TY - GEN
T1 - Triply Adaptive UC NIZK
AU - Canetti, Ran
AU - Sarkar, Pratik
AU - Wang, Xiao
N1 - Publisher Copyright:
© 2022, International Association for Cryptologic Research.
PY - 2022
Y1 - 2022
N2 - Non-interactive zero knowledge (NIZK) enables proving the validity of NP statement without leaking anything else. We study multi-instance NIZKs in the common reference string (CRS) model, against an adversary that adaptively corrupts parties and chooses statements to be proven. We construct the first such triply adaptive NIZK that provides full adaptive soundness, as well as adaptive zero-knowledge, assuming either LWE or else LPN and DDH (previous constructions rely on non-falsifiable knowledge assumptions). In addition, our NIZKs are universally composable (UC). Along the way, we: Formulate an ideal functionality, FNICOM, which essentially captures non-interactive commitments, and show that it is realizable by existing protocols using standard assumptions.Define and realize, under standard assumptions, Sigma protocols which satisfy triply adaptive security with access to FNICOM.Use the Fiat-Shamir transform, instantiated with correlation intractable hash functions, to compile a Sigma protocol with triply adaptive security with access to FNICOM into a triply adaptive UC-NIZK argument in the CRS model with access to FNICOM, assuming LWE (or else LPN and DDH).Use the UC theorem to obtain UC-NIZK in the CRS model.
AB - Non-interactive zero knowledge (NIZK) enables proving the validity of NP statement without leaking anything else. We study multi-instance NIZKs in the common reference string (CRS) model, against an adversary that adaptively corrupts parties and chooses statements to be proven. We construct the first such triply adaptive NIZK that provides full adaptive soundness, as well as adaptive zero-knowledge, assuming either LWE or else LPN and DDH (previous constructions rely on non-falsifiable knowledge assumptions). In addition, our NIZKs are universally composable (UC). Along the way, we: Formulate an ideal functionality, FNICOM, which essentially captures non-interactive commitments, and show that it is realizable by existing protocols using standard assumptions.Define and realize, under standard assumptions, Sigma protocols which satisfy triply adaptive security with access to FNICOM.Use the Fiat-Shamir transform, instantiated with correlation intractable hash functions, to compile a Sigma protocol with triply adaptive security with access to FNICOM into a triply adaptive UC-NIZK argument in the CRS model with access to FNICOM, assuming LWE (or else LPN and DDH).Use the UC theorem to obtain UC-NIZK in the CRS model.
UR - http://www.scopus.com/inward/record.url?scp=85147982770&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-22966-4_16
DO - 10.1007/978-3-031-22966-4_16
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:85147982770
SN - 9783031229657
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 466
EP - 495
BT - Advances in Cryptology – ASIACRYPT 2022 - 28th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings
A2 - Agrawal, Shweta
A2 - Lin, Dongdai
PB - Springer Science and Business Media Deutschland GmbH
T2 - 28th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2022
Y2 - 5 December 2022 through 9 December 2022
ER -