Paper 2022/1214

Updatable NIZKs from Non-Interactive Zaps

Karim Baghery, imec-COSIC, KU Leuven
Navid Ghaedi Bardeh, Norwegian University of Science and Technology
Abstract

In ASIACRYPT 2016, Bellare, Fuchsbauer, and Scafuro studied the security of NIZK arguments under subverted Structured Reference String (SRS) and presented some positive and negative results. In their best positive result, they showed that by defining an SRS as a tuple of knowledge assumption in bilinear groups (e.g. $g^a, g^b, g^{ab}$), and then using a Non-Interactive (NI) zap to prove that either there is a witness for the statement $\mathsf{x}$ or one knows the trapdoor of SRS (e.g. $a$ or $b$), one can build NIZK arguments that can achieve soundness and $\textit{subversion zero-knowledge}$ (zero-knowledge without trusting a third party; Sub-ZK). In this paper, we expand their idea and use NI zaps (of knowledge) to build NIZK arguments (of knowledge) with $\textit{updatable}$, $\textit{universal}$, and $\textit{succinct}$ SRS. To this end, we first show that their proposed sound and Sub-ZK NIZK argument can also achieve $\textit{updatable}$ soundness, which is a more desired notion than the plain soundness. Updatable soundness allows the verifier to update the SRS one time and bypass the need for a trusted third party. Then, we show that using a similar OR language, given a NI zap (of knowledge) and a $\textit{key-updatable}$ signature scheme, one can build NIZK arguments that can achieve Sub-ZK and $\textit{updatable}$ simulation soundness (resp. $\textit{updatable}$ simulation extractability). The proposed constructions are the first NIZK arguments that have updatable and succinct SRS, and do not require a random oracle. Our instantiations show that in the resulting NIZK arguments the computational cost for the parties to verify/update the SRS is negligible, namely, a few exponentiations and pairing checks. The run times of the prover and verifier, as well as the size of the proof, are asymptotically the same as those of the underlying NI zap.

Note: This is the full version of the CANS'22 paper.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. 21st International Conference on Cryptology and Network Security
Keywords
Non-interactive Zaps Non-interactive Zap of Knowledge NIZK Subversion ZK Updatable Soundness Updatable SRS Model
Contact author(s)
baghery karim @ gmail com
navid ghaedibardeh @ gmail com
History
2022-09-14: approved
2022-09-13: received
See all versions
Short URL
https://ia.cr/2022/1214
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/1214,
      author = {Karim Baghery and Navid Ghaedi Bardeh},
      title = {Updatable {NIZKs} from Non-Interactive Zaps},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/1214},
      year = {2022},
      url = {https://eprint.iacr.org/2022/1214}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.