Huang Guifang,Lin Dongdai

DOI: https://doi.org/10.23919/cje.2009.10138270

2009-01-01

Abstract:In asynchronous network communication, non-malleability is required to resist against man-in-the-middle attack. Based on the existence of one-way permutation, we propose two unbounded non-malleable Non-interactive zero knowledge (NIZK) protocols. Firstly, by using NIZK argument of knowledge instead of Omega-protocol as a building block, we transform 5-rounds concurrent non-malleable zero knowledge argument in the Common reference string (CRS) model([15]) to non-malleable NIZK argument. The transformation achieves optimal round efficiency in the same model. Secondly, we simplify the second scheme in CRYPO'01([8]) by using the technique hidden unduplicatable set selection. In the simplified scheme, the CRS is much shorter and statements to be proved in the two NIZK sub-protocols are simplified.

Wei Liu,Jian Weng,Bingsheng Zhang,Kai He,Junjie Huang

DOI: https://doi.org/10.1016/j.ins.2022.09.026

IF: 8.1

2022-01-01

Information Sciences

Abstract:Non-interactive zero-knowledge (NIZK) proof systems are very useful for statement verification without interaction in cryptography; they entail just one message, called the proof, that convinces the verifier of the truth of the statement without leaking any extra information. Many NIZK proof systems are related to quadratic residuosity languages and follow three main steps. First, the prover and the verifier sample a common reference string (CRS) in some particular form. Second, the prover proves that n is a Blum integer (BL , n = p 1 t 1 · p 2 t 2, where p 1 and p 2 are different primes both congruent to 3 modulo 4, and t 1 and t 2 are odd). Third, various statements (e.g., NQR n , OR n , AND n , T ( k , t ), and 3 SAT) can be proven by the prover based on the properties of BL . In this study, we improve the NIZK proof system for n ∈ BL based on the special distribution of the square roots modulo n and embed this proof in the third step. Moreover, we show that the CRS can be sampled more efficiently using the improved process.

Yi Deng,Dongdai Lin

DOI: https://doi.org/10.1007/978-3-540-72540-4_9

2007-01-01

Abstract:We introduce a notion of instance-dependent verifiable random functions (InstD-VRFs for short). Informally, an InstD-VRF is, in some sense, a verifiable random function [23] with a special public key, which is generated via a (possibly)interactive protocol and contains an instance y ∈ L ∩ {0,1}* for a specific NP language L, but the security requirements on such a function are relaxed: we only require the pseudorandomness property when y ∈ L and only require the uniqueness property when y ∉ L, instead of requiring both pseudorandomness and uniqueness to hold simultaneously. We show that this notion can be realized under standard assumption.Our motivation is the conjecture posed by Barak et al.[2], which states there exist resettably-sound resettable zero knowledge arguments for NP. The instance-dependent verifiable random functions is a powerful tool to tackle this problem. We first use them to obtain two interesting instance-dependent argument systems from the Barak’s public-coin bounded concurrent zero knowledge argument [1], and then, weConstruct the first (constant round) zero knowledge arguments for NP enjoying a certain simultaneous resettability under standard hardness assumptions in the plain model, which we call bounded-class resettable ZK arguments with weak resettable-soundness Though the malicious party (prover or verifier) in such system is limited to a kind of bounded resetting attack, We put NO restrictions on the number of the total resets made by malicious party.show that, under standard assumptions, if there exist public-coin concurrent zero knowledge arguments for NP, there exist the resettably-sound resetable zero knowledge arguments for NP.

