ABSTRACT
In their celebrated work, Groth and Sahai [EUROCRYPT'08, SICOMP' 12] constructed non-interactive zero-knowledge (NIZK) proofs for general bilinear group arithmetic relations, which spawned the entire subfield of structure-preserving cryptography. This branch of the theory of cryptography focuses on modular design of advanced cryptographic primitives. Although the proof systems of Groth and Sahai are a powerful toolkit, their efficiency hits a barrier when the size of the witness is large, as the proof size is linear in that of the witness. In this work, we revisit the problem of proving knowledge of general bilinear group arithmetic relations in zero-knowledge. Specifically, we construct a succinct zero-knowledge argument for such relations, where the communication complexity is logarithmic in the integer and source group components of the witness. Our argument has public-coin setup and verifier and can therefore be turned non-interactive using the Fiat-Shamir transformation in the random oracle model. For the special case of non-bilinear group arithmetic relations with only integer unknowns, our system can be instantiated in non-bilinear groups. In many applications, our argument system can serve as a drop-in replacement of Groth-Sahai proofs, turning existing advanced primitives in the vast literature of structure-preserving cryptography into practically efficient systems with short proofs.
Supplemental Material
- Masayuki Abe. 2015. Structure-Preserving Cryptography. In Advances in Cryptology - Asiacrypt 2015 (Lecture Notes in Computer Science), Vol. 9452. 1. https://www.iacr.org/archive/asiacrypt2015/94520356/94520356.pdf Abstract of invited talk.Google Scholar
- Masayuki Abe, Georg Fuchsbauer, Jens Groth, Kristiyan Haralambiev, and Miyako Ohkubo. 2010. Structure-Preserving Signatures and Commitments to Group Elements. In CRYPTO 2010 (LNCS ), Tal Rabin (Ed.), Vol. 6223. Springer, Heidelberg, 209--236. https://doi.org/10.1007/978--3--642--14623--7_12Google ScholarCross Ref
- Masayuki Abe, Georg Fuchsbauer, Jens Groth, Kristiyan Haralambiev, and Miyako Ohkubo. 2016. Structure-Preserving Signatures and Commitments to Group Elements. Journal of Cryptology, Vol. 29, 2 (April 2016), 363--421. https://doi.org/10.1007/s00145-014--9196--7Google ScholarDigital Library
- Masayuki Abe, Kristiyan Haralambiev, and Miyako Ohkubo. 2012. Group to Group Commitments Do Not Shrink. In EUROCRYPT 2012 (LNCS ), David Pointcheval and Thomas Johansson (Eds.), Vol. 7237. Springer, Heidelberg, 301--317. https://doi.org/10.1007/978--3--642--29011--4_19Google ScholarDigital Library
- Shashank Agrawal, Shweta Agrawal, Saikrishna Badrinarayanan, Abishek Kumarasubramanian, Manoj Prabhakaran, and Amit Sahai. 2015. On the Practical Security of Inner Product Functional Encryption. In PKC 2015 (LNCS ), Jonathan Katz (Ed.), Vol. 9020. Springer, Heidelberg, 777--798. https://doi.org/10.1007/978--3--662--46447--2_35Google Scholar
- Scott Ames, Carmit Hazay, Yuval Ishai, and Muthuramakrishnan Venkitasubramaniam. 2017. Ligero: Lightweight Sublinear Arguments Without a Trusted Setup. In ACM CCS 2017, Bhavani M. Thuraisingham, David Evans, Tal Malkin, and Dongyan Xu (Eds.). ACM Press, 2087--2104. https://doi.org/10.1145/3133956.3134104Google ScholarDigital Library
- Paulo S. L. M. Barreto and Michael Naehrig. 2006. Pairing-Friendly Elliptic Curves of Prime Order. In SAC 2005 (LNCS ), Bart Preneel and Stafford Tavares (Eds.), Vol. 3897. Springer, Heidelberg, 319--331. https://doi.org/10.1007/11693383_22Google Scholar
- Eli Ben-Sasson, Iddo Bentov, Yinon Horesh, and Michael Riabzev. 2018. Scalable, transparent, and post-quantum secure computational integrity. Cryptology ePrint Archive, Report 2018/046. https://eprint.iacr.org/2018/046.Google Scholar
- Eli Ben-Sasson, Alessandro Chiesa, Michael Riabzev, Nicholas Spooner, Madars Virza, and Nicholas P. Ward. 2019. Aurora: Transparent Succinct Arguments for R1CS. In EUROCRYPT 2019, Part I (LNCS ), Yuval Ishai and Vincent Rijmen (Eds.), Vol. 11476. Springer, Heidelberg, 103--128. https://doi.org/10.1007/978--3-030--17653--2_4Google ScholarDigital Library
