Cryptology ePrint Archive: Report 2018/877

On QA-NIZK in the BPK Model

Behzad Abdolmaleki and Helger Lipmaa and Janno Siim and Michał Zając

Abstract: While the CRS model is widely accepted for construction of non-interactive zero knowledge (NIZK) proofs, from the practical viewpoint, a very important question is to minimize the trust needed from the creators of the CRS. Recently, Bellare et al. defined subversion-resistance (security in the case the CRS creator may be malicious) for NIZK. First, we observe that subversion zero knowledge (Sub-ZK) in the CRS model corresponds to no-auxiliary-string non-black-box NIZK (also known as nonuniform NIZK) in the Bare Public Key (BPK) model. Due to well-known impossibility results, this observation provides a simple proof that the use of non-black-box techniques is needed to obtain Sub-ZK. Second, we prove that the most efficient known QA-NIZK for linear subspaces by Kiltz and Wee is nonuniform zero knowledge in the BPK model under two alternative novel knowledge assumptions, both secure in the subversion generic bilinear group model. We prove that (for a different set of parameters) a slightly less efficient variant of Kiltz-Wee is nonuniform zero knowledge in the BPK model under a known knowledge assumption that is also secure in the subversion generic bilinear group model.

Category / Keywords: cryptographic protocols / Bare public key model, non-black-box zero knowledge, nonuniform zero knowledge, QA-NIZK, subversion-security

Date: received 18 Sep 2018

Contact author: helger lipmaa at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20180923:191730 (All versions of this report)

Short URL: ia.cr/2018/877


[ Cryptology ePrint archive ]