Cryptology ePrint Archive: Report 2015/1095

Non-Malleable Multi-Prover Interactive Proofs and Witness Signatures

Vipul Goyal and Aayush Jain and Dakshita Khurana

Abstract: We explore a new man-in-the-middle adversarial model for multi-prover interactive proofs (MIPs), and construct round-optimal, unconditionally secure, non-malleable MIPs. We compile from a large sub-class of Sigma protocols to a non-malleable MIP, avoiding the use of expensive NP-reductions to Graph Hamiltonicity or other NP-complete problems. Our compiler makes novel use of non-malleable codes - in particular, we rely on many-many non-malleable codes constructed recently by Chattopadhyay, Goyal and Li (STOC 2016).

We introduce another (seemingly unrelated) primitive - witness signatures - motivated by the goal of removing central trust assumptions from cryptography. Witness signatures allow any party with a valid witness to an NP statement to sign a message on behalf of that statement. These signatures must be unforgeable - that is, signing a new message, even given several signatures, should be as hard as computing a witness to the NP statement itself.

We first observe that most natural notions of witness signatures are impossible to achieve in the plain model. While still wanting to avoid a central trusted setup, we turn to the tamper proof hardware token model of Katz (Eurocrypt 2007). We show that non-malleable MIPs yield efficient, unconditional witness signatures in the hardware token model. However, our construction of unconditional witness signatures only supports bounded verification. We also obtain unbounded polynomial verification assuming the existence of one-way functions. Finally, we give a matching lower bound - obtaining unconditional unbounded-verifiable witness signatures with black-box extraction, is impossible even with access to an unbounded number of stateful tamper-proof hardware tokens.

Category / Keywords: Witness Based Cryptography, Multi-Prover Interactive Proofs

Date: received 10 Nov 2015, last revised 21 Mar 2016

Contact author: aayushjainiitd at gmail com;dakshita at cs ucla edu;vipul at microsoft com

Available format(s): PDF | BibTeX Citation

Version: 20160321:195133 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]