Pouriya Alikhani,Nicolas Brunner,Claude Crépeau,Sébastien Designolle,Raphaël Houlmann,Weixu Shi,Nan Yang,Hugo Zbinden

DOI: https://doi.org/10.1038/s41586-021-03998-y

2022-02-16

Abstract:Protecting secrets is a key challenge in our contemporary information-based era. In common situations, however, revealing secrets appears unavoidable, for instance, when identifying oneself in a bank to retrieve money. In turn, this may have highly undesirable consequences in the unlikely, yet not unrealistic, case where the bank's security gets compromised. This naturally raises the question of whether disclosing secrets is fundamentally necessary for identifying oneself, or more generally for proving a statement to be correct. Developments in computer science provide an elegant solution via the concept of zero-knowledge proofs: a prover can convince a verifier of the validity of a certain statement without facilitating the elaboration of a proof at all. In this work, we report the experimental realisation of such a zero-knowledge protocol involving two separated verifier-prover pairs. Security is enforced via the physical principle of special relativity, and no computational assumption (such as the existence of one-way functions) is required. Our implementation exclusively relies on off-the-shelf equipment and works at both short (60 m) and long distances ($\geqslant$400 m) in about one second. This demonstrates the practical potential of multi-prover zero-knowledge protocols, promising for identification tasks and blockchain applications such as cryptocurrencies or smart contracts.

Cryptography and Security,Quantum Physics

Wei Liu,Jian Weng,Bingsheng Zhang,Kai He,Junjie Huang

DOI: https://doi.org/10.1016/j.ins.2022.09.026

IF: 8.1

2022-01-01

Information Sciences

Abstract:Non-interactive zero-knowledge (NIZK) proof systems are very useful for statement verification without interaction in cryptography; they entail just one message, called the proof, that convinces the verifier of the truth of the statement without leaking any extra information. Many NIZK proof systems are related to quadratic residuosity languages and follow three main steps. First, the prover and the verifier sample a common reference string (CRS) in some particular form. Second, the prover proves that n is a Blum integer (BL , n = p 1 t 1 · p 2 t 2, where p 1 and p 2 are different primes both congruent to 3 modulo 4, and t 1 and t 2 are odd). Third, various statements (e.g., NQR n , OR n , AND n , T ( k , t ), and 3 SAT) can be proven by the prover based on the properties of BL . In this study, we improve the NIZK proof system for n ∈ BL based on the special distribution of the square roots modulo n and embed this proof in the third step. Moreover, we show that the CRS can be sampled more efficiently using the improved process.

Ying Huang,Xiaoying Zheng,Yongxin Zhu,Xiangcong Kong,Xinru Jing

DOI: https://doi.org/10.1109/ISPA-BDCloud-SocialCom-SustainCom52081.2021.00098

2021-01-01

Abstract:Zero-knowledge proofs help to protect the privacy and security of blockchains by keeping the transaction information private. Bulletproofs are the state-of-the-art zero-knowledge technologies that perform confidential transactions without a trusted setup. However, Bulletproofs are still computationally inefficient to be applied in blockchain applications, and it is of great significance to paralle...

Kaiyan Shi,Kaushik Chakraborty,Wen Yu Kon,Omar Amer,Marco Pistoia,Charles Lim

2024-09-05

Abstract:We initiate the study of relativistic zero-knowledge quantum proof of knowledge systems with classical communication, formally defining a number of useful concepts and constructing appropriate knowledge extractors for all the existing protocols in the relativistic setting which satisfy a weaker variant of the special soundness property due to Unruh (EUROCRYPT 2012). We show that there exists quantum proofs of knowledge with knowledge error 1/2 + negl({\eta}) for all relations in NP via a construction of such a system for the Hamiltonian cycle relation using a general relativistic commitment scheme exhibiting the fairly-binding property due to Fehr and Fillinger (EUROCRYPT 2016). We further show that one can construct quantum proof of knowledge extractors for proof systems which do not exhibit special soundness, and therefore require an extractor to rewind multiple times. We develop a new multi-prover quantum rewinding technique by combining ideas from monogamy of entanglement and gentle measurement lemmas that can break the quantum rewinding barrier. Finally, we prove a new bound on the impact of consecutive measurements and use it to significantly improve the soundness bound of some existing relativistic zero knowledge proof systems, such as the one due to Chailloux and Leverrier (EUROCRYPT 2017).