Nir Bitansky

DOI: https://doi.org/10.1007/s00145-019-09331-1

2019-09-04

Journal of Cryptology

Abstract:<span><em class="EmphasisTypeItalic">Verifiable random functions</em> (VRFs) are pseudorandom functions where the owner of the seed, in addition to computing the function's value <em class="EmphasisTypeItalic">y</em> at any point <em class="EmphasisTypeItalic">x</em>, can also generate a non-interactive proof <span class="InlineEquation">\(\pi \)</span> that <em class="EmphasisTypeItalic">y</em> is correct, without compromising pseudorandomness at other points. Being a natural primitive with a wide range of applications, considerable efforts have been directed toward the construction of such VRFs. While these efforts have resulted in a variety of algebraic constructions (from bilinear maps or the RSA problem), the relation between VRFs and other general primitives is still not well understood. We present new constructions of VRFs from general primitives, the main one being <em class="EmphasisTypeItalic">non-interactive witness-indistinguishable proofs</em> (NIWIs). This includes: (1) a selectively secure VRF assuming NIWIs and non-interactive commitments. As usual, the VRF can be made adaptively secure assuming subexponential hardness of the underlying primitives. (2) An adaptively secure VRF assuming (polynomially hard) NIWIs, non-interactive commitments, and (<em class="EmphasisTypeItalic">single-key</em>) <em class="EmphasisTypeItalic">constrained pseudorandom functions</em> for a restricted class of constraints. The above primitives can be instantiated under various standard assumptions, which yields corresponding VRF instantiations, under different assumptions than were known so far. One notable example is a non-uniform construction of VRFs from subexponentially hard trapdoor permutations, or more generally, from <em class="EmphasisTypeItalic">verifiable pseudorandom generators</em> (the construction can be made uniform under a standard derandomization assumption). This partially answers an open question by Dwork and Naor (FOCS '00). The construction and its analysis are quite simple. Both draw from ideas commonly used in the context of <em class="EmphasisTypeItalic">indistinguishability obfuscation</em>.</span>

computer science, theory & methods,engineering, electrical & electronic,mathematics, applied

Shaofen Xie,Wang Yao,Faguo Wu,Zhiming Zheng

DOI: https://doi.org/10.1371/journal.pone.0256372

IF: 3.7

2021-08-20

PLoS ONE

Abstract:Lattice-based non-interactive zero-knowledge proof has been widely used in one-way communication and can be effectively applied to resist quantum attacks. However, lattice-based non-interactive zero-knowledge proof schemes have long faced and paid more attention to some efficiency issues, such as proof size and verification time. In this paper, we propose the non-interactive zero-knowledge proof schemes from RLWE-based key exchange by making use of the Hash function and public-key encryption. We then show how to apply the proposed schemes to achieve the fixed proof size and rapid public verification. Compared with previous approaches, our schemes can realize better effectiveness in proof size and verification time. In addition, the proposed schemes are secure from completeness, soundness, and zero-knowledge.

multidisciplinary sciences

Pouriya Alikhani,Nicolas Brunner,Claude Crépeau,Sébastien Designolle,Raphaël Houlmann,Weixu Shi,Nan Yang,Hugo Zbinden

DOI: https://doi.org/10.1038/s41586-021-03998-y

2022-02-16

Abstract:Protecting secrets is a key challenge in our contemporary information-based era. In common situations, however, revealing secrets appears unavoidable, for instance, when identifying oneself in a bank to retrieve money. In turn, this may have highly undesirable consequences in the unlikely, yet not unrealistic, case where the bank's security gets compromised. This naturally raises the question of whether disclosing secrets is fundamentally necessary for identifying oneself, or more generally for proving a statement to be correct. Developments in computer science provide an elegant solution via the concept of zero-knowledge proofs: a prover can convince a verifier of the validity of a certain statement without facilitating the elaboration of a proof at all. In this work, we report the experimental realisation of such a zero-knowledge protocol involving two separated verifier-prover pairs. Security is enforced via the physical principle of special relativity, and no computational assumption (such as the existence of one-way functions) is required. Our implementation exclusively relies on off-the-shelf equipment and works at both short (60 m) and long distances ($\geqslant$400 m) in about one second. This demonstrates the practical potential of multi-prover zero-knowledge protocols, promising for identification tasks and blockchain applications such as cryptocurrencies or smart contracts.

Cryptography and Security,Quantum Physics

Rafik Chaabouni,Helger Lipmaa,Bingsheng Zhang

DOI: https://doi.org/10.1007/978-3-642-32946-3_14

2012-01-01

Abstract:In a range proof, the prover convinces the verifier in zero-knowledge that he has encrypted or committed to a value a ∈ [0, H] where H is a public constant. Most of the previous non-interactive range proofs have been proven secure in the random oracle model. We show that one of the few previous non-interactive range proofs in the common reference string (CRS) model, proposed by Yuen et al. in COCOON 2009, is insecure. We then construct a secure non-interactive range proof that works in the CRS model. The new range proof can have (by different instantiations of the parameters) either very short communication (14 080 bits) and verifier’s computation (81 pairings), short combined CRS length and communication (log1 / 2 + o (1) H group elements), or very efficient prover’s computation (Θ(logH) exponentiations).

