Efficient Non-Interactive Zero Knowledge Arguments for Set Operations

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8437)

Abstract

We propose a non-interactive zero knowledge pairwise multiset sum equality test (PMSET) argument of knowledge in the common reference string (CRS) model that allows a prover to show that the given committed multisets \(\mathbb {A}_j\) for \(j \in \left\{ 1, 2, 3, 4\right\} \) satisfy \(\mathbb {A}_1 \uplus \mathbb {A}_2 = \mathbb {A}_3 \uplus \mathbb {A}_4\), i.e., every element is contained in \(\mathbb {A}_1\) and \(\mathbb {A}_2\) exactly as many times as in \(\mathbb {A}_3\) and \(\mathbb {A}_4\). As a corollary to the \(\mathrm{PMSET}\) argument, we present arguments that enable to efficiently verify the correctness of various (multi)set operations, for example, that one committed set is the intersection or union of two other committed sets. The new arguments have constant communication and verification complexity (in group elements and group operations, respectively), whereas the CRS length and the prover’s computational complexity are both proportional to the cardinality of the (multi)sets. We show that one can shorten the CRS length at the cost of a small increase of the communication and the verifier’s computation.

Keywords

Multisets Non-interactive zero knowledge Set operation arguments 

References

  1. 1.
    Ben-Sasson, E., Chiesa, A., Genkin, D., Tromer, E., Virza, M.: SNARKs for C: verifying program executions succinctly and in zero knowledge. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol. 8043, pp. 90–108. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  2. 2.
    Benaloh, J.C., de Mare, M.: One-way accumulators: a decentralized alternative to digital signatures. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 274–285. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  3. 3.
    Bitansky, N., Chiesa, A., Ishai, Y., Ostrovsky, R., Paneth, O.: Succinct non-interactive arguments via linear interactive proofs. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 315–333. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  4. 4.
    Blanton, M., Aguiar, E.: Private and oblivious set and multiset operations. In: Youm, H.Y., Won, Y. (eds.) ASIACCS 2012, pp. 40–41. ACM (2012)Google Scholar
  5. 5.
    Blum, M., Feldman, P., Micali, S.: Non-interactive zero-knowledge and its applications. In: STOC 1988, pp. 103–112. ACM Press (1988)Google Scholar
  6. 6.
    Boudot, F.: Efficient proofs that a committed number lies in an interval. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, p. 431. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  7. 7.
    Camenisch, J.L., Chaabouni, R., Shelat, A.: Efficient protocols for set membership and range proofs. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 234–252. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  8. 8.
    Camenisch, J.L., Lysyanskaya, A.: Dynamic accumulators and application to efficient revocation of anonymous credentials. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 61–76. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  9. 9.
    Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. In: Vitter, J.S. (ed.) STOC 1998, pp. 209–218 (1998)Google Scholar
  10. 10.
    Chaabouni, R., Lipmaa, H., Shelat, A.: Additive combinatorics and discrete logarithm based range protocols. In: Steinfeld, R., Hawkes, P. (eds.) ACISP 2010. LNCS, vol. 6168, pp. 336–351. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  11. 11.
    Chaabouni, R., Lipmaa, H., Zhang, B.: A non-interactive range proof with constant communication. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 179–199. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  12. 12.
    Cramer, R., Gennaro, R., Schoenmakers, B.: A secure and optimally efficient multi-authority election scheme. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 103–118. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  13. 13.
    Damgård, I.B.: Towards practical public key systems secure against chosen ciphertext attacks. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 445–456. Springer, Heidelberg (1992)Google Scholar
  14. 14.
    Damgård, I., Jurik, M.: A generalisation, a simplification and some applications of paillier’s probabilistic public-key system. In: Kim, K. (ed.) PKC 2001. LNCS, vol. 1992, pp. 119–136. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  15. 15.
    D’Arco, P., González Vasco, M.I., Pérez del Pozo, A.L., Soriente, C.: Size-hiding in private set intersection: existential results and constructions. In: Mitrokotsa, A., Vaudenay, S. (eds.) AFRICACRYPT 2012. LNCS, vol. 7374, pp. 378–394. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  16. 16.
