Skip to main content
SpringerLink
Log in

Non-interactive Distributional Indistinguishability (NIDI) and Non-malleable Commitments

  • Conference paper
  • First Online:
Advances in Cryptology – EUROCRYPT 2021 (EUROCRYPT 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12698))

Abstract

We introduce non-interactive distributionally indistinguishable arguments (NIDI) to address a significant weakness of NIWI proofs: namely, the lack of meaningful secrecy when proving statements about \(\mathsf {NP}\) languages with unique witnesses.

NIDI arguments allow a prover \({\mathcal P} \) to send a single message to verifier \({\mathcal V} \), from which \({\mathcal V} \) obtains a sample d from a (secret) distribution \({\mathcal D} \), together with a proof of membership of d in an NP language \({\mathcal L} \).

The soundness guarantee is that if the sample d obtained by the verifier \({\mathcal V} \) is not in \({\mathcal L} \), then \({\mathcal V} \) outputs \(\bot \). The privacy guarantee is that secrets about the distribution remain hidden: for every pair of (sufficiently) hard-to-distinguish distributions \({\mathcal D} _0\) and \({\mathcal D} _1\) with support in NP language \({\mathcal L} \), a NIDI that outputs samples from \({\mathcal D} _0\) with proofs of membership in \({\mathcal L} \) is indistinguishable from one that outputs samples from \({\mathcal D} _1\) with proofs of membership in \({\mathcal L} \).

  • We build NIDI arguments for superpolynomially hard-to-distinguish distributions, assuming sub-exponential indistinguishability obfuscation and sub-exponentially secure (variants of) one-way functions.

  • We demonstrate preliminary applications of NIDI and of our techniques to obtaining the first (relaxed) non-interactive constructions in the plain model, from well-founded assumptions, of:

    \(\bullet \):

    Commit-and-prove that provably hides the committed message

    \(\bullet \):

    CCA-secure commitments against non-uniform adversaries.

    The commit phase of our commitment schemes consists of a single message from the committer to the receiver, followed by a randomized output by the receiver (that need not be returned to the committer).

Work done in part during a visit to the Simons institute, Berkeley. This material is based upon work supported in part by DARPA under Contract No. HR001120C0024. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the United States Government or DARPA.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    There are several variants of this definition strengthening/weakening different aspects [22, 28].

  2. 2.

    Jumping ahead, in our construction, a prover message will take the form of a program, to which the verifier will make a (randomized) query. In response, the program will output a sample d and a proof of membership of \(d \in {\mathcal L} \).

  3. 3.

    In the main technical body, we use a somewhat more optimal encoding scheme due to [50], but we ignore this optimization for the purposes of this overview.

  4. 4.

    Since we define a NIDI for \({\mathcal L} \), it is not necessary to explicitly send \({\mathcal L} \) as input to \({\mathcal P} \) and \({\mathcal V} \) but we nevertheless write it this way for clarity.

  5. 5.

    Here, we slightly abuse notation and use \({\mathcal D} \) to also denote a circuit that on input uniform randomness, outputs a sample from the distribution \({\mathcal D} \).

  6. 6.

    This can be based on sub-exponential indistinguishability obfuscation and sub-exponential one-way functions following [62].

  7. 7.

    Here, we use a different tag encoding scheme due to [50] that offers a slightly more optimized way to the same effect as the DDN encoding [27] discussed in the overview. That is, for every pair of unequal large tags T and \(T'\), there is at least one member in the set corresponding to T that is not present in the set corresponding to \(T'\), and vice-versa.

  8. 8.

    Note that for the base scheme, \({\mathcal R} \) simply outputs the string it obtained from the committer.

