Cryptology ePrint Archive: Report 2013/670

Switching Lemma for Bilinear Tests and Constant-size NIZK Proofs for Linear Subspaces

Charanjit Jutla and Arnab Roy

Abstract: We state a switching lemma for tests on adversarial inputs involving bilinear pairings in hard groups, where the tester can effectively switch the randomness used in the test from being given to the adversary at the outset to being chosen after the adversary commits its input. The switching lemma can be based on any $k$-linear hardness assumptions on one of the groups. In particular, this enables convenient information theoretic arguments in the construction of sequence of games proving security of cryptographic schemes, mimicking proofs and constructions in the random oracle model.

As an immediate application, we show that the quasi-adaptive NIZK proofs of Jutla and Roy [AsiaCrypt 2013] for linear subspaces can be further shortened to \emph{constant}-size proofs, independent of the number of witnesses and equations. In particular, under the XDH assumption, a length $n$ vector of group elements can be proven to belong to a subspace of rank $t$ with a quasi-adaptive NIZK proof consisting of just a single group element. Similar quasi-adaptive aggregation of proofs is also shown for Groth-Sahai NIZK proofs of linear multi-scalar multiplication equations, as well as linear pairing-product equations (equations without any quadratic terms).

Category / Keywords: NIZK, bilinear pairings, quasi-adaptive, Groth-Sahai, Random Oracle, IBE, CCA2

Original Publication (with major differences): IACR-CRYPTO-2014

Date: received 18 Oct 2013, last revised 7 Oct 2014

Contact author: csjutla at us ibm com, arnabr@gmail com

Available format(s): PDF | BibTeX Citation

Version: 20141008:005313 (All versions of this report)

Short URL: ia.cr/2013/670

Discussion forum: Show discussion | Start new discussion