    Dimitriou, T.D., Foteinakis, D.: A zero knowledge proof for subset selection from a family of sets with applications to multiparty/multicandidate electronic elections. In: Böhlen, M.H., Gamper, J., Polasek, W., Wimmer, M.A. (eds.) TCGOV 2005. LNCS (LNAI), vol. 3416, pp. 100–111. Springer, Heidelberg (2005)Google Scholar
  17. 17.
    Dwork, C., Naor, M.: Zaps and their applications. In: FOCS 2000, pp. 283–293. IEEE Computer Society Press (2000)Google Scholar
  18. 18.
    Fauzi, P., Lipmaa, H., Zhang, B.: Efficient modular NIZK arguments from shift and product. In: Abdalla, M., Nita-Rotaru, C., Dahab, R. (eds.) CANS 2013. LNCS, vol. 8257, pp. 92–121. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  19. 19.
    Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)CrossRefGoogle Scholar
  20. 20.
    Freedman, M.J., Nissim, K., Pinkas, B.: Efficient private matching and set intersection. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 1–19. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  21. 21.
    Gennaro, R., Gentry, C., Parno, B., Raykova, M.: Quadratic span programs and succinct NIZKs without PCPs. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 626–645. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  22. 22.
    Gentry, C., Wichs, D.: Separating succinct non-interactive arguments from all falsifiable assumptions. In: Vadhan, S. (ed.) STOC 2011, pp. 99–108. ACM Press (2011)Google Scholar
  23. 23.
    Goldwasser, S., Kalai, Y.T.: On the (In)security of the Fiat-Shamir paradigm. In: FOCS 2003, pp. 102–113. IEEE, IEEE Computer Society Press (2003)Google Scholar
  24. 24.
    Golle, P., Jarecki, S., Mironov, I.: Cryptographic primitives enforcing communication and storage complexity. In: Blaze, M. (ed.) FC 2002. LNCS, vol. 2357, pp. 120–135. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  25. 25.
    Groth, J.: Short Pairing-Based Non-interactive Zero-Knowledge Arguments. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 321–340. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  26. 26.
    Henry, R., Goldberg, I.: All-but-\(k\) Mercurial Commitments and their Applications. Technical report 26, Centre for Applied Cryptographic Research, Dec 2012. http://cacr.uwaterloo.ca/techreports/2012/cacr2012-26.pdf
  27. 27.
    Jarecki, S., Liu, X.: Efficient oblivious pseudorandom function with applications to adaptive OT and secure computation of set intersection. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 577–594. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  28. 28.
    Kate, A., Zaverucha, G.M., Goldberg, I.: Constant-size commitments to polynomials and their applications. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 177–194. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  29. 29.
    Kissner, L., Song, D.: Privacy-preserving set operations. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 241–257. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  30. 30.
    Lenstra, A.K., Lenstra Jr., H.W., Lovász, L.: Factoring polynomials with rational coefficients. Math. Ann. 261, 513–534 (1982)CrossRefGoogle Scholar
  31. 31.
    Lipmaa, H.: On diophantine complexity and statistical zero-knowledge arguments. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 398–415. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  32. 32.
    Lipmaa, H.: Progression-free sets and sublinear pairing-based non-interactive zero-knowledge arguments. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 169–189. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  33. 33.
    Lipmaa, H.: Succinct non-interactive zero knowledge arguments from span programs and linear error-correcting codes. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part I. LNCS, vol. 8269, pp. 41–60. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  34. 34.
    Lipmaa, H., Asokan, N., Niemi, V.: Secure vickrey auctions without threshold trust. In: Blaze, M. (ed.) FC 2002. LNCS, vol. 2357, pp. 87–101. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  35. 35.
    Micali, S., Rabin, M.O., Kilian, J.: Zero-knowledge sets. In: FOCS 2003, pp. 80–91. IEEE, IEEE Computer Society Press (2003)Google Scholar
  36. 36.
    Pippenger, N.: On the evaluation of powers and monomials. SIAM J. Comput. 9(2), 230–250 (1980)CrossRefMATHMathSciNetGoogle Scholar
  37. 37.
    Rial, A., Kohlweiss, M., Preneel, B.: Universally Composable Adaptive Priced Oblivious Transfer. In: Shacham, H., Waters, B. (eds.) Pairing 2009. LNCS, vol. 5671, pp. 231–247. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  38. 38.
    Straus, E.G.: Addition Chains of Vectors. American Mathematical Monthly 70, 806–808 (1964)MathSciNetGoogle Scholar

Copyright information

© International Financial Cryptography Association 2014

Authors and Affiliations

  • Prastudy Fauzi
    • 1
  • Helger Lipmaa
    • 1
  • Bingsheng Zhang
    • 2
  1. 1.University of TartuTartuEstonia
  2. 2.National and Kapodistrian University of AthensAthensGreece

Personalised recommendations