Faster Zero-Knowledge Protocols and Applications

(Invited Talk Abstract)
Conference paper
First Online:
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10543)

Abstract

Zero-knowledge (ZK) protocols are one of the cornerstones of modern cryptography. In a nutshell, a ZK protocol allows a prover P (with a secret input x) to persuade a verifier V that \(f(x)=1\) for some public function f, without disclosing to V any other information about x. In this talk I will present two recent ZK protocols, known as ZKGC [JKO13, FNO15] and ZKBoo [GMO16]. These are the first ZK protocols that allow to prove interesting, non-algebraic statements (such as “I know x such that SHA-256(x) = y” for a public y), in the order of tens of milliseconds on a standard computer. As ZK protocols are ubiquitous in cryptography, this line of research has already enabled many interesting applications. In particular, I will show how ZKBoo allows to construct post-quantum signature schemes using symmetric-key primitives [CDG+17] only.

This is a preview of subscription content, log in to check access.

Notes

Acknowledgements

Research supported by the Danish Council for Independent Research, COST Action IC1306 and the European Union Horizon 2020 research and innovation programme under grant agreement No. 731583 (SODA).

References

  1. [AMR17]
    Afshar, A., Mohassel, P., Rosulek, M.: Efficient maliciously secure two party computation for mixed programs. IACR Cryptology ePrint Archive, 2017:62 (2017)Google Scholar
  2. [ARS+15]
    Albrecht, M.R., Rechberger, C., Schneider, T., Tiessen, T., Zohner, M.: Ciphers for MPC and FHE. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 430–454. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46800-5_17 Google Scholar
  3. [ARS+16]
    Albrecht, M.R., Rechberger, C., Schneider, T., Tiessen, T., Zohner, M.: Ciphers for MPC and FHE. IACR Cryptology ePrint Archive, 2016:687 (2016)Google Scholar
  4. [Bau16]
    Baum, C.: On garbling schemes with and without privacy. In: Zikas, V., De Prisco, R. (eds.) SCN 2016. LNCS, vol. 9841, pp. 468–485. Springer, Cham (2016). doi: 10.1007/978-3-319-44618-9_25 Google Scholar
  5. [BCG+13]
    Ben-Sasson, E., Chiesa, A., Genkin, D., Tromer, E., Virza, M.: SNARKs for C: verifying program executions succinctly and in zero knowledge. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 90–108. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-40084-1_6 CrossRefGoogle Scholar
  6. [BCG+14]
    Ben-Sasson E., Chiesa, A., Garman, C., Green, M., Miers, I., Tromer, E., Virza, M.: Zerocash: decentralized anonymous payments from bitcoin. In: 2014 IEEE Symposium on Security and Privacy (SP 2014), Berkeley, 18–21 May 2014, pp. 459–474 (2014)Google Scholar
  7. [BCTV14]
    Ben-Sasson, E., Chiesa, A., Tromer, E., Virza, M.: Succinct non-interactive zero knowledge for a von Neumann architecture. In: Proceedings of the 23rd USENIX Security Symposium, San Diego, 20–22 August 2014, pp. 781–796 (2014)Google Scholar
  8. [BGG+88]
    Ben-Or, M., Goldreich, O., Goldwasser, S., Håstad, J., Kilian, J., Micali, S., Rogaway, P.: Everything provable is provable in zero-knowledge. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 37–56. Springer, New York (1990). doi: 10.1007/0-387-34799-2_4 CrossRefGoogle Scholar
  9. [BHR12]
    Bellare, M., Hoang, V.T., Rogaway, P.: Foundations of garbled circuits. In: The ACM Conference on Computer and Communications Security (CCS 2012), Raleigh, 16–18 October 2012, pp. 784–796 (2012)Google Scholar
  10. [CDG+17]
    Chase, M., Derler, D., Goldfeder, S., Orlandi, C., Ramacher, S., Rechberger, C., Slamanig, D., Zaverucha, G.: Post-quantum zero-knowledge and signatures from symmetric-key primitives. In: CCS 2017. ACM (2017, to appear). http://eprint.iacr.org/2017/279
  11. [CGM16]
    Chase, M., Ganesh, C., Mohassel, P.: Efficient zero-knowledge proof of algebraic and non-algebraic statements with applications to privacy preserving credentials. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9816, pp. 499–530. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-53015-3_18 CrossRefGoogle Scholar
  12. [Dam02]
    Damgård, I.: On \(\sigma \)-protocols. Lecture Notes, University of Aarhus, Department for Computer Science (2002)Google Scholar
  13. [DOR+16]
    Derler, D., Orlandi, C., Ramacher, S., Rechberger, C., Slamanig, D.: Digital signatures from symmetric-key primitives. Cryptology ePrint Archive, Report 2016/1085 (2016). http://eprint.iacr.org/2016/1085
  14. [FNO15]
    Frederiksen, T.K., Nielsen, J.B., Orlandi, C.: Privacy-free garbled circuits with applications to efficient zero-knowledge. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 191–219. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46803-6_7 Google Scholar
  15. [FS86]
    Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987). doi: 10.1007/3-540-47721-7_12 CrossRefGoogle Scholar
  16. [GCZ16]
    Goldfeder, S., Chase, M., Zaverucha, G.: Efficient post-quantum zero-knowledge and signatures. Cryptology ePrint Archive, Report 2016/1110 (2016). http://eprint.iacr.org/2016/1110
  17. [GMO16]