References

  1. Agrawal, S.: Indistinguishability obfuscation without multilinear maps: new methods for bootstrapping and instantiation. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11476, pp. 191–225. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17653-2_7

    Chapter  Google Scholar 

  2. Agrawal, S., Pellet-Mary, A.: Indistinguishability obfuscation without maps: attacks and fixes for noisy linear FE. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12105, pp. 110–140. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45721-1_5

    Chapter  Google Scholar 

  3. Ananth, P., Jain, A., Lin, H., Matt, C., Sahai, A.: Indistinguishability obfuscation without multilinear maps: new paradigms via low degree weak pseudorandomness and security amplification. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11694, pp. 284–332. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26954-8_10

    Chapter  Google Scholar 

  4. Ananth, P., Jain, A., Naor, M., Sahai, A., Yogev, E.: Universal constructions and robust combiners for indistinguishability obfuscation and witness encryption. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 491–520. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53008-5_17. Proceedings, Part II

    Chapter  Google Scholar 

  5. Badrinarayanan, S., Garg, S., Ishai, Y., Sahai, A., Wadia, A.: Two-message witness indistinguishability and secure computation in the plain model from new assumptions. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10626, pp. 275–303. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70700-6_10. Proceedings, Part III

    Chapter  MATH  Google Scholar 

  6. Barak, B.: Constant-round coin-tossing with a man in the middle or realizing the shared random string model. In: FOCS 2002, pp. 345–355 (2002)

    Google Scholar 

  7. Barak, B., et al.: On the (im)possibility of obfuscating programs. J. ACM 59(2), 6:1–6:48 (2012). https://doi.org/10.1145/2160158.2160159

    Article  MathSciNet  MATH  Google Scholar 

  8. Barak, B., Ong, S.J., Vadhan, S.P.: Derandomization in cryptography. SIAM J. Comput. 37(2), 380–400 (2007). https://doi.org/10.1137/050641958

    Article  MathSciNet  MATH  Google Scholar 

  9. Barak, B., Pass, R.: On the possibility of one-message weak zero-knowledge. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 121–132. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24638-1_7. Theory of Cryptography, First Theory of Cryptography Conference

    Chapter  MATH  Google Scholar 

  10. Bellare, M., Stepanovs, I., Tessaro, S.: Contention in cryptoland: obfuscation, leakage and UCE. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9563, pp. 542–564. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49099-0_20

    Chapter  Google Scholar 

  11. Bitansky, N., Goldwasser, S., Jain, A., Paneth, O., Vaikuntanathan, V., Waters, B.: Time-lock puzzles from randomized encodings. In: Sudan, M. (ed.) Proceedings of the 2016 ACM Conference on Innovations in Theoretical Computer Science, Cambridge, MA, USA, 14–16 January 2016, pp. 345–356. ACM (2016). https://doi.org/10.1145/2840728.2840745

  12. Bitansky, N., Khurana, D., Paneth, O.: Weak zero-knowledge beyond the black-box barrier. In: Charikar, M., Cohen, E. (eds.) STOC 2019, pp. 1091–1102. ACM (2019). https://doi.org/10.1145/3313276.3316382

  13. Bitansky, N., Lin, H.: One-message zero knowledge and non-malleable commitments. In: Beimel, A., Dziembowski, S. (eds.) TCC 2018. LNCS, vol. 11239, pp. 209–234. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03807-6_8

    Chapter  Google Scholar 

  14. Bitansky, N., Paneth, O.: Point obfuscation and 3-round zero-knowledge. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 190–208. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28914-9_11

    Chapter  Google Scholar 

  15. Bitansky, N., Paneth, O.: ZAPs and non-interactive witness indistinguishability from indistinguishability obfuscation. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9015, pp. 401–427. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46497-7_16

    Chapter  MATH  Google Scholar 

  16. Bitansky, N., Shmueli, O.: Post-quantum zero knowledge in constant rounds. In: Makarychev, K., Makarychev, Y., Tulsiani, M., Kamath, G., Chuzhoy, J. (eds.) STOC 2020, pp. 269–279. ACM (2020). https://doi.org/10.1145/3357713.3384324

  17. Brakerski, Z., Döttling, N., Garg, S., Malavolta, G.: Candidate iO from homomorphic encryption schemes. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12105, pp. 79–109. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45721-1_4

