Critical Rounds in Multi-Round Proofs: Proof of Partial Knowledge, Trapdoor Commitments, and Advanced Signatures

Masayuki Abe; David Balbás; Dung Bui; Miyako Ohkubo; Zehua Shang; Akira Takahashi; Mehdi Tibouchi

Paper 2024/1766

Critical Rounds in Multi-Round Proofs: Proof of Partial Knowledge, Trapdoor Commitments, and Advanced Signatures

Masayuki Abe

, NTT Social Informatics Laboratories

David Balbás

, IMDEA Software Institute, Universidad Politécnica de Madrid

Dung Bui

, IRIF, Université Paris Cité

Miyako Ohkubo

, NICT

Zehua Shang, Kyoto University

Akira Takahashi

, J.P. Morgan AI Research & AlgoCRYPT Center of Excellence

Mehdi Tibouchi

, NTT Social Informatics Laboratories

Abstract

Zero-knowledge simulators and witness extractors, initially developed for proving the security of proof systems, turned out to be also useful in constructing advanced protocols from simple three-move interactive proofs. However, in the context of multi-round public-coin protocols, the interfaces of these auxiliary algorithms become more complex, introducing a range of technical challenges that hinder the generalization of these constructions. We introduce a framework to enhance the usability of zero-knowledge simulators and witness extractors in multi-round argument systems for protocol designs. Critical-round zero-knowledge relies on the ability to perform complete zero-knowledge simulations by knowing the challenge of just one specific round in advance. Critical-round special soundness aims to address a stringent condition for witness extraction by formalizing it to operate with a smaller tree of transcripts than the one needed for extended extraction, which either outputs the intended witness or solves the underlying hard problem in an argument system. We show that these notions are satisfied by diverse protocols based on MPC-in-the-Head, interactive oracle proofs, and split-and-fold arguments. We demonstrate the usefulness of the critical round framework by constructing proofs of partial knowledge (Cramer, Damgård, and Schoenmakers, CRYPTO'94) and trapdoor commitments (Damgård, CRYPTO'89) from critical-round multi-round proofs. Furthermore, our results imply advancements in post-quantum secure adaptor signatures and threshold ring signatures based on MPC-in-the-Head, eliminating the need for (costly) generic NP reductions.

Note: Major revision. Includes several new sections and results.

Metadata

Available format(s): PDF
Category: Public-key cryptography
Publication info: Preprint.
Keywords: Multi-Round Proofs Critical Round Composition Trapdoor Commitment MPC-in-the-Head Adaptor Signatures
Contact author(s): abe masayuki @ iecl ntt co jp
david balbas @ imdea org
bui @ irif fr
m ohkubo @ nict go jp
shang zehua 23m @ st kyoto-u ac jp
takahashi akira 58s @ gmail com
mehdi tibouchi @ ntt com
History: 2025-05-15: last of 2 revisions; 2024-10-30: received; See all versions
Short URL: https://ia.cr/2024/1766
License: CC BY

BibTeX

@misc{cryptoeprint:2024/1766,
      author = {Masayuki Abe and David Balbás and Dung Bui and Miyako Ohkubo and Zehua Shang and Akira Takahashi and Mehdi Tibouchi},
      title = {Critical Rounds in Multi-Round Proofs: Proof of Partial Knowledge, Trapdoor Commitments, and Advanced Signatures},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1766},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1766}
}