Cryptology ePrint Archive: Report 2019/475

Dual-Mode NIZKs from Obfuscation

Dennis Hofheinz and Bogdan Ursu

Abstract: Two standard security properties of a non-interactive zero-knowledge (NIZK) scheme are soundness and zero-knowledge. But while standard NIZK systems can only provide one of those properties against unbounded adversaries, dual-mode NIZK systems allow to choose dynamically and adaptively which of these properties holds unconditionally. The only known dual-mode NIZK systems are Groth-Sahai proofs (which have proved extremely useful in a variety of applications), and the FHE-based NIZK constructions of Canetti et al. and Peikert et al, which are concurrent and independent to this work. However, all these constructions rely on specific algebraic settings.

Here, we provide a generic construction of dual-mode NIZK systems for all of NP. The public parameters of our scheme can be set up in one of two indistinguishable ways. One way provides unconditional soundness, while the other provides unconditional zero-knowledge. Our scheme relies on subexponentially secure indistinguishability obfuscation and subexponentially secure one-way functions, but otherwise only on comparatively mild and generic computational assumptions. These generic assumptions can be instantiated under any one of the DDH, k-LIN, DCR, or QR assumptions.

As an application, we reduce the required assumptions necessary for several recent obfuscation-based constructions of multilinear maps. Combined with previous work, our scheme can be used to construct multilinear maps from obfuscation and a group in which the strong Diffie-Hellman assumption holds. We also believe that our work adds to the understanding of the construction of NIZK systems, as it provides a conceptually new way to achieve dual-mode properties.

Category / Keywords: non-interactive zero-knowledge, dual-mode proof systems, indistinguishability obfuscation

Date: received 9 May 2019, last revised 10 May 2019

Contact author: dennis hofheinz at kit edu,bogdan ursu@kit edu

Available format(s): PDF | BibTeX Citation

Note: Fixed an unclarity in the abstract.

Version: 20190510:143001 (All versions of this report)

Short URL: ia.cr/2019/475


[ Cryptology ePrint archive ]