Yevgeniy Dodis,Aleksandr Yampolskiy

DOI: https://doi.org/10.1007/978-3-540-30580-4_28

2005-01-01

Abstract:We give a simple and efficient construction of a verifiable random function (VRF) on bilinear groups. Our construction is direct. In contrast to prior VRF constructions [14,15], it avoids using an inefficient Goldreich-Levin transformation, thereby saving several factors in security. Our proofs of security are based on a decisional bilinear Diffie-Hellman inversion assumption, which seems reasonable given current state of knowledge. For small message spaces, our VRF’s proofs and keys have constant size. By utilizing a collision-resistant hash function, our VRF can also be used with arbitrary message spaces. We show that our scheme can be instantiated with an elliptic group of very reasonable size. Furthermore, it can be made distributed and proactive.

Xiangyu Liu,Shengli Liu,Shuai Han,Dawu Gu

DOI: https://doi.org/10.1007/978-3-031-31371-4_17

2023-01-01

Abstract:In this paper, we propose a new type of non-interactive zero-knowledge (NIZK), called Fine-grained Verifier NIZK (FV-NIZK), which provides more flexible and more fine-grained verifiability of proofs than standard NIZK that supports public verifiability and designated-verifier NIZK (DV-NIZK) that supports private verifiability. FV-NIZK has two statistically equivalent verification approaches: We require unbounded simulation soundness (USS) of FV-NIZK to hold, even if an adversary obtains derived secret keys $$sk_d$$ with d of its choices, and define proof pseudorandomness which stipulates the pseudorandomness of proofs for adversaries that are not given any secret key. We present two instantiations of FV-NIZK for linear subspace languages, based on the matrix decisional Diffie-Hellman (MDDH) assumption. One of the FV-NIZK instantiations is pairing-free and achieves almost tight USS and proof pseudorandomness. We illustrate the usefulness of FV-NIZK by showing two applications and obtain the following pairing-free schemes:

Bong Gon Kim,Dennis Wong,Yoon Seok Yang

DOI: https://doi.org/10.5121/csit.2023.132104

2024-02-07

Abstract:We present a secure and private blockchain-based Verifiable Random Function (VRF) scheme addressing some limitations of classical VRF constructions. Given the imminent quantum computing adversarial scenario, conventional cryptographic methods face vulnerabilities. To enhance our VRF's secure randomness, we adopt post-quantum Ring-LWE encryption for synthesizing pseudo-random sequences. Considering computational costs and resultant on-chain gas costs, we suggest a bifurcated architecture for VRF design, optimizing interactions between on-chain and off-chain. Our approach employs a secure ring signature supported by NIZK proof and a delegated key generation method, inspired by the Chaum-Pedersen equality proof and the Fiat-Shamir Heuristic. Our VRF scheme integrates multi-party computation (MPC) with blockchain-based decentralized identifiers (DID), ensuring both security and randomness. We elucidate the security and privacy aspects of our VRF scheme, analyzing temporal and spatial complexities. We also approximate the entropy of the VRF scheme and detail its implementation in a Solidity contract. Also, we delineate a method for validating the VRF's proof, matching for the contexts requiring both randomness and verification. Conclusively, using the NIST SP800-22 of the statistical randomness test suite, our results exhibit a 98.86% pass rate over 11 test cases, with an average p-value of 0.5459 from 176 total tests.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Muhua Liu,Ping Zhang,Qingtao Wu

DOI: https://doi.org/10.1155/2019/4187892

IF: 1.968

2019-01-01

Security and Communication Networks

Abstract:Constrained verifiable random functions (VRFs) were introduced by Fuchsbauer. In a constrained VRF, one can drive a constrained key skS from the master secret key sk, where S is a subset of the domain. Using the constrained key skS, one can compute function values at points which are not in the set S. The security of constrained VRFs requires that the VRFs’ output should be indistinguishable from a random value in the range. They showed how to construct constrained VRFs for the bit-fixing class and the circuit constrained class based on multilinear maps. Their construction can only achieve selective security where an attacker must declare which point he will attack at the beginning of experiment. In this work, we propose a novel construction for constrained verifiable random function from bilinear maps and prove that it satisfies a new security definition which is stronger than the selective security. We call it semiadaptive security where the attacker is allowed to make the evaluation queries before it outputs the challenge point. It can immediately get that if a scheme satisfied semiadaptive security, and it must satisfy selective security.

