Robust Non-interactive Zero Knowledge

  • Alfredo De Santis
  • Giovanni Di Crescenzo
  • Rafail Ostrovsky
  • Giuseppe Persiano
  • Amit Sahai
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2139)

Abstract

Non-Interactive Zero Knowledge (NIZK), introduced by Blum, Feldman, and Micali in 1988, is a fundamental cryptographic primitive which has attracted considerable attention in the last decade and has been used throughout modern cryptography in several essential ways. For example, NIZK plays a central role in building provably secure public-key cryptosystems based on general complexity-theoretic assumptions that achieve security against chosen ciphertext attacks. In essence, in a multi-party setting, given a fixed common random string of polynomial size which is visible to all parties, NIZK allows an arbitrary polynomial number of Provers to send messages to polynomially many Verifiers, where each message constitutes an NIZK proof for an arbitrary polynomial-size NP statement.

In this paper, we take a closer look at NIZK in the multi-party setting. First, we consider non-malleable NIZK, and generalizing and substantially strengthening the results of Sahai, we give the first construction of NIZK which remains non-malleable after polynomially-many NIZK proofs. Second, we turn to the definition of standard NIZK itself, and propose a strengthening of it. In particular, one of the concerns in the technical definition of NIZK (as well as non-malleable NIZK) is that the so-called “simulator” of the Zero-Knowledge property is allowed to pick a different “common random string” from the one that Provers must actually use to prove NIZK statements in real executions. In this paper, we propose a new definition for NIZK that eliminates this shortcoming, and where Provers and the simulator use the same common random string. Furthermore, we show that both standard and non-malleable NIZK (as well as NIZK Proofs of Knowledge) can be constructed achieving this stronger definition. We call such NIZK Robust NIZK and show how to achieve it. Our results also yields the simplest known public-key encryption scheme based on general assumptions secure against adaptive chosen-ciphertext attack (CCA2).

