Paper 2018/1248

Fiat-Shamir: From Practice to Theory, Part II (NIZK and Correlation Intractability from Circular-Secure FHE)

Ran Canetti, Alex Lombardi, and Daniel Wichs


We construct non-interactive zero-knowledge (NIZK) arguments for $\mathsf{NP}$ from any circular-secure fully homomorphic encryption (FHE) scheme. In particular, we obtain such NIZKs under a circular-secure variant of the learning with errors (LWE) problem while only assuming a standard (poly/negligible) level of security. Our construction can be modified to obtain NIZKs which are either: (1) statistically zero-knowledge arguments in the common random string model or (2) statistically sound proofs in the common reference string model. We obtain our result by constructing a new correlation-intractable hash family [Canetti, Goldreich, and Halevi, JACM~'04] for a large class of relations, which suffices to apply the Fiat-Shamir heuristic to specific 3-message proof systems that we call ``trapdoor $\Sigma$-protocols.'' In particular, assuming circular secure FHE, our hash function $h$ ensures that for any function $f$ of some a-priori bounded circuit size, it is hard to find an input $x$ such that $h(x)=f(x)$. This continues a recent line of works aiming to instantiate the Fiat-Shamir methodology via correlation intractability under progressively weaker and better-understood assumptions. Another consequence of our hash family construction is that, assuming circular-secure FHE, the classic quadratic residuosity protocol of [Goldwasser, Micali, and Rackoff, SICOMP~'89] is not zero knowledge when repeated in parallel. We also show that, under the plain LWE assumption (without circularity), our hash family is a universal correlation intractable family for general relations, in the following sense: If there exists any hash family of some description size that is correlation-intractable for general (even inefficient) relations, then our specific construction (with a comparable size) is correlation-intractable for general (efficiently verifiable) relations.

Note: A merge of this work with ePrint:2018/1004 appears in STOC 2019.

Available format(s)
Publication info
Published elsewhere. Major revision. STOC 2019
Contact author(s)
alexjl @ mit edu
2019-06-20: last of 3 revisions
2019-01-03: received
See all versions
Short URL
Creative Commons Attribution


      author = {Ran Canetti and Alex Lombardi and Daniel Wichs},
      title = {Fiat-Shamir: From Practice to Theory, Part {II} ({NIZK} and Correlation Intractability from Circular-Secure {FHE})},
      howpublished = {Cryptology ePrint Archive, Paper 2018/1248},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.