Fuchun Lin,Chaoping Xing,Yizhou Yao

DOI: https://doi.org/10.1007/978-3-031-68400-5_13

2024-01-01

Abstract:A recent line of works on zero-knowledge (ZK) protocols with a vector oblivious linear function evaluation (VOLE)-based offline phase provides a new paradigm for scalable ZK protocols featuring fast proving and small prover memory. Very recently, Baum et al. (Crypto'23) proposed the VOLE-in-the-head technique, allowing such protocols to become publicly verifiable. Many practically efficient protocols for proving circuit satisfiability over any Galois field are implemented, while protocols over rings Z(2k) are significantly lagging behind, with only a proof-of-concept pioneering work called Appenzeller to Brie (CCS'21) and a first proposal called MozZ(2k) arella (Crypto'22). The ring Z(232) or Z(264), though highly important (it captures computation in real-life programming and the computer architectures such as CPU words), presents non-trivial difficulties because, for example, unlike Galois fields F-2k, the fraction of units in Z(2k) is 1/2. In this work, we first construct ZK protocols over a high degree Galois ring extension of Z(2k) (fraction of units close to 1) and then convert them to Z(2k) efficiently using amortization techniques. Our results greatly change the landscape of ZK protocols over Z(2k). (1) We propose a competing ZK protocol that has many advantages over the state-of-the-art MozZ(2k) arella. We remove the undesirable dependence of communication complexity on the security parameter, and achieve communication complexity strictly linear in the circuit size. Furthermore, our protocol has better concrete efficiency. For 40, 80 bits soundness on circuits over Z(232) and Z(264), we offer 1.15x-2.9x improvements in communication. (2) Inspired by the recently proposed interactive message authentication code technique (Weng et al., CCS'22), we construct a constant round ZK protocol over Z(2k) with sublinear (in the circuit size) communication complexity, which was previously achieved only over fields. (3) We show that the pseudorandom correlation generator approach can be adapted to efficiently implement VOLE over Galois rings, with analysis of the hardness of underlying LPN assumptions over Galois rings. (4) We adapt the VOLE-in-the-head technique to make it work for Z(2k), yielding publicly verifiable non-interactive ZK protocols over Z(2k) which preserve most of the efficiency metrics of the VOLE-based ZK protocols.

Moti Yung,Yunlei Zhao

DOI: https://doi.org/10.1007/11681878_2

2006-01-01

Abstract:We investigate the design and proofs of zero-knowledge (ZK) interactive systems under what we call the “restricted random oracle model” which restrains the usage of the oracle in the protocol design to that of collapsing protocol rounds a la Fiat-Shamir heuristics, and limits the oracle programmability in the security proofs. We analyze subtleties resulting from the involvement of random oracles in the interactive setting and derive our methodology. Then we investigate the Feige-Shamir 4-round ZK argument for $\mathcal{NP}$ in this model: First we show that a 2-round protocol is possible for a very interesting set of languages; we then show that while the original protocol is not concurrently secure in the public-key model, a modified protocol in our model is, in fact, concurrently secure in the bare public-key model. We point at applications and implications of this fact. Of possible independent interest is a concurrent attack against the Feige-Shamir ZK in the public-key model (for which it was not originally designed).

David Niehues

DOI: https://doi.org/10.1007/978-3-030-75248-4_3

2021-01-01

Abstract:Verifiable random functions (VRFs), introduced by Micali, Rabin and Vadhan (FOCS’99), are the public-key equivalent of pseudorandom functions. A public verification key and proofs accompanying the output enable all parties to verify the correctness of the output. However, all known standard model VRFs have a reduction loss that is much worse than what one would expect from known optimal constructions of closely related primitives like unique signatures. We show that: Every security proof for a VRF that relies on a non-interactive assumption has to lose a factor of Q, where Q is the number of adversarial queries. To that end, we extend the meta-reduction technique of Bader et al. (EUROCRYPT’16) to also cover VRFs.This raises the question: Is this bound optimal? We answer this question in the affirmative by presenting the first VRF with a reduction from the non-interactive qDBDHI assumption to the security of VRF that achieves this optimal loss.We thus paint a complete picture of the achievability of tight verifiable random functions: We show that a security loss of Q is unavoidable and present the first construction that achieves this bound.

Yi Deng,Giovanni Di Crescenzo,Dongdai Lin

2006-01-01

Abstract:We consider a type of zero-knowledge protocols that are of interest for their practical applications within networks like the Internet: efficient zero-knowledge arguments of knowledge that remain secure against concurrent man-in-the-middle attacks. In an effort to reduce the setup assumptions required for efficient zero-knowledge arguments of knowledge that remain secure against concurrent man-in-the-middle attacks, we consider a model, which we call the Authenticated Public-Key (APK) model. The APK model seems to significantly reduce the setup assumptions made by the CRS model (as no trusted party or honest execution of a centralized algorithm are required), and can be seen as a slightly stronger variation of the Bare Public-Key (BPK) model from , and a weaker variation of the registered public-key model used in . We then define and study man-in-the-middle attacks in the APK model. Our main result is a constant-round concurrent non-malleable zero-knowledge argument of knowledge for any polynomial-time relation (associated to a language in 𝒩𝒫), under the (minimal) assumption of the existence of a one-way function family. Furthermore,We show time-efficient instantiations of our protocol based on known number-theoretic assumptions. We also note a negative result with respect to further reducing the setup assumptions of our protocol to those in the (unauthenticated) BPK model, by showing that concurrently non-malleable zero-knowledge arguments of knowledge in the BPK model are only possible for trivial languages.

