Compact E-Cash and Simulatable VRFs Revisited

  • Mira Belenkiy
  • Melissa Chase
  • Markulf Kohlweiss
  • Anna Lysyanskaya
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5671)

Abstract

Efficient non-interactive zero-knowledge proofs are a powerful tool for solving many cryptographic problems. We apply the recent Groth-Sahai (GS) proof system for pairing product equations (Eurocrypt 2008) to two related cryptographic problems: compact e-cash (Eurocrypt 2005) and simulatable verifiable random functions (CRYPTO 2007). We present the first efficient compact e-cash scheme that does not rely on a random oracle. To this end we construct efficient GS proofs for signature possession, pseudo randomness and set membership. The GS proofs for pseudorandom functions give rise to a much cleaner and substantially faster construction of simulatable verifiable random functions (sVRF) under a weaker number theoretic assumption. We obtain the first efficient fully simulatable sVRF with a polynomial sized output domain (in the security parameter).

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [BB04a]
    Boneh, D., Boyen, X.: Efficient selective id secure identity based encryption without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  2. [BB04b]
    Boneh, D., Boyen, X.: Short signatures without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. [BCC+09]
    Belenkiy, M., Camenisch, J., Chase, M., Kohlweiss, M., Lysyanskaya, A., Shacham, H.: Delegatable anonymous credentials. In: Halevi, S. (ed.) CRYPTO 2009. LNCS. Springer, Heidelberg (2009)Google Scholar
  4. [BCKL08]
    Belenkiy, M., Chase, M., Kohlweiss, M., Lysyanskaya, A.: P-signatures and noninteractive anonymous credentials. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 356–374. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  5. [BFM88]
    Blum, M., Feldman, P., Micali, S.: Non-interactive zero-knowledge and its applications (extended abstract). In: STOC 1988, Chicago, Illinois, May 2-4, pp. 103–112 (1988)Google Scholar
  6. [BG90]
    Bellare, M., Goldwasser, S.: New paradigms for digital signatures and message authentication based on non-interative zero knowledge. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 194–211. Springer, Heidelberg (1990)Google Scholar
  7. [BGN05]
    Boneh, D., Goh, E.-J., Nissim, K.: Evaluating 2-dnf formulas on ciphertexts. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 325–341. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  8. [Bou00]
    Boudot, F.: Efficient proofs that a committed number lies in an interval. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 431–444. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  9. [Bra93]
    Brands, S.: An efficient off-line electronic cash system based on the representation problem. Technical Report CS-R9323, CWI (April 1993)Google Scholar
  10. [BW07]
    Boyen, X., Waters, B.: Full-domain subgroup hiding and constant-size group signatures. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 1–15. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  11. [CCS08]
    Camenisch, J., Chaabouni, R., Shelat, A.: Efficient protocols for set membership and range proofs. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 234–252. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  12. [CFN90]
    Chaum, D., Fiat, A., Naor, M.: Untraceable electronic cash. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 319–327. Springer, Heidelberg (1990)CrossRefGoogle Scholar
  13. [Cha83]
    Chaum, D.: Blind signatures for untraceable payments. In: Chaum, D., Rivest, R.L., Sherman, A.T. (eds.) CRYPTO 1982, pp. 199–203. Plenum Press, New York (1999)Google Scholar
  14. [CHK+06]
    Camenisch, J., Hohenberger, S., Kohlweiss, M., Lysyanskaya, A., Meyerovich, M.: How to win the clonewars: efficient periodic n-times anonymous authentication. In: CCS 2006, pp. 201–210. ACM Press, New York (2006)Google Scholar
  15. [CHL05]
    Camenisch, J., Hohenberger, S., Lysyanskaya, A.: Compact E-cash. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 302–321. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  16. [CKW04]
    Camenisch, J., Koprowski, M., Warinschi, B.: Efficient blind signatures without random oracles. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 134–148. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  17. [CL07]
    Chase, M., Lysyanskaya, A.: Simulatable vrfs with applications to multi-theorem nizk. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 303–322. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  18. [CLM07]
    Camenisch, J., Lysyanskaya, A., Meyerovich, M.: Endorsed e-cash. In: IEEE Symposium on Security and Privacy, pp. 101–115 (2007)Google Scholar
  19. [Coo71]
    Cook, S.A.: The complexity of theorem-proving procedures. In: STOC 1971, pp. 151–158. ACM, New York (1971)Google Scholar
  20. [CP93]
    Chaum, D., Pedersen, T.P.: Transferred cash grows in size. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 390–407. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  21. [CS97a]