Keywords

Dition Rosen Extractor Astad Veri 

References

  1. 1.
    M. Blum, A. De Santis, S. Micali AND G. Persiano, Non-Interactive Zero-Knowledge Proofs. SIAM Journal on Computing, vol. 6, December 1991, pp. 1084–1118.Google Scholar
  2. 2.
    M. Blum, P. Feldman AND S. Micali, Non-interactive zero-knowledge and its applications. Proceedings of the 20th Annual Symposium on Theory of Computing, ACM, 1988.Google Scholar
  3. 3.
    G. Brassard}}, D. Chaum} and C. Cräpeau}}, Minimum Disclosure Proofs of Knowledge. JCSS, v. 37, pp 156–189.Google Scholar
  4. 4.
    M. Bellare, S. Goldwasser, New paradigms for digital signatures and message authentication based on non-interactive zero knowledge proofs. Advances in Cryptology-Crypto 89 Proceedings, Lecture Notes in Computer Science Vol. 435, G. Brassard ed., Springer-Verlag, 1989.Google Scholar
  5. 5.
    R. Canetti, O. Goldreich, S. Goldwasser, and S. Micali. Resettable Zero-Knowledge. ECCC Report TR99-042, revised June 2000. Available from http://www.eccc.uni-trier.de/eccc/. Preliminary version appeared in ACM STOC 2000.
  6. 6.
    R. Canetti, J. Kilian, E. Petrank, AND A. Rosen Black-Box Concurrent Zero-Knowledge Requires \( \tilde \Omega (\log n) \) Rounds. Proceedings of the-67th Annual Symposium on Theory of Computing, ACM, 1901.Google Scholar
  7. 7.
    R. Cramer AND V. Shoup, A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. Advances in Cryptology-Crypto 98 Proceedings, Lecture Notes in Computer Science Vol. 1462, H. Krawczyk ed., Springer-Verlag, 1998.Google Scholar
  8. 8.
    A. De Santis AND G. Persiano, Zero-knowledge proofs of knowledge without interaction. Proceedings of the 33rd Symposium on Foundations of Computer Science, IEEE, 1992.Google Scholar
  9. 9.
    A. De Santis, G. Di Crescenzo AND G. Persiano, Randomness-efficient Non-Interactive Zero-Knowledge. Proceedings of 1997 International Colloquium on Automata, Languagues and Applications (ICALP 1997).Google Scholar
  10. 10.
    A. De Santis, G. Di Crescenzo AND G. Persiano, Non-Interactive Zero-Knowledge: A Low-Randomness Characterization of NP. Proceedings of 1999 International Colloquium on Automata, Languagues and Applications (ICALP 1999).Google Scholar
  11. 11.
    A. De Santis, G. Di Crescenzo AND G. Persiano, Necessary and Sufficient Assumptions for Non-Interactive Zero-Knowledge Proofs of Knowledge for all NP Relations. Proceedings of 2000 International Colloquium on Automata, Languagues and Applications (ICALP 2000).Google Scholar
  12. 12.
    G. Di Crescenzo, Y. Ishai, AND R. Ostrovsky, Non-Interactive and Non-Malleable Commitment. Proceedings of the 30th Annual Symposium on Theory of Computing, ACM, 1998.Google Scholar
  13. 13.
    D. Dolev, C. Dwork, AND M. Naor, Non-Malleable Cryptography. Proceedings of the-45th Annual Symposium on Theory of Computing, ACM, 1923 and SIAM Journal on Computing, 2000.Google Scholar
  14. 14.
    C. Dwork, M. Naor, AND A. Sahai, Concurrent Zero-Knowledge. Proceedings of the 30th Annual Symposium on Theory of Computing, ACM, 1998.Google Scholar
  15. 15.
    U. Feige, D. Lapidot, AND A. Shamir, Multiple non-interactive zero knowledge proofs based on a single random string. In 31st Annual Symposium on Foundations of Computer Science, volume I, pages 308–317, St. Louis, Missouri, 22–24 October 1990. IEEE.Google Scholar
  16. 16.
    O. Goldreich, Secure Multi-Party Computation, 1998. First draft available at http://theory.lcs.mit.edu/~oded
  17. 17.
    O. Goldreich and L. Levin, A Hard Predicate for All One-way Functions. Proceedings of the 21st Annual Symposium on Theory of Computing, ACM, 1989.Google Scholar
  18. 18.
    O. Goldreich, S. Goldwasser AND S. Micali, How to construct random functions. Journal of the ACM, Vol. 33, No. 4, 1986, pp. 210–217.CrossRefMathSciNetGoogle Scholar
  19. 19.
    O. Goldreich, S. Micali, AND A. Wigderson. How to play any mental game or a completeness theorem for protocols with honest majority. Proceedings of the 19th Annual Symposium on Theory of Computing, ACM, 1987.Google Scholar
  20. 20.
    O. Goldreich, S. Micali, and A. Wigderson. Proofs that Yield Nothing but their Validity or All Languages in NP have Zero-Knowledge Proof Systems. Journal of ACM 38(3): 691–729 (1991).MATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    S. Goldwasser, S. Micali, AND C. Rackoff, The knowledge complexity of interactive proof systems. SIAM Journal on Computing, 18(1):186–208, February 1989.Google Scholar
  22. 22.
    S. Goldwasser, R. Ostrovsky Invariant Signatures and Non-Interactive Zero-Knowledge Proofs are Equivalent. Advances in Cryptology-Crypto 92 Proceedings, Lecture Notes in Computer Science Vol. 740, E. Brickell ed., Springer-Verlag, 1992.Google Scholar
  23. 23.
    J. Håstad, R. Impagliazzo, L. Levin, AND M. Luby, Construction of pseudorandom generator from any one-way function. SIAM Journal on Computing. Preliminary versions by Impagliazzo et. al. in 21st STOC (1989) and Håstad in 22nd STOC (1990).Google Scholar
  24. 24.
    J. Kilian, E. Petrank An Efficient Non-Interactive Zero-Knowledge Proof System for NP with General Assumptions, Journal of Cryptology, vol. 11, n. 1, 1998.Google Scholar
  25. 25.
    J. Kilian, E. Petrank Concurrent and Resettable Zero-Knowledge in Polylogarithmic Rounds. Proceedings of the-67th Annual Symposium on Theory of Computing, ACM, 1901Google Scholar
  26. 26.
    M. Naor, R. Ostrovsky, R. Venkatesan, AND M. Yung. Perfect zero-knowledge arguments for NP can be based on general complexity assumptions. Advances in Cryptology-Crypto 92 Proceedings, Lecture Notes in Computer Science Vol. 740, E. Brickell ed., Springer-Verlag, 1992 and J. Cryptology, 11(2):87-108, 1998.Google Scholar
  27. 27.
    M. Naor, Bit Commitment Using Pseudo-Randomness, Journal of Cryptology, vol 4, 1991, pp. 151–158.MATHCrossRefMathSciNetGoogle Scholar
  28. 28.
    M. Naor AND M. Yung, Public-key cryptosystems provably secure against chosen ciphertext attacks. Proceedings of the 22nd Annual Symposium on Theory of Computing, ACM, 1990.Google Scholar
  29. 29.
    M. Naor AND M. Yung, “Universal One-Way Hash Functions and their Cryptographic Applications”, Proceedings of the 21st Annual Symposium on Theory of Computing, ACM, 1989.Google Scholar
  30. 30.
    R. Ostrovsky One-way Functions, Hard on Average Problems and Statistical Zero-knowledge Proofs. In Proceedings of 6th Annual Structure in Complexity Theory Conference (STRUCTURES-91) June 30–July 3, 1991, Chicago. pp. 51–59Google Scholar
  31. 31.
    R. Ostrovsky, AND A. Wigderson One-Way Functions are Essential for Non-Trivial Zero-Knowledge. Appeared In Proceedings of the second Israel Symposium on Theory of Computing and Systems (ISTCS-93) Netanya, Israel, June 7th–9th, 1993.Google Scholar
  32. 32.
    C. Rackoff AND D. Simon, Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. Advances in Cryptology-Crypto 91 Proceedings, Lecture Notes in Computer Science Vol. 576, J. Feigenbaum ed., Springer-Verlag, 1991.Google Scholar
  33. 33.
    A. Sahai Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security. Proceedings of the 40th Symposium on Foundations of Computer Science, IEEE, 1999Google Scholar
  34. 34.
    A. Sahai AND S. Vadhan A Complete Problem for Statistical Zero Knowledge. Preliminary version appeared in Proceedings of the 38th Symposium on Foundations of Computer Science, IEEE, 1997. Newer version may be obtained from authors’ homepages.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Alfredo De Santis
    • 1
  • Giovanni Di Crescenzo
    • 2
  • Rafail Ostrovsky
    • 2
  • Giuseppe Persiano
    • 1
  • Amit Sahai
    • 3
  1. 1.Dipartimento di Informatica ed ApplicazioniUniversità di SalernoBaronissiItaly
  2. 2.Telcordia Technologies, Inc.MorristownUSA
  3. 3.Department of Computer SciencePrinceton UniversityPrinceton

Personalised recommendations