, 431--448. https://doi.org/10.1007/978--3--642--25385-0_23Google Scholar
Jens Groth. 2016. On the Size of Pairing-Based Non-interactive Arguments, See citeNEC16--2, 305--326. https://doi.org/10.1007/978--3--662--49896--5_11Google Scholar
Jens Groth and Yuval Ishai. 2008. Sub-linear Zero-Knowledge Argument for Correctness of a Shuffle, See citeNEC08, 379--396. https://doi.org/10.1007/978--3--540--78967--3_22Google Scholar
Jens Groth, Rafail Ostrovsky, and Amit Sahai. 2006. Perfect Non-interactive Zero Knowledge for NP. In EUROCRYPT 2006 (LNCS ), Serge Vaudenay (Ed.), Vol. 4004. Springer, Heidelberg, 339--358. https://doi.org/10.1007/11761679_21Google Scholar
Jens Groth and Amit Sahai. 2008. Efficient Non-interactive Proof Systems for Bilinear Groups, See citeNEC08, 415--432. https://doi.org/10.1007/978--3--540--78967--3_24Google Scholar
J. Groth and A. Sahai. 2012. Efficient Noninteractive Proof Systems for Bilinear Groups. SIAM J. Comput., Vol. 41, 5 (2012), 1193--1232. https://doi.org/10.1137/080725386 https://doi.org/10.1137/S0097539795284959Google ScholarCross Ref
Torben P. Pedersen. 1992. Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing. In CRYPTO'91 (LNCS ), Joan Feigenbaum (Ed.), Vol. 576. Springer, Heidelberg, 129--140. https://doi.org/10.1007/3--540--46766--1_9Google Scholar
Amit Sahai. 1999. Non-Malleable Non-Interactive Zero Knowledge and Adaptive Chosen-Ciphertext Security. In 40th FOCS. IEEE Computer Society Press, 543--553. https://doi.org/10.1109/SFFCS.1999.814628Google ScholarCross Ref
Amit Sahai and Brent R. Waters. 2005. Fuzzy Identity-Based Encryption. In EUROCRYPT 2005 (LNCS ), Ronald Cramer (Ed.), Vol. 3494. Springer, Heidelberg, 457--473. https://doi.org/10.1007/11426639_27Google Scholar
Claus-Peter Schnorr. 1990. Efficient Identification and Signatures for Smart Cards. In CRYPTO'89 (LNCS ), Gilles Brassard (Ed.), Vol. 435. Springer, Heidelberg, 239--252. https://doi.org/10.1007/0--387--34805-0_22Google Scholar
Nigel P. Smart (Ed.). 2008. EUROCRYPT 2008. LNCS, Vol. 4965. Springer, Heidelberg.Google Scholar
Riad S. Wahby, Ioanna Tzialla, abhi shelat, Justin Thaler, and Michael Walfish. 2018. Doubly-Efficient zkSNARKs Without Trusted Setup, See citeNSP18, 926--943. https://doi.org/10.1109/SP.2018.00060Google Scholar

Index Terms

Succinct Arguments for Bilinear Group Arithmetic: Practical Structure-Preserving Cryptography
1. Security and privacy
  1. Cryptography
2. Theory of computation
  1. Computational complexity and cryptography
    1. Interactive proof systems

Recommendations

Structure-Preserving Signatures and Commitments to Group Elements

A modular approach to constructing cryptographic protocols leads to simple designs but often inefficient instantiations. On the other hand, ad hoc constructions may yield efficient protocols at the cost of losing conceptual simplicity. We suggest a new ...
Read More
Structure-Preserving Certificateless Encryption and Its Application
Topics in Cryptology – CT-RSA 2019
Abstract
Certificateless encryption (CLE) combines the advantages of public-key encryption (PKE) and identity-based encryption (IBE) by removing the certificate management of PKE and the key escrow problem of IBE. In this paper, we propose structure-...
Read More
Certificateless Group Signature Scheme from Bilinear Pairings
ICCIS 2017: Proceedings of the 2017 2nd International Conference on Communication and Information Systems

Certificateless public key cryptography solve the certificate management problems of the traditional public key cryptography, also overcomes the problems public key escrow in identity based cryptography.A group signature scheme allows a group member to ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security
November 2019
2755 pages
ISBN:9781450367479
DOI:10.1145/3319535
General Chairs:
Lorenzo Cavallaro
King's College London, UK
,
Johannes Kinder
Bundeswehr University Munich, Germany
,
Program Chairs:
XiaoFeng Wang
Indiana University, USA
,
Jonathan Katz
George Mason University, USA
Copyright © 2019 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 6 November 2019
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
structure-preserving cryptography
succinct arguments
Qualifiers
- research-article
Conference

Acceptance Rates
CCS '19 Paper Acceptance Rate149of934submissions,16%Overall Acceptance Rate1,261of6,999submissions,18%
More
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 21
  Total Citations
  View Citations
- 437
  Total Downloads
- Downloads (Last 12 months)32
- Downloads (Last 6 weeks)3
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Succinct Arguments for Bilinear Group Arithmetic: Practical Structure-Preserving Cryptography

CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

ABSTRACT

Supplemental Material

References

Cited By

Index Terms

Recommendations

Structure-Preserving Signatures and Commitments to Group Elements

Structure-Preserving Certificateless Encryption and Its Application

Certificateless Group Signature Scheme from Bilinear Pairings