Quantum Physics,Cryptography and Security

Yunlei Zhao,Robert Deng,Binyu Zang,Yiming Zhao

2005-01-01

Abstract:Zero-knowledge (ZK) plays a central role in the field of modern cryptography and is a very powerful tool for constructing various cryptographic protocols, especially cryptographic protocols in E-commerce. Unfortunately, most ZK protocols are for general NP languages with going through general NP-reductions, and thus cannot be directly employed in practice. On the other hand, a large number of protocols, named ∑-protocols, are developed in industry and in the field of applied cryptography for specific number-theoretic languages (e.g. DLP and RSA), which preserves the ZK property only with respect to honest verifiers (i.e., they are not real ZK) but are highly practical. In this work, we show a generic yet practical transformation from ∑-protocols to practical (real) ZK arguments without general NP-reductions under either the DLP or RSA assumptions. © Springer-Verlag Berlin Heidelberg 2005.

Ronald Cramer,Ivan Damgard,Chaoping Xing,Chen Yuan

DOI: https://doi.org/10.1007/978-3-319-56620-7_17

2017-01-01

Abstract:We propose a new zero-knowledge protocol for proving knowledge of short preimages under additively homomorphic functions that map integer vectors to an Abelian group. The protocol achieves amortized efficiency in that it only needs to send O(n) function values to prove knowledge of n preimages. Furthermore we significantly improve previous bounds on how short a secret we can extract from a dishonest prover, namely our bound is a factor O(k) larger than the size of secret used by the honest prover, where k is the statistical security parameter. In the best previous result, the factor was O(k(log k) n). Our protocol can be applied to give proofs of knowledge for plaintexts in (Ring-) LWE-based cryptosystems, knowledge of preimages of homomorphic hash functions as well as knowledge of committed values in some integer commitment schemes.

Yunlei Zhao,Robert H. Deng,Binyu Zang,Yiming Zhao

DOI: https://doi.org/10.1007/11600930_28

2005-01-01

Abstract:Zero-knowledge (ZK) plays a central role in the field of modern cryptography and is a very powerful tool for constructing various cryptographic protocols, especially cryptographic protocols in E-commerce. Unfortunately, most ZK protocols are for general \(\mathcal{NP}\) languages with going through general \(\mathcal{NP}\)-reductions, and thus cannot be directly employed in practice. On the other hand, a large number of protocols, named Σ-protocols, are developed in industry and in the field of applied cryptography for specific number-theoretic languages (e.g. DLP and RSA), which preserves the ZK property only with respect to honest verifiers (i.e., they are not real ZK) but are highly practical. In this work, we show a generic yet practical transformation from Σ-protocols to practical (real) ZK arguments without general \(\mathcal{NP}\)-reductions under either the DLP or RSA assumptions.

Mario Alessandro Barbara

DOI: https://doi.org/10.48550/arXiv.1908.02327

2019-08-31

Abstract:Recent advances in the cryptographic field of "Zero-Knowledge Proofs" have sparked a new wave of research, giving birth to many exciting theoretical approaches in the last few years. Such research has often overlapped with the need for private and scalable solutions of Blockchain-based communities, resulting in the first practical implementations of such systems. Many of these innovative constructions have developed in parallel, using different terminologies and evolving into a fragmented ecosystem, calling for their consolidation into the more stable domain of "Verifiable Computation". In this master thesis I propose a unifying Verifiable Computation model for the simplification and efficient comparison of all cryptographic proof systems. I take advantage of this model to analyse innovative technologies (Homomorphic Authenticators, Verifiable Delay Functions) which developed into their own specialised domains, and I attempt to make them more accessible for newcomers to the field. Furthermore, I expand on the future of Verifiable Computation, Universal proof compilers and "Proofs of All", by approaching the state-of-the-art zk-STARK construction from a more accessible and informal design perspective.