- Eli Ben-Sasson, Alessandro Chiesa, and Nicholas Spooner. 2016. Interactive Oracle Proofs. In TCC 2016-B, Part II (LNCS ), Martin Hirt and Adam D. Smith (Eds.), Vol. 9986. Springer, Heidelberg, 31--60. https://doi.org/10.1007/978--3--662--53644--5_2Google Scholar
- Manuel Blum, Paul Feldman, and Silvio Micali. 1988. Non-Interactive Zero-Knowledge and Its Applications (Extended Abstract). In 20th ACM STOC. ACM Press, 103--112. https://doi.org/10.1145/62212.62222Google ScholarDigital Library
- Dan Boneh and Matthew K. Franklin. 2001. Identity-Based Encryption from the Weil Pairing. In CRYPTO 2001 (LNCS ), Joe Kilian (Ed.), Vol. 2139. Springer, Heidelberg, 213--229. https://doi.org/10.1007/3--540--44647--8_13Google Scholar
- Jonathan Bootle, Andrea Cerulli, Pyrros Chaidos, Jens Groth, and Christophe Petit. 2016. Efficient Zero-Knowledge Arguments for Arithmetic Circuits in the Discrete Log Setting, See citeNEC16--2, 327--357. https://doi.org/10.1007/978--3--662--49896--5_12Google Scholar
- Benedikt Bünz, Jonathan Bootle, Dan Boneh, Andrew Poelstra, Pieter Wuille, and Greg Maxwell. 2018. Bulletproofs: Short Proofs for Confidential Transactions and More, See citeNSP18, 315--334. https://doi.org/10.1109/SP.2018.00020Google Scholar
- Jan Camenisch, Kristiyan Haralambiev, Markulf Kohlweiss, Jorn Lapon, and Vincent Naessens. 2011. Structure Preserving CCA Secure Encryption and Applications, See citeNAC11, 89--106. https://doi.org/10.1007/978--3--642--25385-0_5Google Scholar
- Jan Camenisch and Victor Shoup. 2003. Practical Verifiable Encryption and Decryption of Discrete Logarithms. In CRYPTO 2003 (LNCS ), Dan Boneh (Ed.), Vol. 2729. Springer, Heidelberg, 126--144. https://doi.org/10.1007/978--3--540--45146--4_8Google Scholar
- Julien Cathalo, Beno^it Libert, and Moti Yung. 2009. Group Encryption: Non-interactive Realization in the Standard Model. In ASIACRYPT 2009 (LNCS ), Mitsuru Matsui (Ed.), Vol. 5912. Springer, Heidelberg, 179--196. https://doi.org/10.1007/978--3--642--10366--7_11Google Scholar
- Melissa Chase, Markulf Kohlweiss, Anna Lysyanskaya, and Sarah Meiklejohn. 2012. Malleable Proof Systems and Applications. Cryptology ePrint Archive, Report 2012/012. http://eprint.iacr.org/2012/012.Google Scholar
- Taher ElGamal. 1985. A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. IEEE Transactions on Information Theory, Vol. 31 (1985), 469--472.Google ScholarDigital Library
- Amos Fiat and Adi Shamir. 1987. How to Prove Yourself: Practical Solutions to Identification and Signature Problems. In CRYPTO'86 (LNCS ), Andrew M. Odlyzko (Ed.), Vol. 263. Springer, Heidelberg, 186--194. https://doi.org/10.1007/3--540--47721--7_12Google Scholar
- Marc Fischlin and Jean-Sé bastien Coron (Eds.). 2016. EUROCRYPT 2016, Part II. LNCS, Vol. 9666. Springer, Heidelberg.Google Scholar
- Georg Fuchsbauer. 2011. Commuting Signatures and Verifiable Encryption. In EUROCRYPT 2011 (LNCS ), Kenneth G. Paterson (Ed.), Vol. 6632. Springer, Heidelberg, 224--245. https://doi.org/10.1007/978--3--642--20465--4_14Google Scholar
- Rosario Gennaro, Craig Gentry, Bryan Parno, and Mariana Raykova. 2013. Quadratic Span Programs and Succinct NIZKs without PCPs. In EUROCRYPT 2013 (LNCS ), Thomas Johansson and Phong Q. Nguyen (Eds.), Vol. 7881. Springer, Heidelberg, 626--645. https://doi.org/10.1007/978--3--642--38348--9_37Google ScholarCross Ref
- Craig Gentry and Daniel Wichs. 2011. Separating succinct non-interactive arguments from all falsifiable assumptions. In 43rd ACM STOC, Lance Fortnow and Salil P. Vadhan (Eds.). ACM Press, 99--108. https://doi.org/10.1145/1993636.1993651Google Scholar
- Essam Ghadafi, Nigel P. Smart, and Bogdan Warinschi. 2010. Groth-Sahai Proofs Revisited. In PKC 2010 (LNCS ), Phong Q. Nguyen and David Pointcheval (Eds.), Vol. 6056. Springer, Heidelberg, 177--192. https://doi.org/10.1007/978--3--642--13013--7_11Google Scholar
- Vipul Goyal, Omkant Pandey, Amit Sahai, and Brent Waters. 2006. Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data. In ACM CCS 2006, Ari Juels, Rebecca N. Wright, and Sabrina De Capitani di Vimercati (Eds.). ACM Press, 89--98. https://doi.org/10.1145/1180405.1180418 Available as Cryptology ePrint Archive Report 2006/309.Google ScholarDigital Library
