**From Laconic Zero-Knowledge to Public-Key Cryptography**

*Itay Berman and Akshay Degwekar and Ron D. Rothblum and Prashant Nalini Vasudevan*

**Abstract: **Since its inception, public-key encryption (PKE) has been one of the main cornerstones of cryptography. A central goal in cryptographic research is to understand the foundations of public-key encryption and in particular, base its existence on a natural and generic complexity-theoretic assumption. An intriguing candidate for such an assumption is the existence of a cryptographically hard language in the intersection of NP and SZK.

In this work we prove that public-key encryption can be based on the foregoing assumption, as long as the (honest) prover in the zero-knowledge protocol is efficient and laconic. That is, messages that the prover sends should be efficiently computable (given the NP witness) and short (i.e., of sufficiently sub-logarithmic length). Actually, our result is stronger and only requires the protocol to be zero-knowledge for an honest-verifier and sound against computationally bounded cheating provers.

Languages in NP with such laconic zero-knowledge protocols are known from a variety of computational assumptions (e.g., Quadratic Residuocity, Decisional Diffie-Hellman, Learning with Errors, etc.). Thus, our main result can also be viewed as giving a unifying framework for constructing PKE which, in particular, captures many of the assumptions that were already known to yield PKE.

We also show several extensions of our result. First, that a certain weakening of our assumption on laconic zero-knowledge is actually equivalent to PKE, thereby giving a complexity-theoretic characterization of PKE. Second, a mild strengthening of our assumption also yields a (2-message) oblivious transfer protocol.

**Category / Keywords: **Public Key Cryptography, zero knowledge

**Original Publication**** (in the same form): **IACR-CRYPTO-2018

**Date: **received 2 Jun 2018

**Contact author: **itayberm at mit edu, akshayd@mit edu, ronr@mit edu, prashvas@mit edu

**Available format(s): **PDF | BibTeX Citation

**Version: **20180604:222909 (All versions of this report)

**Short URL: **ia.cr/2018/548

[ Cryptology ePrint archive ]