Making Sigma-Protocols Non-interactive Without Random Oracles

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9020)

Abstract

Damgård, Fazio and Nicolosi (TCC 2006) gave a transformation of Sigma-protocols, 3-move honest verifier zero-knowledge proofs, into efficient non-interactive zero-knowledge arguments for a designated verifier. Their transformation uses additively homomorphic encryption to encrypt the verifier’s challenge, which the prover uses to compute an encrypted answer. The transformation does not rely on the random oracle model but proving soundness requires a complexity leveraging assumption.

We propose an alternative instantiation of their transformation and show that it achieves culpable soundness without complexity leveraging. This improves upon an earlier result by Ventre and Visconti (Africacrypt 2009), who used a different construction which achieved weak culpable soundness.

We demonstrate how our construction can be used to prove validity of encrypted votes in a referendum. This yields a voting system with homomorphic tallying that does not rely on the Fiat-Shamir heuristic.

Keywords

Sigma-protocols Non-interactive zero-knowledge designated verifier argument DFN transformation Culpable soundness Voting 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Adida, B.: Helios: web-based open-audit voting. In: Security Symposium, SS 2008, pp. 335–348. USENIX Association (2008)Google Scholar
  2. 2.
    Barak, B., Canetti, R., Nielsen, J.B., Pass, R.: Universally composable protocols with relaxed set-up assumptions. In: Foundations of Computer Science, FOCS 2004, pp. 186–195. IEEE (2004)Google Scholar
  3. 3.
    Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Computer and Communications Security, pp. 62–73. ACM (1993)Google Scholar
  4. 4.
    Bernhard, D., Cortier, V., Pereira, O., Smyth, B., Warinschi, B.: Adapting helios for provable ballot privacy. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 335–354. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  5. 5.
    Blum, M., Feldman, P., Micali, S.: Non-interactive zero-knowledge and its applications. In: Theory of Computing, STOC 1988, pp. 103–112. ACM (1988)Google Scholar
  6. 6.
    Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. Journal of the ACM (JACM) 51(4), 557–594 (2004)CrossRefMATHMathSciNetGoogle Scholar
  7. 7.
    Cortier, V., Galindo, D., Glondu, S., Izabachène, M.: Distributed ElGamal á la Pedersen: application to Helios. In: Privacy in the Electronic Society, WPES 2013, pp. 131–142. ACM (2013)Google Scholar
  8. 8.
    Cramer, R., Shoup, V.: A practical public-key encryption schemes secure against adaptive chosen ciphertext attack. In: Krawczyk, H. (ed.) CRYPTO ’98. LNCS, vol. 1462. Springer, Heidelberg (1998) Google Scholar
  9. 9.
    Cramer, R., Shoup, V.: Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, p. 45. Springer, Heidelberg (2002) CrossRefGoogle Scholar
  10. 10.
    Damgård, I.B.: Non-interactive circuit based proofs and non-interactive perfect zero-knowledge with preprocessing. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 341–355. Springer, Heidelberg (1993) CrossRefGoogle Scholar
  11. 11.
    Damgård, I.B., Fazio, N., Nicolosi, A.: Non-interactive zero-knowledge from homomorphic encryption. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 41–59. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  12. 12.
    Damgård, I., Jurik, M., Nielsen, J.B.: A generalization of Paillier’s public-key system with applications to electronic voting. International Journal of Information Security 9(6), 371–385 (2010)CrossRefGoogle Scholar
  13. 13.
    Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987) CrossRefGoogle Scholar
  14. 14.
    Gennaro, R., Gentry, C., Parno, B., Raykova, M.: Quadratic span programs and succinct NIZKs without PCPs. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 626–645. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  15. 15.
    Gentry, C., Groth, J., Ishai, Y., Peikert, C., Sahai, A., Smith, A.: Using fully homomorphic hybrid encryption to minimize non-interative zero-knowledge proofs. Journal of Cryptology, 1–24 (2014)Google Scholar
  16. 16.
    Goldwasser, S., Kalai, Y.T.: On the (in)security of the Fiat-Shamir paradigm. In: Foundations of Computer Science, FOCS 2003, pp. 102–113. IEEE (2003)Google Scholar
  17. 17.
    Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM Journal on computing 18(1), 186–208 (1989)CrossRefMATHMathSciNetGoogle Scholar
  18. 18.
    Groth, J.: Simulation-sound NIZK proofs for a practical language and constant size group signatures. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 444–459. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  19. 19.
    Groth, J.: Short non-interactive zero-knowledge proofs. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 341–358. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  20. 20.
    Groth, J.: Short pairing-based non-interactive zero-knowledge arguments. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 321–340. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  21. 21.
    Groth, J., Ostrovsky, R., Sahai, A.: New techniques for noninteractive zero-knowledge. Journal of the ACM 59(3), 11:1–11:35 (2012)CrossRefMathSciNetGoogle Scholar
  22. 22.
    Groth, J., Sahai, A.: Efficient noninteractive proof systems for bilinear groups. SIAM Journal on Computing 41(5), 1193–1232 (2012)CrossRefMATHMathSciNetGoogle Scholar
  23. 23.
    Jakobsson, M., Sako, K., Impagliazzo, R.: Designated verifier proofs and their applications. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 143–154. Springer, Heidelberg (1996) CrossRefGoogle Scholar
  24. 24.
    Kilian, J., Petrank, E.: An efficient noninteractive zero-knowledge proof system for NP with general assumptions. Journal of Cryptology 11(1), 1–27 (1998)CrossRefMATHMathSciNetGoogle Scholar
  25. 25.
    Naor, M., Yung, M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: Theory of Computing, STOC 2013, pp. 427–437. ACM (1990)Google Scholar
  26. 26.
    Okamoto, T., Uchiyama, S.: A new public-key cryptosystem as secure as factoring. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 308–318. Springer, Heidelberg (1998) CrossRefGoogle Scholar
  27. 27.
    Parno, B., Howell, J., Gentry, C., Raykova, M.: Pinocchio: nearly practical verifiable computation. In: Security and Privacy, pp. 238–252. IEEE (2013)Google Scholar
  28. 28.
    Ventre, C., Visconti, I.: Co-sound zero-knowledge with public keys. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 287–304. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  29. 29.
    Wikström, D.: Simplified submission of inputs to protocols. In: Ostrovsky, R., De Prisco, R., Visconti, I. (eds.) SCN 2008. LNCS, vol. 5229, pp. 293–308. Springer, Heidelberg (2008) CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2015

Authors and Affiliations

  1. 1.University College LondonLondonUK

Personalised recommendations