Paper 2023/1276
Witness Authenticating NIZKs and Applications
, The University of SydneyAbstract
We initiate the study of witness authenticating NIZK proof systems (waNIZKs), in which one can use a witness $w$ of a statement $x$ to identify whether a valid proof for $x$ is indeed generated using $w$. Such a new identification functionality enables more diverse applications, and it also puts new requirements on soundness that: (1) no adversary can generate a valid proof that will not be identified by any witness; (2) or forge a proof using some valid witness to frame others. To work around the obvious obstacle towards conventional zero-knowledgeness, we define entropic zero-knowledgeness that requires the proof to leak no partial information, if the witness has sufficient computational entropy. We give a formal treatment of this new primitive. The modeling turns out to be quite involved and multiple subtle points arise and particular cares are required. We present general constructions from standard assumptions. We also demonstrate three applications in non-malleable (perfectly one-way) hash, group signatures with verifier-local revocations and plaintext-checkable public-key encryption. Our waNIZK provides a new tool to advance the state of the art in all these applications.
Metadata
- Available format(s)
-
PDF
- Category
- Cryptographic protocols
- Publication info
- A major revision of an IACR publication in CRYPTO 2021
- DOI
- 10.1007/978-3-030-84259-8_1
- Contact author(s)
-
hanwen feng @ sydney edu au
qiang tang @ sydney edu au - History
- 2023-08-28: approved
- 2023-08-24: received
- See all versions
- Short URL
- https://ia.cr/2023/1276
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/1276,
author = {Hanwen Feng and Qiang Tang},
title = {Witness Authenticating NIZKs and Applications},
howpublished = {Cryptology ePrint Archive, Paper 2023/1276},
year = {2023},
doi = {10.1007/978-3-030-84259-8_1},
note = {\url{https://eprint.iacr.org/2023/1276}},
url = {https://eprint.iacr.org/2023/1276}
}