    Camenisch, J., Stadler, M.: Efficient group signature schemes for large groups. In: Kaliski, B. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 410–424. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  22. [CS97b]
    Camenisch, J., Stadler, M.: Proof systems for general statements about discrete logarithms. Technical Report TR 260, Institute for Theoretical Computer Science, ETH Zürich (March 1997)Google Scholar
  23. [CS98]
    Cramer, R., Shoup, V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  24. [Dam00]
    Damgård, I.: Efficient concurrent zero-knowledge in the auxiliary string model. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 431–444. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  25. [Dam02]
    Damgård, I.: On Σ-protocols (2002), http://www.daimi.au.dk/~ivan/Sigma.ps
  26. [DDN91]
    Dolev, D., Dwork, C., Naor, M.: Non-malleable cryptography (extended abstract). In: STOC 1991, pp. 542–552 (1991)Google Scholar
  27. [DY05]
    Dodis, Y., Yampolskiy, A.: A verifiable random function with short proofs and keys. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 416–431. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  28. [FS87]
    Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)CrossRefGoogle Scholar
  29. [FST06]
    Freeman, D., Scott, M., Teske, E.: A taxonomy of pairing-friendly elliptic curves. Cryptology ePrint Archive, Report 2006/372 (2006), http://eprint.iacr.org/
  30. [FTY96]
    Frankel, Y., Tsiounis, Y., Yung, M.: Indirect discourse proofs: Achieving efficient fair off-line E-cash. In: Kim, K.-c., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 286–300. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  31. [FY92]
    Franklin, M., Yung, M.: Towards provably secure efficient electronic cash. Technical Report TR CUSC-018-92, Columbia University, Dept. of Computer Science (April 1992); Also in: Lingas, A., Carlsson, S., Karlsson, R. (eds.): ICALP 1993. LNCS, vol. 700. Springer, Heidelberg (1993)Google Scholar
  32. [GK03]
    Goldwasser, S., Kalai, Y.T.: On the (in)security of the Fiat-Shamir paradigm. In: FOCS 2003, pp. 102–115. IEEE Computer Society Press, Los Alamitos (2003)Google Scholar
  33. [GO92]
    Goldwasser, S., Ostrovsky, R.: Invariant signatures and non-interactive zero-knowledge proofs are equivalent. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 228–245. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  34. [GS07]
    Groth, J., Sahai, A.: Efficient non-interactive proof systems for bilinear groups (2007), http://eprint.iacr.org/2007/155
  35. [JLO97]
    Juels, A., Luby, M., Ostrovsky, R.: Security of blind digital signatures (extended abstract). In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 150–164. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  36. [JS07]
    Jarecki, S., Shmatikov, V.: Efficient two-party secure computation on committed inputs. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 97–114. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  37. [MRV99]
    Micali, S., Rabin, M., Vadhan, S.: Verifiable random functions. In: FOCS 1999, pp. 120–130. IEEE Computer Society Press, Los Alamitos (1999)Google Scholar
  38. [RS92]
    Rackoff, C., Simon, D.R.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum, J. (ed.) CRYPTO 1991, vol. 576, pp. 433–444. Springer, Heidelberg (1992)Google Scholar
  39. [Sah99]
    Sahai, A.: Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security. In: FOCS 1999, pp. 543–553. IEEE Computer Society Press, Los Alamitos (1999)Google Scholar
  40. [SPC95]
    Stadler, M., Piveteau, J.-M., Camenisch, J.: Fair blind signatures. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 209–219. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  41. [STS99]
    Sander, T., Ta-Shma, A.: Auditable, anonymous electronic cash extended abstract. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 555–572. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  42. [Tro05]
    Trolin, M.: A universally composable scheme for electronic cash. In: Maitra, S., Veni Madhavan, C.E., Venkatesan, R. (eds.) INDOCRYPT 2005. LNCS, vol. 3797, pp. 347–360. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  43. [TS06]
    Teranishi, I., Sako, K.: k-times anonymous authentication with a constant proving cost. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T.G. (eds.) PKC 2006. LNCS, vol. 3958, pp. 525–542. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  44. [Tsi97]
    Tsiounis, Y.S.: Efficient Electonic Cash: New Notions and Techniques. Ph.D thesis, Northeastern University, Boston, Massachusetts (1997)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Mira Belenkiy
    • 1
  • Melissa Chase
    • 1
  • Markulf Kohlweiss
    • 2
  • Anna Lysyanskaya
    • 3
  1. 1.Microsoft ResearchUSA
  2. 2.KU Leuven, ESAT-COSIC / IBBTBelgium
  3. 3.Brown UniversityUSA

Personalised recommendations