Paper 2022/1510

Witness Encryption for Succinct Functional Commitments and Applications

Matteo Campanelli, Protocol Labs
Dario Fiore, IMDEA Software Institute, Madrid
Hamidreza Khoshakhlagh, Concordium
Abstract

Witness encryption (WE), introduced by Garg, Gentry, Sahai, and Waters (STOC 2013) allows one to encrypt a message to a statement $\mathsf{x}$ for some NP language $\mathcal{L}$, such that any user holding a witness for $\mathsf{x} \in \mathcal{L}$ can decrypt the ciphertext. The extreme power of this primitive comes at the cost of its elusiveness: a practical construction from established cryptographic assumptions is currently out of reach. In this work, we investigate a new notion of encryption that has a flavor of WE and that we can build only based on bilinear pairings, for interesting classes of computation. We do this by connecting witness encryption to functional commitments (FC). FCs are an advanced notion of commitments that allows fine-grained openings, that is non-interactive proofs to show that a commitment $\mathsf{cm}$ opens to $v$ such that $y=G(v)$, with the crucial feature that both commitments and openings are succinct. Our new WE notion, witness encryption for (succinct) functional commitment (WE-FC), allows one to encrypt a message with respect to a triple $(\mathsf{cm}, G, y)$, and decryption is unlocked using an FC opening that $\mathsf{cm}$ opens to $v$ such that $y=G(v)$. This mechanism is similar to the notion of witness encryption for NIZK of commitments [Benhamouda and Lin, TCC'20], with the crucial difference that ours supports commitments and decryption time whose size and complexity do not depend on the length of the committed data $v$. Our main contributions are therefore the formal definition of WE-FC, a generic methodology to compile an FC in bilinear groups into an associated WE-FC scheme (semantically secure in the generic group model), and a new FC construction for NC1 circuits that yields a WE-FC for the same class of functions. Similarly to [Benhamouda and Lin, TCC'20], we show how to apply WE-FC to construct multiparty reusable non-interactive secure computation (mrNISC) protocols. Crucially, the efficiency profile of WE-FC yields mrNISC protocols whose offline stage has shorter communication (only a succinct commitment from each party). As an additional contribution, we discuss further applications of WE-FC and show how to extend this primitive to better suit these settings.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
A major revision of an IACR publication in PKC 2024
Keywords
Witness encryptionmrNISCfunctional commitmentsSecure multiparty computationSmooth projective hash functions
Contact author(s)
matteo @ protocol ai
dario fiore @ imdea org
hk @ concordium com
History
2024-02-16: last of 3 revisions
2022-11-02: received
See all versions
Short URL
https://ia.cr/2022/1510
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/1510,
      author = {Matteo Campanelli and Dario Fiore and Hamidreza Khoshakhlagh},
      title = {Witness Encryption for Succinct Functional Commitments and Applications},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/1510},
      year = {2022},
      url = {https://eprint.iacr.org/2022/1510}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.