Paper 2019/1162

Subversion-Resistant Simulation (Knowledge) Sound NIZKs

Karim Baghery

Abstract

In ASIACRYPT 2016, Bellare, Fuchsbauer, and Scafuro studied the security of non-interactive zero-knowledge (NIZK) arguments in the face of parameter subversion. They showed that achieving subversion soundness (soundness without trusting to the third party) and standard zero-knowledge is impossible at the same time. On the positive side, in the best case, they showed that one can achieve subversion zero-knowledge (zero-knowledge without trusting to the third party) and soundness at the same time. In this paper, we show that one can amplify their best positive result and construct NIZK arguments that can achieve subversion zero-knowledge and $\textit{simulation}$ (knowledge) soundness at the same time. Simulation (knowledge) soundness is a stronger notion in comparison with (knowledge) soundness, as it also guarantees non-malleability of proofs. Such a stronger security guarantee is a must in practical systems. To prove the result, we show that given a NIZK argument that achieves Sub-ZK and (knowledge) soundness, one can use an OR-based construction to define a new language and build a NIZK argument that will guarantee Sub-ZK and $\textit{simulation}$ (knowledge) soundness at the same time. We instantiate the construction with the state-of-the-art zk-SNARK proposed by Groth [Eurocrypt 2016] and obtain an efficient SNARK that guarantees Sub-ZK and simulation knowledge soundness.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Minor revision. 17th IMA International Conference on Cryptography and Coding - IMA CC 2019
Keywords
NIZKsubversion zero-knowledgezk-SNARKsimulation extractabilityCRS model
Contact author(s)
karim baghery @ ut ee
History
2019-10-07: received
Short URL
https://ia.cr/2019/1162
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/1162,
      author = {Karim Baghery},
      title = {Subversion-Resistant Simulation (Knowledge) Sound {NIZKs}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/1162},
      year = {2019},
      url = {https://eprint.iacr.org/2019/1162}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.