Yang Liu,Hongda Li,Qihua Niu

DOI: https://doi.org/10.1007/978-3-642-35362-8_21

2012-01-01

Abstract:Leakage-resilient cryptographic protocols have recently been evolving intensively, studying the question of designing protocol that maintain security even in the presence of side-channel attacks. Under leakage assumption(the verifier uses side-channel attacks to obtain some information about the secret state of the prover), the known zero knowledge protocol may not preserve zero knowledge any more. Garg et.al. first studied leakage-resilient zero knowledge and presented an excellent construction for NP. Unfortunately, the definition is not suitable for honest verifier leakage-resilient zero knowledge. In this paper, we give a new definition of leakage-resilient zero knowledge and construct a leakage-resilient zero knowledge proof for approximate version of the closest vector problem(GAPCVPγ). We also give a definition of leakage-resilient bit commitment scheme.

Marta I. Garcia-Cid,Dileepsai Bodanapu,Alberto Gatto,Paolo Martelli,Vicente Martin,Laura Ortiz

2024-01-18

Abstract:A new interactive quantum zero-knowledge protocol for identity authentication implementable in currently available quantum cryptographic devices is proposed and demonstrated. The protocol design involves a verifier and a prover knowing a pre-shared secret, and the acceptance or rejection of the proof is determined by the quantum bit error rate. It has been implemented in modified Quantum Key Distribution devices executing two fundamental cases. In the first case, all players are honest, while in the second case, one of the users is a malicious player. We demonstrate an increase of the quantum bit error rate around 25% in the latter case compared to the case of honesty. The protocol has also been validated for distances from a back-to-back setup to more than 60 km between verifier and prover. The security and robustness of the protocol has been analysed, demonstrating its completeness, soundness and zero-knowledge properties.

Quantum Physics,Cryptography and Security

Ning Ding,Dawu Gu

DOI: https://doi.org/10.1007/978-3-540-79499-8_13

2007-01-01

Abstract:We propose a discrete-logarithm based non-interactive non-malleable commitment scheme with an online knowledge extractor in the random oracle and the public parameter model (need a third party to distribute public parameters to both sender and receiver in advance). Our scheme is statistically-secret computationally-binding. The fundamental technique we employ is the construction of non-interactive zero-knowledge proofs of knowledge with online knowledge extractors from Fiat-Shamir proofs of knowledge for relations with logarithmic challenge length presented by Fischlin in Crypto'05. Compared with previous works, our scheme is practical and the online knowledge extractor is strictly polynomial-time.

Bong Gon Kim,Dennis Wong,Yoon Seok Yang

DOI: https://doi.org/10.5121/ijcis.2023.13401

2024-01-30

Abstract:In this study, we present a secure smart contract-based Verifiable Random Function (VRF) model, addressing the shortcomings of existing systems. As quantum computing emerges, conventional public key cryptography faces potential vulnerabilities. To enhance our VRF's robustness, we employ post-quantum Ring-LWE encryption for generating pseudo-random sequences. Given the computational intensity of this approach and associated on-chain gas costs, we propose a hybrid architecture of VRF system where on-chain and off-chain can communicate in a scalable and secure way. To ensure the validity and integrity of the off-chain computations (e.g., Ring-LWE encryption), we employ a quantum-secure linkable ring signature scheme on NTRU lattice and also delegated key generation (DKG) with a secure key encapsulation mechanism (KEM). Our decentralized VRF employs multi-party computation (MPC) with blockchain-based decentralized identifiers (DID), ensuring the collective efforts of enhanced randomness and security. We show the security and privacy advantages of our proposed VRF model with the approximated estimation of overall temporal and spatial complexities. We also evaluate our VRF MPC model's entropy and outline its Solidity smart contract integration. This research also provides a method to produce and verify the VRF output's proof, optimal for scenarios necessitating randomness and validation. Lastly, using NIST SP800-22 test suite for randomness, we demonstrate the commendable result with a 97.73% overall pass rate on 11 standard tests and 0.5459 of average p-value for the total 176 tests.

Cryptography and Security,Distributed, Parallel, and Cluster Computing