    Chapter  Google Scholar 

  18. Brakerski, Z., Döttling, N., Garg, S., Malavolta, G.: Factoring and pairings are not necessary for iO: circular-secure LWE suffices. IACR Cryptol. ePrint Arch. (2020). https://eprint.iacr.org/2020/1024

  19. Brzuska, C., Mittelbach, A.: Indistinguishability obfuscation versus multi-bit point obfuscation with auxiliary input. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 142–161. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45608-8_8

    Chapter  Google Scholar 

  20. Canetti, R., Goldreich, O., Goldwasser, S., Micali, S.: Resettable zero-knowledge (extended abstract). In: Yao, F.F., Luks, E.M. (eds.) Proceedings of the Thirty-Second Annual ACM Symposium on Theory of Computing, 21–23 May 2000, Portland, OR, USA, pp. 235–244. ACM (2000). https://doi.org/10.1145/335305.335334

  21. Canetti, R., Lin, H., Pass, R.: Adaptive hardness and composable security in the plain model from standard assumptions. In: Proceedings of the 51th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2010, pp. 541–550 (2010)

    Google Scholar 

  22. Chung, K.-M., Lui, E., Pass, R.: From weak to strong zero-knowledge and applications. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9014, pp. 66–92. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46494-6_4

    Chapter  Google Scholar 

  23. Ciampi, M., Ostrovsky, R., Siniscalchi, L., Visconti, I.: Concurrent non-malleable commitments (and more) in 3 rounds. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9816, pp. 270–299. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53015-3_10. Robshaw and Katz [61]

    Chapter  MATH  Google Scholar 

  24. Ciampi, M., Ostrovsky, R., Siniscalchi, L., Visconti, I.: Four-round concurrent non-malleable commitments from one-way functions. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 127–157. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63715-0_5

    Chapter  Google Scholar 

  25. Deshpande, A., Kalai, Y.: Proofs of ignorance and applications to 2-message witness hiding. IACR Cryptol. ePrint Arch. 2018, 896 (2018)

    Google Scholar 

  26. Dodis, Y., Halevi, S., Rothblum, R.D., Wichs, D.: Spooky encryption and its applications. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9816, pp. 93–122. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53015-3_4. Robshaw and Katz [61]

    Chapter  Google Scholar 

  27. Dolev, D., Dwork, C., Naor, M.: Non-malleable cryptography (Extended Abstract). In: STOC 1991 (1991)

    Google Scholar 

  28. Dwork, C., Naor, M., Reingold, O., Stockmeyer, L.J.: Magic functions. J. ACM 50(6), 852–921 (2003). https://doi.org/10.1145/950620.950623

    Article  MathSciNet  MATH  Google Scholar 

  29. Feige, U., Lapidot, D., Shamir, A.: Multiple noninteractive zero knowledge proofs under general assumptions. SIAM J. Comput. 29(1), 1–28 (1999). https://doi.org/10.1137/S0097539792230010

    Article  MathSciNet  MATH  Google Scholar 

  30. Feige, U., Shamir, A.: Witness indistinguishable and witness hiding protocols. In: Proceedings of the 22nd Annual ACM Symposium on Theory of Computing, 13–17 May 1990, Baltimore, Maryland, USA, pp. 416–426 (1990). https://doi.org/10.1145/100216.100272

  31. Garg, R., Khurana, D., Lu, G., Waters, B.: Black-box non-interactive non-malleable commitments. Cryptology ePrint Archive, Report 2020/1197 (2020). https://eprint.iacr.org/2020/1197

  32. Garg, S., Gentry, C., Halevi, S., Raykova, M.: Two-round secure MPC from indistinguishability obfuscation. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 74–94. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54242-8_4

    Chapter  Google Scholar 

  33. Gay, R., Jain, A., Lin, H., Sahai, A.: Indistinguishability obfuscation from simple-to-state hard problems: new assumptions, new techniques, and simplification. IACR Cryptol. ePrint Arch. (2020). https://eprint.iacr.org/2020/764

