Cryptology ePrint Archive: Report 2019/063

Efficient Non-Interactive Zero-Knowledge Proofs in Cross-Domains without Trusted Setup

Michael Backes and Lucjan Hanzlik and Amir Herzberg and Aniket Kate and Ivan Pryvalov

Abstract: With the recent emergence of efficient zero-knowledge (ZK) proofs for general circuits, while efficient zero-knowledge proofs of algebraic statements have existed for decades, a natural challenge arose to combine algebraic and non-algebraic statements. Chase et al. (CRYPTO 2016) proposed an interactive ZK proof system for this cross-domain problem. As a use case they show that their system can be used to prove knowledge of a RSA/DSA signature on a message m with respect to a publicly known Pedersen commitment g^m h^r . One drawback of their system is that it requires interaction between the prover and the verifier. This is due to the interactive nature of garbled circuits, which are used in their construction. Subsequently, Agrawal et al. (CRYPTO 2018) proposed an efficient non-interactive ZK (NIZK) proof system for cross-domains based on SNARKs, which however require a trusted setup assumption.

In this paper, we propose a NIZK proof system for cross-domains that requires no trusted setup and is efficient both for the prover and the verifier. Our system constitutes a combination of Schnorr based ZK proofs and ZK proofs for general circuits by Giacomelli et al. (USENIX 2016). The proof size and the running time of our system are comparable to the approach by Chase et al. Compared to Bulletproofs (SP 2018), a recent NIZK proofs system on committed inputs, our techniques achieve asymptotically better performance on prover and verifier, thus presenting a different trade-off between the proof size and the running time.

Category / Keywords: public-key cryptography / zero knowledge

Original Publication (in the same form): IACR-PKC-2019

Date: received 18 Jan 2019, last revised 18 Jan 2019

Contact author: ivan pryvalov at cispa-helmholtz de

Available format(s): PDF | BibTeX Citation

Version: 20190125:215931 (All versions of this report)

Short URL: ia.cr/2019/063


[ Cryptology ePrint archive ]