Cryptography and Security

Bin Lian,Gongliang Chen,Jianhua Li

DOI: https://doi.org/10.14257/ijsia.2015.9.3.17

2015-01-01

International Journal of Security and Its Applications

Abstract:Zero-knowledge proof protocol is a basic cryptographic technique. And zero-knowledge proof of double discrete logarithm has some particular properties, so it has been widely applied in many security systems. But the efficient problem of zero-knowledge proof of double discrete logarithm has not been solved to this day, since there are some special difficulties in computing this kind of knowledge proof. Hence, the time complexity and the space complexity of existing schemes are all O(k), where k is a security parameter. After redesigning the basic construction of knowledge proof, we provide a new zero-knowledge proof of double discrete logarithm, which is the first scheme with O(1) time complexity and O(1) space complexity. If introducing an off-line TTP (trusted third party), we can provide two additional zero-knowledge proof schemes of double discrete logarithm, one is even more efficient than the first one, the other one solves another open problem, which is how to efficiently prove the equality of double discrete logarithms in zero-knowledge way, and the existing techniques cannot solve this problem. We also provide the detailed security proofs of our designs and efficiency analysis, comparing with the existing schemes. The significant improvement in efficiency of this basic cryptographic technique is also helpful for many security systems.

Foteini Baldimtsi,Aggelos Kiayias,Thomas Zacharias,Bingsheng Zhang

DOI: https://doi.org/10.1007/978-3-662-53890-6_30

2016-01-01

Abstract:We introduce a new class of protocols called Proofs of Work or Knowledge PoWorKs. In a PoWorK, a prover can convince a verifier that she has either performed work or that she possesses knowledge of a witness to a public statement without the verifier being able to distinguish which of the two has taken place. We formalize PoWorK in terms of three properties, completeness, f-soundness and indistinguishability where f is a function that determines the tightness of the proof of work aspect and present a construction that transforms 3-move HVZK protocols into 3-move public-coin PoWorKs. To formalize the work aspect in a PoWorK﾿protocol we define cryptographic puzzles that adhere to certain uniformity conditions, which may also be of independent interest. We instantiate our puzzles in the random oracle RO model as well as via constructing \"dense\" versions of suitably hard one-way functions. We then showcase PoWorK﾿protocols by presenting a number of applications. We first show how non-interactive PoWorKs can be used to reduce spam email by forcing users sending an e-mail to either prove to the mail server they are approved contacts of the recipient or to perform computational work. As opposed to previous approaches that applied proofs of work to this problem, our proposal of using PoWorKs is privacy-preserving as it hides the list of the receiver's approved contacts from the mail server. Our second application, shows how PoWorK can be used to compose cryptocurrencies that are based on proofs of work \"Bitcoin-like\" with cryptocurrencies that are based on knowledge relations these include cryptocurrencies that are based on \"proof of stake\", and others. The resulting PoWorK-based cryptocurrency inherits the robustness properties of the underlying two systems while PoWorK-indistinguishability ensures a uniform population of miners. Finally, we show that PoWorK﾿protocols imply straight-line quasi-polynomial simulatable arguments of knowledge and based on our construction we obtain an efficient straight-line concurrent 3-move statistically quasi-polynomial simulatable argument of knowledge.

