Paper 2018/1248
Fiat-Shamir: From Practice to Theory, Part II (NIZK and Correlation Intractability from Circular-Secure FHE)
Ran Canetti, Alex Lombardi, and Daniel Wichs
Abstract
We construct non-interactive zero-knowledge (NIZK) arguments for $\mathsf{NP}$ from any circular-secure fully homomorphic encryption (FHE) scheme. In particular, we obtain such NIZKs under a circular-secure variant of the learning with errors (LWE) problem while only assuming a standard (poly/negligible) level of security. Our construction can be modified to obtain NIZKs which are either: (1) statistically zero-knowledge arguments in the common random string model or (2) statistically sound proofs in the common reference string model. We obtain our result by constructing a new correlation-intractable hash family [Canetti, Goldreich, and Halevi, JACM~'04] for a large class of relations, which suffices to apply the Fiat-Shamir heuristic to specific 3-message proof systems that we call ``trapdoor $\Sigma$-protocols.'' In particular, assuming circular secure FHE, our hash function $h$ ensures that for any function $f$ of some a-priori bounded circuit size, it is hard to find an input $x$ such that $h(x)=f(x)$. This continues a recent line of works aiming to instantiate the Fiat-Shamir methodology via correlation intractability under progressively weaker and better-understood assumptions. Another consequence of our hash family construction is that, assuming circular-secure FHE, the classic quadratic residuosity protocol of [Goldwasser, Micali, and Rackoff, SICOMP~'89] is not zero knowledge when repeated in parallel. We also show that, under the plain LWE assumption (without circularity), our hash family is a universal correlation intractable family for general relations, in the following sense: If there exists any hash family of some description size that is correlation-intractable for general (even inefficient) relations, then our specific construction (with a comparable size) is correlation-intractable for general (efficiently verifiable) relations.
Note: A merge of this work with ePrint:2018/1004 appears in STOC 2019.
Metadata
- Available format(s)
- Publication info
- Published elsewhere. Major revision. STOC 2019
- Contact author(s)
- alexjl @ mit edu
- History
- 2019-06-20: last of 3 revisions
- 2019-01-03: received
- See all versions
- Short URL
- https://ia.cr/2018/1248
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2018/1248, author = {Ran Canetti and Alex Lombardi and Daniel Wichs}, title = {Fiat-Shamir: From Practice to Theory, Part {II} ({NIZK} and Correlation Intractability from Circular-Secure {FHE})}, howpublished = {Cryptology {ePrint} Archive, Paper 2018/1248}, year = {2018}, url = {https://eprint.iacr.org/2018/1248} }