Cryptology ePrint Archive: Report 2019/333

Key-and-Argument-Updatable QA-NIZKs

Helger Lipmaa

Abstract: There are several new efficient approaches to decreasing trust in the CRS creators for NIZK proofs in the CRS model. Recently, Groth et al. (CRYPTO 2018) defined the notion of NIZK with updatable CRS (updatable NIZK) and described an updatable SNARK. We consider the same problem in the case of QA-NIZKs. We also define an important new property: we require that after updating the CRS, one should be able to update a previously generated argument to a new argument that is valid with the new CRS. We propose a general definitional framework for key-and-argument-updatable QA-NIZKs. After that, we describe a key-and-argument-updatable version of the most efficient known QA-NIZK for linear subspaces by Kiltz and Wee. Importantly, for obtaining soundness, it suffices to update a universal public key that just consists of a matrix drawn from a KerMDH-hard distribution and thus can be shared by any pairing-based application that relies on the same hardness assumption. After specializing the universal public key to the concrete language parameter, one can use the proposed key-and-argument updating algorithms to continue updating to strengthen the soundness guarantee.

Category / Keywords: cryptographic protocols / BPK model, CRS model, QA-NIZK, subversion security, updatable public key, updatable argument

Original Publication (with minor differences): SCN 2020

Date: received 27 Mar 2019, last revised 1 Jul 2020

Contact author: helger lipmaa at gmail com

Available format(s): PDF | BibTeX Citation

Note: The first version of this paper was written in April 2018, and in an updated form, posted to eprint in early 2019. This version corresponds to the publication at SCN 2020 with additional appendices. Compared to the 2019 version, it takes into account the new version of [ALSZ20] (that defines Sub-ZK QA-NIZK) that was significantly modified inbetween.

Version: 20200701:185020 (All versions of this report)

Short URL: ia.cr/2019/333


[ Cryptology ePrint archive ]