Graham Cormode,Marcel Dall'Agnol,Tom Gur,Chris Hickey

DOI: https://doi.org/10.4230/LIPIcs.CCC.2024.2

2024-05-25

Abstract:Streaming interactive proofs (SIPs) enable a space-bounded algorithm with one-pass access to a massive stream of data to verify a computation that requires large space, by communicating with a powerful but untrusted prover. This work initiates the study of zero-knowledge proofs for data streams. We define the notion of zero-knowledge in the streaming setting and construct zero-knowledge SIPs for the two main algorithmic building blocks in the streaming interactive proofs literature: the sumcheck and polynomial evaluation protocols. To the best of our knowledge all known streaming interactive proofs are based on either of these tools, and indeed, this allows us to obtain zero-knowledge SIPs for central streaming problems such as index, point and range queries, median, frequency moments, and inner product. Our protocols are efficient in terms of time and space, as well as communication: the verifier algorithm's space complexity is $\mathrm{polylog}(n)$ and, after a non-interactive setup that uses a random string of near-linear length, the remaining parameters are $n^{o(1)}$. En route, we develop an algorithmic toolkit for designing zero-knowledge data stream protocols, consisting of an algebraic streaming commitment protocol and a temporal commitment protocol.Our analyses rely on delicate algebraic and information-theoretic arguments and reductions from average-case communication complexity.

Computational Complexity,Data Structures and Algorithms

Ryan Lavin,Xuekai Liu,Hardhik Mohanty,Logan Norman,Giovanni Zaarour,Bhaskar Krishnamachari

2024-08-01

Abstract:Zero-knowledge proofs (ZKPs) represent a revolutionary advance in computational integrity and privacy technology, enabling the secure and private exchange of information without revealing underlying private data. ZKPs have unique advantages in terms of universality and minimal security assumptions when compared to other privacy-sensitive computational methods for distributed systems, such as homomorphic encryption and secure multiparty computation. Their application spans multiple domains, from enhancing privacy in blockchain to facilitating confidential verification of computational tasks. This survey starts with a high-level overview of the technical workings of ZKPs with a focus on an increasingly relevant subset of ZKPs called zk-SNARKS. While there have been prior surveys on the algorithmic and theoretical aspects of ZKPs, our work is distinguished by providing a broader view of practical aspects and describing many recently-developed use cases of ZKPs across various domains. These application domains span blockchain privacy, scaling, storage, and interoperability, as well as non-blockchain applications like voting, authentication, timelocks, and machine learning. Aimed at both practitioners and researchers, the survey also covers foundational components and infrastructure such as zero-knowledge virtual machines (zkVM), domain-specific languages (DSLs), supporting libraries, frameworks, and protocols. We conclude with a discussion on future directions, positioning ZKPs as pivotal in the advancement of cryptographic practices and digital privacy across many applications.

Cryptography and Security,Computational Complexity

Hongrui Cui,Kaiyi Zhang,Yu Chen,Zhen Liu,Yu Yu

DOI: https://doi.org/10.1007/978-3-030-88428-4_17

2021-01-01

Abstract:With the rapid development of distributed computing, the traditional zero-knowledge proofs (ZKP) are becoming less adequate for privacy-preserving applications in the distributed setting. Take "double financing" as an example: multiple financial providers jointly prove that the sum of their committed values is no more than a given threshold, which generalizes the "range proof" to the multiple-prover setting. Therefore, traditional zero-knowledge proof does not seemingly lend itself to this problem on its own. We identify and fill this gap by formalizing the ZKP system in the multi-prover setting (MPZK) that proves arbitrary NP statements with distributed witnesses. Our MPZK system offers zero-knowledge as long as one prover is honest (while others can collude arbitrarily), and thus is applicable to "double financing" , "credit checking" , and various other multi-prover applications. We then propose a generic black-box construction from multiparty computation, referred to as "MPC-in-Multi-Heads" , and prove its security under the simulation-based paradigm. We also offer a proof-of-concept implementation and present its experimental results.

