Paper 2022/1214
Updatable NIZKs from Non-Interactive Zaps
Abstract
In ASIACRYPT 2016, Bellare, Fuchsbauer, and Scafuro studied the security of NIZK arguments under subverted Structured Reference String (SRS) and presented some positive and negative results. In their best positive result, they showed that by defining an SRS as a tuple of knowledge assumption in bilinear groups (e.g. $g^a, g^b, g^{ab}$), and then using a Non-Interactive (NI) zap to prove that either there is a witness for the statement $\mathsf{x}$ or one knows the trapdoor of SRS (e.g. $a$ or $b$), one can build NIZK arguments that can achieve soundness and $\textit{subversion zero-knowledge}$ (zero-knowledge without trusting a third party; Sub-ZK). In this paper, we expand their idea and use NI zaps (of knowledge) to build NIZK arguments (of knowledge) with $\textit{updatable}$, $\textit{universal}$, and $\textit{succinct}$ SRS. To this end, we first show that their proposed sound and Sub-ZK NIZK argument can also achieve $\textit{updatable}$ soundness, which is a more desired notion than the plain soundness. Updatable soundness allows the verifier to update the SRS one time and bypass the need for a trusted third party. Then, we show that using a similar OR language, given a NI zap (of knowledge) and a $\textit{key-updatable}$ signature scheme, one can build NIZK arguments that can achieve Sub-ZK and $\textit{updatable}$ simulation soundness (resp. $\textit{updatable}$ simulation extractability). The proposed constructions are the first NIZK arguments that have updatable and succinct SRS, and do not require a random oracle. Our instantiations show that in the resulting NIZK arguments the computational cost for the parties to verify/update the SRS is negligible, namely, a few exponentiations and pairing checks. The run times of the prover and verifier, as well as the size of the proof, are asymptotically the same as those of the underlying NI zap.
Note: This is the full version of the CANS'22 paper.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. 21st International Conference on Cryptology and Network Security
- Keywords
- Non-interactive Zaps Non-interactive Zap of Knowledge NIZK Subversion ZK Updatable Soundness Updatable SRS Model
- Contact author(s)
-
baghery karim @ gmail com
navid ghaedibardeh @ gmail com - History
- 2022-09-14: approved
- 2022-09-13: received
- See all versions
- Short URL
- https://ia.cr/2022/1214
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2022/1214, author = {Karim Baghery and Navid Ghaedi Bardeh}, title = {Updatable {NIZKs} from Non-Interactive Zaps}, howpublished = {Cryptology {ePrint} Archive, Paper 2022/1214}, year = {2022}, url = {https://eprint.iacr.org/2022/1214} }