Cryptology ePrint Archive: Report 2019/475

Dual-Mode NIZKs from Obfuscation

Dennis Hofheinz and Bogdan Ursu

Abstract: Two standard security properties of a non-interactive zero-knowledge (NIZK) scheme are soundness and zero-knowledge. But while standard NIZK systems can only provide one of those properties against unbounded adversaries, dual-mode NIZK systems allow to choose dynamically and adaptively which of these properties holds unconditionally. The only known dual-mode NIZK systems are Groth-Sahai proofs (which have proved extremely useful in a variety of applications), and the FHE-based NIZK constructions of Canetti et al. and Peikert et al, which are concurrent and independent to this work. However, all these constructions rely on specific algebraic settings.

Here, we provide a generic construction of dual-mode NIZK systems for all of NP. The public parameters of our scheme can be set up in one of two indistinguishable ways. One way provides unconditional soundness, while the other provides unconditional zero-knowledge. Our scheme relies on subexponentially secure indistinguishability obfuscation and subexponentially secure one-way functions, but otherwise only on comparatively mild and generic computational assumptions. These generic assumptions can be instantiated under any one of the DDH, k-LIN, DCR, or QR assumptions.

As an application, we reduce the required assumptions necessary for several recent obfuscation-based constructions of multilinear maps. Combined with previous work, our scheme can be used to construct multilinear maps from obfuscation and a group in which the strong Diffie-Hellman assumption holds. We also believe that our work adds to the understanding of the construction of NIZK systems, as it provides a conceptually new way to achieve dual-mode properties.

Category / Keywords: non-interactive zero-knowledge, dual-mode proof systems, indistinguishability obfuscation

Original Publication (with major differences): IACR-ASIACRYPT-2019

Date: received 9 May 2019, last revised 25 Feb 2020

Contact author: hofheinz at inf ethz ch,bogdan ursu@inf ethz ch

Available format(s): PDF | BibTeX Citation

Note: Reformatting, fixed a mistake in Theorem 14, added acknowledgements.

Version: 20200225:213820 (All versions of this report)

Short URL: ia.cr/2019/475


[ Cryptology ePrint archive ]