Nikolaj Sidorenco,Sabine Oechsner,Bas Spitters

DOI: https://doi.org/10.1109/csf51468.2021.00050

2021-06-01

Abstract:Zero-knowledge proofs allow a prover to convince a verifier of the veracity of a statement without revealing any other information. An interesting class of zero-knowledge protocols are those following the MPC-in-the-head paradigm (Ishai et al., STOC ’07) which use secure multiparty computation (MPC) protocols as the basis. Efficient instances of this paradigm have emerged as an active research topic in the last years, starting with ZKBoo (Giacomelli et al., USENIX ’16). Zero-knowledge protocols are a vital building block in the design of privacy-preserving technologies as well as cryptographic primitives like digital signature schemes that provide post-quantum security. This work investigates the security of zero-knowledge protocols following the MPC-in-the-head paradigm. We provide the first machine-checked security proof of such a protocol on the example of ZKBoo. Our proofs are checked in the EasyCrypt proof assistant. To enable a modular security proof, we develop a new security notion for the MPC protocols used in MPC-in-the-head zero-knowledge protocols. This allows us to recast existing security proofs in a black-box fashion which we believe to be of independent interest.

Mark Carney

2023-08-07

Abstract:This paper presents a new method for quantum identity authentication (QIA) protocols. The logic of classical zero-knowledge proofs (ZKPs) due to Schnorr is applied in quantum circuits and algorithms. This novel approach gives an exact way with which a prover $P$ can prove they know some secret by encapsulating it in a quantum state before sending to a verifier $V$ by means of a quantum channel - allowing for a ZKP wherein an eavesdropper or manipulation can be detected with a fail-safe design. This is achieved by moving away from the hardness of the Discrete Logarithm Problem towards the hardness of estimating quantum states. This paper presents a method with which this can be achieved and some bounds for the security of the protocol provided. With the anticipated advent of a `quantum internet', such protocols and ideas may soon have utility and execution in the real world.

Quantum Physics,Cryptography and Security

Claude Crépeau,John Stuart

2023-04-20

Abstract:A Zero-Knowledge Protocol (ZKP) allows one party to convince another party of a fact without disclosing any extra knowledge except the validity of the fact. For example, it could be used to allow a customer to prove their identity to a potentially malicious bank machine without giving away private information such as a personal identification number. This way, any knowledge gained by a malicious bank machine during an interaction cannot be used later to compromise the client's banking account. An important tool in many ZKPs is bit commitment, which is essentially a digital way for a sender to put a message in a lock-box, lock it, and send it to the receiver. Later, the key is sent for the receiver to open the lock box and read the message. This way, the message is hidden from the receiver until they receive the key, and the sender is unable to change their mind after sending the lock box. In this paper, the homomorphic properties of a particular multi-party commitment scheme are exploited to allow the receiver to perform operations on commitments, resulting in polynomial time ZKPs for two NP-Complete problems: the Subset Sum Problem and 3SAT. These ZKPs are secure with no computational restrictions on the provers, even with shared quantum entanglement. In terms of efficiency, the Subset Sum ZKP is competitive with other practical quantum-secure ZKPs in the literature, with less rounds required, and fewer computations.

Quantum Physics,Cryptography and Security

Wouter Lueks,Bogdan Kulynych,Jules Fasquelle,Simon Le Bail-Collet,Carmela Troncoso

DOI: https://doi.org/10.1145/3338498.3358653

2019-11-11

Abstract:Zero-knowledge proofs are an essential building block in many privacy-preserving systems. However, implementing these proofs is tedious and error-prone. In this paper, we present zksk, a well-documented Python library for defining and computing sigma protocols: the most popular class of zero-knowledge proofs. In zksk, proofs compose: programmers can convert smaller proofs into building blocks that then can be combined into bigger proofs. zksk features a modern Python-based domain-specific language. This makes possible to define proofs without learning a new custom language, and to benefit from the rich Python syntax and ecosystem. The library is available at <a class="link-external link-https" href="https://github.com/spring-epfl/zksk" rel="external noopener nofollow">this https URL</a>

