Paper 2023/754

Batch Proofs are Statistically Hiding

Nir Bitansky, Tel Aviv University
Chethan Kamath, Indian Institute of Technology Bombay
Omer Paneth, Tel Aviv University
Ron Rothblum, Technion – Israel Institute of Technology
Prashant Nalini Vasudevan, National University of Singapore
Abstract

Batch proofs are proof systems that convince a verifier that , for some language , with communication that is much shorter than sending the witnesses. In the case of *statistical soundness* (where the cheating prover is unbounded but the honest prover is efficient given the witnesses), interactive batch proofs are known for , the class of *unique-witness* languages. In the case of computational soundness (where both honest and dishonest provers are efficient), *non-interactive* solutions are now known for all of , assuming standard lattice or group assumptions. We exhibit the first negative results regarding the existence of batch proofs and arguments: - Statistically sound batch proofs for imply that has a statistically witness indistinguishable () proof, with inverse polynomial error, and a non-uniform honest prover. The implication is unconditional for obtaining honest-verifier or for obtaining full-fledged from public-coin protocols, whereas for private-coin protocols full-fledged is obtained assuming one-way functions. This poses a barrier for achieving batch proofs beyond (where witness indistinguishability is trivial). In particular, assuming that does not have proofs, batch proofs for all of do not exist. - Computationally sound batch proofs (a.k.a batch arguments or s) for , together with one-way functions, imply statistical zero-knowledge () arguments for with roughly the same number of rounds, an inverse polynomial zero-knowledge error, and non-uniform honest prover. Thus, constant-round interactive s from one-way functions would yield constant-round arguments from one-way functions. This would be surprising as arguments are currently only known assuming constant-round statistically-hiding commitments. We further prove new positive implications of non-interactive batch arguments to non-interactive zero knowledge arguments (with explicit uniform prover and verifier): - Non-interactive s for , together with one-way functions, imply non-interactive computational zero-knowledge arguments for . Assuming also dual-mode commitments, the zero knowledge can be made statistical. Both our negative and positive results stem from a new framework showing how to transform a batch protocol for a language into an protocol for .

Note: Added a new result: NIBARG and OWF implies NICZKA.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
Preprint.
Keywords
Batch ProofsWitness IndistinguishabilityZero-Knowledge
Contact author(s)
nirbitan @ tau ac il
ckamath @ protonmail com
omerpa @ tauex tau ac il
rothblum @ cs technion ac il
prashant @ comp nus edu sg
History
2023-12-04: last of 4 revisions
2023-05-25: received
See all versions
Short URL
https://ia.cr/2023/754
License
No rights reserved
CC0

BibTeX

@misc{cryptoeprint:2023/754,
      author = {Nir Bitansky and Chethan Kamath and Omer Paneth and Ron Rothblum and Prashant Nalini Vasudevan},
      title = {Batch Proofs are Statistically Hiding},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/754},
      year = {2023},
      url = {https://eprint.iacr.org/2023/754}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.