  34. Gay, R., Pass, R.: Indistinguishability obfuscation from circular security. IACR Cryptol. ePrint Arch. (2020). https://eprint.iacr.org/2020/1010

  35. Goldreich, O.: The Foundations of Cryptography -Basic Techniques, vol. 1. Cambridge University Press, Cambridge (2001)

    Book  Google Scholar 

  36. Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity for all languages in NP have zero-knowledge proof systems. J. ACM 38(3), 691–729 (1991). https://doi.org/10.1145/116825.116852

    Article  MathSciNet  MATH  Google Scholar 

  37. Goldreich, O., Oren, Y.: Definitions and properties of zero-knowledge proof systems. J. Cryptol. 7(1), 1–32 (1994). https://doi.org/10.1007/BF00195207

    Article  MathSciNet  MATH  Google Scholar 

  38. Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186–208 (1989). https://doi.org/10.1137/0218012

    Article  MathSciNet  MATH  Google Scholar 

  39. Goyal, V.: Constant round non-malleable protocols using one-way functions. In: STOC 2011, pp. 695–704. ACM (2011)

    Google Scholar 

  40. Goyal, V., Lee, C.K., Ostrovsky, R., Visconti, I.: Constructing non-malleable commitments: a black-box approach. In: FOCS (2012)

    Google Scholar 

  41. Goyal, V., Pandey, O., Richelson, S.: Textbook non-malleable commitments. In: STOC, pp. 1128–1141. ACM, New York (2016). https://doi.org/10.1145/2897518.2897657

  42. Goyal, V., Richelson, S.: Non-malleable commitments using goldreich-levin list decoding. In: Zuckerman, D. (ed.) FOCS 2019, pp. 686–699. IEEE Computer Society (2019). https://doi.org/10.1109/FOCS.2019.00047, https://ieeexplore.ieee.org/xpl/conhome/8936052/proceeding

  43. Goyal, V., Richelson, S., Rosen, A., Vald, M.: An algebraic approach to non-malleability. In: FOCS 2014, pp. 41–50 (2014). https://doi.org/10.1109/FOCS.2014.13

  44. Groth, J., Ostrovsky, R., Sahai, A.: New techniques for noninteractive zero-knowledge. J. ACM 59(3), 11:1–11:35 (2012). https://doi.org/10.1145/2220357.2220358

  45. Jain, A., Lin, H., Matt, C., Sahai, A.: How to leverage hardness of constant-degree expanding polynomials over \(\mathbb{R}\) to build \(i\cal{O}\). In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11476, pp. 251–281. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17653-2_9

    Chapter  Google Scholar 

  46. Jain, A., Lin, H., Sahai, A.: Indistinguishability obfuscation from well-founded assumptions. Cryptology ePrint Archive, Report 2020/1003 (2020). https://eprint.iacr.org/2020/1003

  47. Jain, A., Kalai, Y.T., Khurana, D., Rothblum, R.: Distinguisher-dependent simulation in two rounds and its applications. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. Lecture Notes in Computer Science, vol. 10402, pp. 158–189. Springer (2017). https://doi.org/10.1007/978-3-319-63715-0

  48. Kalai, Y.T., Khurana, D.: Non-interactive non-malleability from quantum supremacy. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11694, pp. 552–582. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26954-8_18

    Chapter  Google Scholar 

  49. Khurana, D.: Round optimal concurrent non-malleability from polynomial hardness. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017. LNCS, vol. 10678, pp. 139–171. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70503-3_5

    Chapter  Google Scholar 

  50. Khurana, D., Sahai, A.: How to achieve non-malleability in one or two rounds. In: Umans [63], pp. 564–575. https://doi.org/10.1109/FOCS.2017.58

  51. Kuykendall, B., Zhandry, M.: Towards non-interactive witness hiding. Cryptology ePrint Archive, Report 2020/1205 (2020). https://eprint.iacr.org/2020/1205

  52. Lin, H., Pass, R.: Constant-round non-malleable commitments from any one-way function. In: STOC 2011, pp. 705–714 (2011)

