Cryptology ePrint Archive: Report 2016/583

Efficient Zero-Knowledge Proof of Algebraic and Non-Algebraic Statements with Applications to Privacy Preserving Credentials

Melissa Chase and Chaya Ganesh and Payman Mohassel

Abstract: Practical anonymous credential systems are generally built around sigma-protocol ZK proofs. This requires that credentials be based on specially formed signatures. Here we ask whether we can instead use a standard (say, RSA, or (EC)DSA) signature that includes formatting and hashing messages, as a credential, and still provide privacy. Existing techniques do not provide efficient solutions for proving knowledge of such a signature: On the one hand, ZK proofs based on garbled circuits (Jawurek et al. 2013) give efficient proofs for checking formatting of messages and evaluating hash functions. On the other hand they are expensive for checking algebraic relations such as RSA or discrete-log, which can be done efficiently with sigma protocols.

We design new constructions obtaining the best of both worlds: combining the efficiency of the garbled circuit approach for non-algebraic statements and that of sigma protocols for algebraic ones. We then discuss how to use these as building-blocks to construct privacy-preserving credential systems based on standard RSA and (EC)DSA signatures.

Other applications of our techniques include anonymous credentials with more complex policies, the ability to efficiently switch between commitments (and signatures) in different groups, and secure two-party computation on committed/signed inputs.

Category / Keywords: zero knowledge, garbled circuits, anonymous credentials

Original Publication (in the same form): IACR-CRYPTO-2016

Date: received 3 Jun 2016

Contact author: melissac at microsoft com, chaya ganesh at gmail com, payman mohassel at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20160606:150202 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]