Paper 2021/836

Towards a Unified Approach to Black-Box Constructions of Zero-Knowledge Proofs

Xiao Liang and Omkant Pandey

Abstract

General-purpose zero-knowledge proofs for all \textsf{NP} languages greatly simplify secure protocol design. However, they inherently require the code of the underlying relation. If the relation contains black-box calls to a cryptographic function, the code of that function must be known to use the ZK proof, even if both the relation and the proof require only black-box access to the function. Rosulek (Crypto'12) shows that non-trivial proofs for even simple statements, such as membership in the range of a one-way function, require non-black-box access. We propose an alternative approach to bypass Rosulek's impossibility result. Instead of asking for a ZK proof directly for the given one-way function $f$, we seek to construct a \textit{new} one-way function $F$ given only black-box access to $f$, \textit{and} an associated ZK protocol for proving non-trivial statements, such as range membership, over its output. We say that $F$, along with its proof system, is a \textit{proof-based} one-way function. We similarly define proof-based versions of other primitives, specifically pseudo-random generators and collision-resistant hash functions. We show how to construct proof-based versions of each of the primitives mentioned above from their ordinary counterparts under mild but necessary restrictions over the input. More specifically, - We first show that if the prover entirely chooses the input, then proof-based pseudo-random generators cannot be constructed from ordinary ones in a black-box manner, thus establishing that some restrictions over the input are necessary. - We next present black-box constructions handling inputs of the form $(x,r)$ where $r$ is chosen uniformly by the verifier. This is similar to the restrictions in the widely used Goldreich-Levin theorem. The associated ZK proofs support range membership over the output as well as arbitrary predicates over prefixes of the input. Our results open up the possibility that general-purpose ZK proofs for relations that require black-box access to the primitives above may be possible in the future without violating their black-box nature by instantiating them using proof-based primitives instead of ordinary ones.

Note: The full version of the conference version.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
A major revision of an IACR publication in CRYPTO 2021
Keywords
Zero-KnowledgeBlack-BoxSeparation
Contact author(s)
liang1 @ cs stonybrook edu
omkant @ cs stonybrook edu
History
2021-06-21: received
Short URL
https://ia.cr/2021/836
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/836,
      author = {Xiao Liang and Omkant Pandey},
      title = {Towards a Unified Approach to Black-Box Constructions of Zero-Knowledge Proofs},
      howpublished = {Cryptology ePrint Archive, Paper 2021/836},
      year = {2021},
      note = {\url{https://eprint.iacr.org/2021/836}},
      url = {https://eprint.iacr.org/2021/836}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.