eprint.iacr.org will be offline for approximately an hour for routine maintenance at 11pm UTC on Tuesday, April 16. We lost some data between April 12 and April 14, and some authors have been notified that they need to resubmit their papers.

Paper 2017/703

Optimally Sound Sigma Protocols Under DCRA

Helger Lipmaa


Given a well-chosen additively homomorphic cryptosystem and a $\Sigma$ protocol with a linear answer, Damgård, Fazio, and Nicolosi proposed a non-interactive designated-verifier zero knowledge argument in the registered public key model that is sound under non-standard complexity-leveraging assumptions. In 2015, Chaidos and Groth showed how to achieve the weaker yet reasonable culpable soundness notion under standard assumptions but only if the plaintext space order is prime. It makes use of $\Sigma$ protocols that satisfy what we call the \emph{optimal culpable soundness}. Unfortunately, most of the known additively homomorphic cryptosystems (like the Paillier Elgamal cryptosystem that is secure under the standard Decisional Composite Residuosity Assumption) have composite-order plaintext space. We construct optimally culpable sound $\Sigma$ protocols and thus culpably sound non-interactive designated-verifier zero knowledge protocols for NP under standard assumptions given that the least prime divisor of the plaintext space order is large.

Available format(s)
Public-key cryptography
Publication info
Preprint. MINOR revision.
Culpable soundnessdesignated verifierhomomorphic encryptionnon-interactive zero knowledgeoptimal soundnessregistered public key model
Contact author(s)
helger lipmaa @ gmail com
2017-07-21: received
Short URL
Creative Commons Attribution


      author = {Helger Lipmaa},
      title = {Optimally Sound Sigma Protocols Under DCRA},
      howpublished = {Cryptology ePrint Archive, Paper 2017/703},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/703}},
      url = {https://eprint.iacr.org/2017/703}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.