- Jens Groth. 2006. Simulation-Sound NIZK Proofs for a Practical Language and Constant Size Group Signatures. In ASIACRYPT 2006 (LNCS ), Xuejia Lai and Kefei Chen (Eds.), Vol. 4284. Springer, Heidelberg, 444--459. https://doi.org/10.1007/11935230_29Google ScholarDigital Library
- Jens Groth. 2011. Efficient Zero-Knowledge Arguments from Two-Tiered Homomorphic Commitments, See citeNAC11, 431--448. https://doi.org/10.1007/978--3--642--25385-0_23Google Scholar
- Jens Groth. 2016. On the Size of Pairing-Based Non-interactive Arguments, See citeNEC16--2, 305--326. https://doi.org/10.1007/978--3--662--49896--5_11Google Scholar
- Jens Groth and Yuval Ishai. 2008. Sub-linear Zero-Knowledge Argument for Correctness of a Shuffle, See citeNEC08, 379--396. https://doi.org/10.1007/978--3--540--78967--3_22Google Scholar
- Jens Groth, Rafail Ostrovsky, and Amit Sahai. 2006. Perfect Non-interactive Zero Knowledge for NP. In EUROCRYPT 2006 (LNCS ), Serge Vaudenay (Ed.), Vol. 4004. Springer, Heidelberg, 339--358. https://doi.org/10.1007/11761679_21Google Scholar
- Jens Groth and Amit Sahai. 2008. Efficient Non-interactive Proof Systems for Bilinear Groups, See citeNEC08, 415--432. https://doi.org/10.1007/978--3--540--78967--3_24Google Scholar
- J. Groth and A. Sahai. 2012. Efficient Noninteractive Proof Systems for Bilinear Groups. SIAM J. Comput., Vol. 41, 5 (2012), 1193--1232. https://doi.org/10.1137/080725386 https://doi.org/10.1137/S0097539795284959Google ScholarCross Ref
- Torben P. Pedersen. 1992. Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing. In CRYPTO'91 (LNCS ), Joan Feigenbaum (Ed.), Vol. 576. Springer, Heidelberg, 129--140. https://doi.org/10.1007/3--540--46766--1_9Google Scholar
- Amit Sahai. 1999. Non-Malleable Non-Interactive Zero Knowledge and Adaptive Chosen-Ciphertext Security. In 40th FOCS. IEEE Computer Society Press, 543--553. https://doi.org/10.1109/SFFCS.1999.814628Google ScholarCross Ref
- Amit Sahai and Brent R. Waters. 2005. Fuzzy Identity-Based Encryption. In EUROCRYPT 2005 (LNCS ), Ronald Cramer (Ed.), Vol. 3494. Springer, Heidelberg, 457--473. https://doi.org/10.1007/11426639_27Google Scholar
- Claus-Peter Schnorr. 1990. Efficient Identification and Signatures for Smart Cards. In CRYPTO'89 (LNCS ), Gilles Brassard (Ed.), Vol. 435. Springer, Heidelberg, 239--252. https://doi.org/10.1007/0--387--34805-0_22Google Scholar
- Nigel P. Smart (Ed.). 2008. EUROCRYPT 2008. LNCS, Vol. 4965. Springer, Heidelberg.Google Scholar
- Riad S. Wahby, Ioanna Tzialla, abhi shelat, Justin Thaler, and Michael Walfish. 2018. Doubly-Efficient zkSNARKs Without Trusted Setup, See citeNSP18, 926--943. https://doi.org/10.1109/SP.2018.00060Google Scholar
Index Terms
- Succinct Arguments for Bilinear Group Arithmetic: Practical Structure-Preserving Cryptography
Recommendations
Structure-Preserving Signatures and Commitments to Group Elements
A modular approach to constructing cryptographic protocols leads to simple designs but often inefficient instantiations. On the other hand, ad hoc constructions may yield efficient protocols at the cost of losing conceptual simplicity. We suggest a new ...
Structure-Preserving Certificateless Encryption and Its Application
Topics in Cryptology – CT-RSA 2019AbstractCertificateless encryption (CLE) combines the advantages of public-key encryption (PKE) and identity-based encryption (IBE) by removing the certificate management of PKE and the key escrow problem of IBE. In this paper, we propose structure-...
Certificateless Group Signature Scheme from Bilinear Pairings
ICCIS 2017: Proceedings of the 2017 2nd International Conference on Communication and Information SystemsCertificateless public key cryptography solve the certificate management problems of the traditional public key cryptography, also overcomes the problems public key escrow in identity based cryptography.A group signature scheme allows a group member to ...
Comments