    Giacomelli, I., Madsen, J., Orlandi, C.: ZKBoo: faster zero-knowledge for Boolean circuits. In: 25th USENIX Security Symposium (USENIX Security 2016), Austin, 10–12 August 2016, pp. 1069–1083 (2016)Google Scholar
  18. [GMR85]
    Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof-systems (extended abstract). In: Proceedings of the 17th Annual ACM Symposium on Theory of Computing, 6–8 May 1985, Providence, pp. 291–304 (1985)Google Scholar
  19. [GMR89]
    Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186–208 (1989)CrossRefMATHMathSciNetGoogle Scholar
  20. [GMW86]
    Goldreich, O., Micali, S., Wigderson, A.: How to prove all NP statements in zero-knowledge and a methodology of cryptographic protocol design (extended abstract). In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 171–185. Springer, Heidelberg (1987). doi: 10.1007/3-540-47721-7_11 CrossRefGoogle Scholar
  21. [Gol01]
    Goldreich, O.: The Foundations of Cryptography. Basic Techniques, vol. 1. Cambridge University Press, Cambridge (2001)CrossRefMATHGoogle Scholar
  22. [Gol04]
    Goldreich, O.: The Foundations of Cryptography. Basic Applications, vol. 2. Cambridge University Press, Cambridge (2004)CrossRefMATHGoogle Scholar
  23. [GS08]
    Groth, J., Sahai, A.: Efficient non-interactive proof systems for bilinear groups. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 415–432. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-78967-3_24 CrossRefGoogle Scholar
  24. [HMR15]
    Hu, Z., Mohassel, P., Rosulek, M.: Efficient zero-knowledge proofs of non-algebraic statements with sublinear amortized cost. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 150–169. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-48000-7_8 CrossRefGoogle Scholar
  25. [IKOS07]
    Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A.: Zero-knowledge from secure multiparty computation. In: Proceedings of the 39th Annual ACM Symposium on Theory of Computing, San Diego, 11–13 June 2007, pp. 21–30 (2007)Google Scholar
  26. [IKOS09]
    Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A.: Zero-knowledge proofs from secure multiparty computation. SIAM J. Comput. 39(3), 1121–1152 (2009)CrossRefMATHMathSciNetGoogle Scholar
  27. [JKO13]
    Jawurek, M., Kerschbaum, F., Orlandi, C.: Zero-knowledge using garbled circuits: how to prove non-algebraic statements efficiently. In: 2013 ACM SIGSAC Conference on Computer and Communications Security (CCS 2013), Berlin, 4–8 November 2013, pp. 955–966 (2013)Google Scholar
  28. [KKL+16]
    Kolesnikov, V., Krawczyk, H., Lindell, Y., Malozemoff, A.J., Rabin, T.: Attribute-based key exchange with general policies. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, 24–28 October 2016, pp. 1451–1463 (2016)Google Scholar
  29. [KL14]
    Katz, J., Lindell, Y.: Introduction to Modern Cryptography, 2nd edn. CRC Press, Boca Raton (2014)MATHGoogle Scholar
  30. [KMW16]
    Katz, J., Malozemoff, A.J., Wang, X.S.: Efficiently enforcing input validity in secure two-party computation. IACR Cryptology ePrint Archive, 2016:184 (2016)Google Scholar
  31. [Lin13]
    Lindell, Y.: Fast cut-and-choose based protocols for malicious and covert adversaries. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 1–17. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-40084-1_1 CrossRefGoogle Scholar
  32. [MNPS04]
    Malkhi, D., Nisan, N., Pinkas, B., Sella, Y.: Fairplay - secure two-party computation system. In: Proceedings of the 13th USENIX Security Symposium, San Diego, 9–13 August 2004, pp. 287–302 (2004)Google Scholar
  33. [MRS17]
    Mohassel, P., Rosulek, M., Scafuro, A.: Sublinear zero-knowledge arguments for RAM programs. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10210, pp. 501–531. Springer, Cham (2017). doi: 10.1007/978-3-319-56620-7_18 CrossRefGoogle Scholar
  34. [PHGR13]
    Parno, B., Howell, J., Gentry, C., Raykova, M.: Pinocchio: nearly practical verifiable computation. In: 2013 IEEE Symposium on Security and Privacy (SP 2013), Berkeley, 19–22 May 2013, pp. 238–252 (2013)Google Scholar
  35. [PHGR16]
    Parno, B., Howell, J., Gentry, C., Raykova, M.: Pinocchio: nearly practical verifiable computation. Commun. ACM 59(2), 103–112 (2016)CrossRefGoogle Scholar
  36. [Sch89]
    Schnorr, C.P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, New York (1990). doi: 10.1007/0-387-34805-0_22 CrossRefGoogle Scholar
  37. [WPSR16]
    Wang, L., Pass, R., Shelat, A., Ristenpart, T.: Secure channel injection and anonymous proofs of account ownership. IACR Cryptology ePrint Archive, 2016:925 (2016)Google Scholar
  38. [Yao86]
    Yao, A.C.-C.: How to generate and exchange secrets (extended abstract). In: 27th Annual Symposium on Foundations of Computer Science, Toronto, 27–29 October 1986, pp. 162–167 (1986)Google Scholar
  39. [ZRE15]
    Zahur, S., Rosulek, M., Evans, D.: Two halves make a whole. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 220–250. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46803-6_8 Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Aarhus UniversityAarhusDenmark

Personalised recommendations