Monotone Policy BARGs from BARGs and Additively Homomorphic Encryption

Shafik Nassar; Brent Waters; David J. Wu

Paper 2023/1967

Monotone Policy BARGs from BARGs and Additively Homomorphic Encryption

Shafik Nassar, The University of Texas at Austin

Brent Waters, The University of Texas at Austin, NTT Research

David J. Wu, The University of Texas at Austin

Abstract

A monotone policy batch $NP$ language $L_{R, P}$ is parameterized by a monotone policy $P : {0, 1}^{k} \to {0, 1}$ and an $NP$ relation $R$ . A statement $(x_{1}, \dots, x_{k})$ is a YES instance if there exists $w_{1}, \dots, w_{k}$ where $P (R (x_{1}, w_{1}), \dots, R (x_{k}, w_{k})) = 1$ . For example, we might say that an instance $(x_{1}, \dots, x_{k})$ is a YES instance if a majority of the statements are true. A monotone policy batch argument (BARG) for $NP$ allows a prover to prove that $(x_{1}, \dots, x_{k}) \in L_{R, P}$ with a proof of size $poly (λ, | R |, \log k)$ , where $λ$ is the security parameter, $| R |$ is the size of the Boolean circuit that computes $R$ , and $k$ is the number of instances. Recently, Brakerski, Brodsky, Kalai, Lombardi, and Paneth (CRYPTO 2023) gave the first monotone policy BARG for from the learning with errors (LWE) assumption. In this work, we describe a generic approach for constructing monotone policy BARGs from any BARG for together with an additively homomorphic encryption scheme. This yields the first constructions of monotone policy BARGs from the - assumption in prime-order pairing groups as well as the (subexponential) DDH assumption in pairing-free groups. Central to our construction is a notion of a zero-fixing hash function, which is a relaxed version of a predicate-extractable hash function from the work of Brakerski et al. Our relaxation enables a direct realization of zero-fixing hash functions from BARGs for and additively homomorphic encryption, whereas the previous notion relied on leveled homomorphic encryption, and by extension, the LWE assumption. As an application, we also show how to combine a monotone policy BARG with a puncturable signature scheme to obtain a monotone policy aggregate signature scheme. Our work yields the first (statically-secure) monotone policy aggregate signatures that supports general monotone Boolean circuits from standard pairing-based assumptions. Previously, this was only known from LWE.

Metadata

Available format(s): PDF
Category: Foundations
Publication info: A major revision of an IACR publication in TCC 2024
Keywords: monotone policy batch arguments BARG zero-fixing hash function
Contact author(s): shafik @ cs utexas edu
bwaters @ cs utexas edu
dwu4 @ cs utexas edu
History: 2024-10-03: last of 4 revisions; 2023-12-29: received; See all versions
Short URL: https://ia.cr/2023/1967
License: CC BY

BibTeX

@misc{cryptoeprint:2023/1967,
      author = {Shafik Nassar and Brent Waters and David J. Wu},
      title = {Monotone Policy {BARGs} from {BARGs} and Additively Homomorphic Encryption},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1967},
      year = {2023},
      url = {https://eprint.iacr.org/2023/1967}
}