Paper 2016/879
ZeroKnowledge Arguments for MatrixVector Relations and LatticeBased Group Encryption
Benoît Libert, San Ling, Fabrice Mouhartem, Khoa Nguyen, and Huaxiong Wang
Abstract
Group encryption (GE) is the natural encryption analogue of group signatures in that it allows verifiably encrypting messages for some anonymous member of a group while providing evidence that the receiver is a properly certified group member. Should the need arise, an opening authority is capable of identifying the receiver of any ciphertext. As introduced by Kiayias, Tsiounis and Yung (Asiacrypt'07), GE is motivated by applications in the context of oblivious retriever storage systems, anonymous third parties and hierarchical group signatures. This paper provides the first realization of group encryption under lattice assumptions. Our construction is proved secure in the standard model (assuming interaction in the proving phase) under the LearningWithErrors (LWE) and ShortIntegerSolution (SIS) assumptions. As a crucial component of our system, we describe a new zeroknowledge argument system allowing to demonstrate that a given ciphertext is a valid encryption under some hidden but certified public key, which incurs to prove quadratic statements about LWE relations. Specifically, our protocol allows arguing knowledge of witnesses consisting of $\mathbf{X} \in \mathbb{Z}_q^{m \times n}$, $\mathbf{s} \in \mathbb{Z}_q^n$ and a smallnorm $\mathbf{e} \in \mathbb{Z}^m$ which underlie a public vector $\mathbf{b}=\mathbf{X} \cdot \mathbf{s} + \mathbf{e} \in \mathbb{Z}_q^m$ while simultaneously proving that the matrix $\mathbf{X} \in \mathbb{Z}_q^{m \times n}$ has been correctly certified. We believe our proof system to be useful in other applications involving zeroknowledge proofs in the lattice setting.
Metadata
 Available format(s)
 Category
 Publickey cryptography
 Publication info
 A major revision of an IACR publication in ASIACRYPT 2016
 Keywords
 Latticeszeroknowledge proofsgroup encryptionanonymity
 Contact author(s)
 khoantt @ ntu edu sg
 History
 20160914: received
 Short URL
 https://ia.cr/2016/879
 License

CC BY
BibTeX
@misc{cryptoeprint:2016/879, author = {Benoît Libert and San Ling and Fabrice Mouhartem and Khoa Nguyen and Huaxiong Wang}, title = {ZeroKnowledge Arguments for MatrixVector Relations and LatticeBased Group Encryption}, howpublished = {Cryptology ePrint Archive, Paper 2016/879}, year = {2016}, note = {\url{https://eprint.iacr.org/2016/879}}, url = {https://eprint.iacr.org/2016/879} }