Cryptography and Security,Software Engineering

Eduardo Morais,Tommy Koens,Cees van Wijk,Aleksei Koren

DOI: https://doi.org/10.48550/arXiv.1907.06381

2019-07-15

Abstract:In last years, there has been an increasing effort to leverage Distributed Ledger Technology (DLT), including blockchain. One of the main topics of interest, given its importance, is the research and development of privacy mechanisms, as for example is the case of Zero Knowledge Proofs (ZKP). ZKP is a cryptographic technique that can be used to hide information that is put into the ledger, while still allowing to perform validation of this data. In this work we describe different strategies to construct Zero Knowledge Range Proofs (ZKRP), as for example the scheme proposed by Boudot in 2001; the one proposed in 2008 by Camenisch et al, and Bulletproofs, proposed in 2017. We also compare these strategies and discuss possible use cases. Since Bulletproofs is the most efficient construction, we will give a detailed description of its algorithms and optimizations. Bulletproofs is not only more efficient than previous schemes, but also avoids the trusted setup, which is a requirement that is not desirable in the context of Distributed Ledger Technology (DLT) and blockchain. In case of cryptocurrencies, if the setup phase is compromised, it would be possible to generate money out of thin air. Interestingly, Bulletproofs can also be used to construct generic Zero Knowledge Proofs (ZKP), in the sense that it can be used to prove generic statements, and thus it is not only restricted to ZKRP, but it can be used for any kind of Proof of Knowledge (PoK). Hence Bulletproofs leads to a more powerful tool to provide privacy for DLT. Here we describe in detail the algorithms involved in Bulletproofs protocol for ZKRP. Also, we present our implementation, which was open sourced.

Cryptography and Security

Shafi Goldwasser,Silvio Micali,Charles Rackoff

DOI: https://doi.org/10.1137/0218012

1989-02-01

SIAM Journal on Computing

Abstract:Usually, a proof of a theorem contains more knowledge than the mere fact that the theorem is true. For instance, to prove that a graph is Hamiltonian it suffices to exhibit a Hamiltonian tour in it; however, this seems to contain more knowledge than the single bit Hamiltonian/non-Hamiltonian. In this paper a computational complexity theory of the knowledge contained in a proof is developed. Zero-knowledge proofs are defined as those proofs that convey no additional knowledge other than the correctness of the proposition in question. Examples of zero-knowledge proof systems are given for the languages of quadratic residuosity and &#x27;quadratic nonresiduosity. These are the first examples of zero-knowledge proofs for languages not known to be efficiently recognizable.

computer science, theory & methods,mathematics, applied

Tao Lu,Chengkun Wei,Ruijing Yu,Chaochao Chen,Wenjing Fang,Lei Wang,Zeke Wang,Wenzhi Chen

DOI: https://doi.org/10.46586/tches.v2023.i3.194-220

2023-01-01

IACR Transactions on Cryptographic Hardware and Embedded Systems

Abstract:Zero-knowledge proof is a critical cryptographic primitive. Its most practical type, called zero-knowledge Succinct Non-interactive ARgument of Knowledge (zkSNARK), has been deployed in various privacy-preserving applications such as cryptocurrencies and verifiable machine learning. Unfortunately, zkSNARK like Groth16 has a high overhead on its proof generation step, which consists of several time-consuming operations, including large-scale matrix-vector multiplication (MUL), number-theoretic transform (NTT), and multi-scalar multiplication (MSM). Therefore, this paper presents cuZK, an efficient GPU implementation of zkSNARK with the following three techniques to achieve high performance. First, we propose a new parallel MSM algorithm. This MSM algorithm achieves nearly perfect linear speedup over the Pippenger algorithm, a well-known serial MSM algorithm. Second, we parallelize the MUL operation. Along with our self-designed MSM scheme and well-studied NTT scheme, cuZK achieves the parallelization of all operations in the proof generation step. Third, cuZK reduces the latency overhead caused by CPU-GPU data transfer by 1) reducing redundant data transfer and 2) overlapping data transfer and device computation. The evaluation results show that our MSM module provides over 2.08x (up to 2.94x) speedup versus the state-of-the-art GPU implementation. cuZK achieves over 2.65x (up to 4.86x) speedup on standard benchmarks and 2.18× speedup on a GPU-accelerated cryptocurrency application, Filecoin.