    Google Scholar 

  53. Lin, H., Pass, R.: Non-malleability amplification. In: Proceedings of the 41st Annual ACM Symposium on Theory of Computing, STOC 2009, pp. 189–198 (2009)

    Google Scholar 

  54. Lin, H., Pass, R., Soni, P.: Two-round and non-interactive concurrent non-malleable commitments from time-lock puzzles. In: Umans [63], pp. 576–587 (2017). https://doi.org/10.1109/FOCS.2017.59

  55. Lin, H., Pass, R., Venkitasubramaniam, M.: Concurrent non-malleable commitments from any one-way function. In: TCC 2008, pp. 571–588 (2008)

    Google Scholar 

  56. Pandey, O., Pass, R., Vaikuntanathan, V.: Adaptive one-way functions and applications. In: Advances in Cryptology – CRYPTO 2008, pp. 57–74 (2008)

    Google Scholar 

  57. Pass, R.: Simulation in quasi-polynomial time, and its application to protocol composition. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 160–176. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_10

    Chapter  Google Scholar 

  58. Pass, R., Rosen, A.: Concurrent non-malleable commitments. In: Proceedings of the 46th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2005, pp. 563–572 (2005)

    Google Scholar 

  59. Pass, R., Rosen, A.: New and improved constructions of nonmalleable cryptographic protocols. SIAM J. Comput. 38(2), 702–752 (2008)

    Article  MathSciNet  Google Scholar 

  60. Pass, R., Wee, H.: Constant-round non-malleable commitments from sub-exponential one-way functions. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 638–655. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13190-5_32

    Chapter  Google Scholar 

  61. Robshaw, M., Katz, J. (eds.): Advances in Cryptology - CRYPTO 2016–36th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 14–18, 2016, Proceedings, Part III, Lecture Notes in Computer Science, vol. 9816. Springer (2016). https://doi.org/10.1007/978-3-662-53015-3

  62. Sahai, A., Waters, B.: How to use indistinguishability obfuscation: deniable encryption, and more. In: Shmoys, D.B. (ed.) STOC 2014, pp. 475–484. ACM (2014). https://doi.org/10.1145/2591796.2591825

  63. Umans, C. (ed.): 58th IEEE Annual Symposium on Foundations of Computer Science, FOCS 2017, Berkeley, CA, USA, 15–17 October 2017. IEEE Computer Society (2017). https://ieeexplore.ieee.org/xpl/conhome/8100284/proceeding

  64. Wee, H.: Black-box, round-efficient secure computation via non-malleability amplification. In: FOCS 2010, pp. 531–540 (2010). https://doi.org/10.1109/FOCS.2010.87

  65. Wee, H., Wichs, D.: Candidate obfuscation via oblivious LWE sampling. IACR Cryptol. ePrint Arch. (2020). https://eprint.iacr.org/2020/1042

Download references

Acknowledgments

We thank the anonymous Eurocrypt reviewers for their insightful suggestions. We are also grateful to Ran Canetti, Suvradip Chakraborty, Oxana Poburinnaya and Manoj Prabhakaran for useful discussions.

Author information

Authors and Affiliations

  1. University of Illinois, Urbana-Champaign, Urbana, USA

    Dakshita Khurana

Authors
  1. Dakshita Khurana
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dakshita Khurana .

Editor information

Editors and Affiliations

  1. Inria, Paris, France

    Anne Canteaut

  2. UCLouvain, Louvain-la-Neuve, Belgium

    François-Xavier Standaert

Rights and permissions

Reprints and permissions

Copyright information

© 2021 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Khurana, D. (2021). Non-interactive Distributional Indistinguishability (NIDI) and Non-malleable Commitments. In: Canteaut, A., Standaert, FX. (eds) Advances in Cryptology – EUROCRYPT 2021. EUROCRYPT 2021. Lecture Notes in Computer Science(), vol 12698. Springer, Cham. https://doi.org/10.1007/978-3-030-77883-5_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-77883-5_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-77882-8

  • Online ISBN: 978-3-030-77883-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation