Anonymous Point Collection - Improved Models and Security Definitions

This work is a comprehensive, formal treatment of anonymous point collection. The proposed definition does not only provide a strong notion of security and privacy, but also covers features which are important for practical use. An efficient realization is presented and proven to fulfill the proposed definition. The resulting building block is the first one that allows for anonymous two-way transactions, has semi-offline capabilities, yields constant storage size, and is provably secure

Issuer-Hiding Attribute-Based Credentials

Attribute-based credential systems enable users to authenticate in a privacy-preserving manner. However, in such schemes verifying a user\u27s credential requires knowledge of the issuer\u27s public key, which by itself might already reveal private information about the user. In this paper, we tackle this problem by introducing the notion of issuer-hiding attribute-based credential systems. In such a system, the verifier can define a set of acceptable issuers in an ad-hoc manner, and the user can then prove that her credential was issued by one of the accepted issuers -- without revealing which one. We then provide a generic construction, as well as a concrete instantiation based on Groth\u27s structure preserving signature scheme (ASIACRYPT\u2715) and simulation-sound extractable NIZK, for which we also provide concrete benchmarks in order to prove its practicability. The online complexity of all constructions is independent of the number of acceptable verifiers, which makes it also suitable for highly federated scenarios

Malleable zero-knowledge proofs and applications

In recent years, the field of privacy-preserving technologies has experienced considerable expansion, with zero-knowledge proofs (ZKPs) playing one of the most prominent roles. Although ZKPs have been a well-established theoretical construct for three decades, recent efficiency improvements and novel privacy applications within decentralized finance have become the main drivers behind the surge of interest and investment in this area. This momentum has subsequently sparked unprecedented technical advances. Non-interactive ZKPs (NIZKs) are now regularly implemented across a variety of domains, encompassing, but not limited to, privacy-enabling cryptocurrencies, credential systems, voting, mixing, secure multi-party computation, and other cryptographic protocols. This thesis, although covering several areas of ZKP technologies and their application, focuses on one important aspect of NIZKs, namely their malleability. Malleability is a quality of a proof system that describes the potential for altering an already generated proof. Different properties may be desired in different application contexts. On the one end of the spectrum, non-malleability ensures proof immutability, an important requirement in scenarios such as prevention of replay attacks in anonymous cryptocurrencies. At the other end, some NIZKs enable proof updatability, recursively and directly, a feature that is integral for a variety of contexts, such as private smart contracts, compact blockchains, ZK rollups, ZK virtual machines, and MPC protocols generally. This work starts with a detailed analysis of the malleability and overarching security of a popular NIZK, known as Groth16. Here we adopt a more definitional approach, studying certain properties of the proof system, and its setup ceremony, that are crucial for its precise modelling within bigger systems. Subsequently, the work explores the malleability of transactions within a private cryptocurrency variant, where we show that relaxing non-malleability assumptions enables a functionality, specifically an atomic asset swap, that is useful for cryptocurrency applications. The work culminates with a study of a less general, algebraic NIZK, and particularly its updatability properties, whose applicability we present within the context of ensuring privacy for regulatory compliance purposes

On Privacy Preserving Blockchains and zk-SNARKs

Viimastel aastatel on krüptoraha ja plokiahela tehnoloogia leidnud suurt tähelepanu nii kaubanduslikust kui ka teaduslikust vaatenurgast. Krüptoraha kujutab endast digitaalseid münte, mis kasutades krüptograafilisi vahendeid võimaldab turvalisi tehinguid võrdvõrkudes. Bitcoin on kõige tuntum krüptoraha, mis võimaldab otsetehinguid kasutajate pseudonüümide vahel ilma, et oleks vaja kolmandaid osapooli. Paraku kui kasutaja pseudonüüm on seotud tema identiteediga, on kõik tema tehingud jälgitavad ning kaob privaatsus.Selle lahendamiseks on välja pakutud erinevaid privaatsust säilitavaid krüptorahasi, mis kasutavad anonüümsete tehingute saavutamiseks krüptograafilisi tööriistu. Zerocash on üks populaarseimatest privaatsetest krüptorahadest, mis kasutab iga tehingu allika, sihtkoha ja väärtuse varjamiseks nullteadmustõestust.Antud töö koosneb kahest peamisest osast.Esimeses osas kirjeldame, pärast lühikest ülevaadet mõnest privaatsest krüptorahast (Bitcoin, Monero ja Zerocoin), Zerocashi konstruktsiooni ja anname intuitsiivse seletuse selle tööpõhimõttele. Me tutvustame kasutuselevõetud primitiive ja arutleme iga primitiivi rolli üle mündi konstruktsioonis. Erilist tähelepanu pöörame kompaktsetele nullteadmustõestusetele (zk-SNARKidele), millel on peamine roll Zerocashis.Kuna nullteadmustõestus on niivõrd olulisel kohal Zerocashis (ja teistes privaatsetes rakendustes) siis töö teises osas pakume välja uue variatsiooni Grothi 2016. aasta zk-SNARKile, mis on seni kõige tõhusam.Erinevalt Grothi konstruktsioonist, meie variatsioonis ei ole võimalik tõestusi modifitseerida.Muudatused mõjutavad nullteadmustõestuse tõhusust vaid minimaalselt ning meie konstruktsioon on kiirem kui Grothi ja Malleri 2017. nullteadmustõestus, mis samuti välistab muudetavuse.During last few years, along with blockchain technology, cryptocurrencies have found huge attention from both commercial and scientific perspectives. Cryptocurrencies are digital coins which use cryptographic tools to allow secure peer-to-peer monetary transactions. Bitcoin is the most well-known cryptocurrency that allows direct payments between pseudonyms without any third party. If a user's pseudonym is linked to her identity, all her transactions will be traceable, which will violate her privacy. To address this, various privacy-preserving cryptocurrencies have been proposed that use different cryptographic tools to achieve anonymous transactions. Zerocash is one of the most popular ones that uses zero-knowledge proofs to hide the source, destination and value of each transaction. This thesis consists of two main parts. In the first part, after a short overview of some cryptocurrencies (precisely Bitcoin, Monero and Zerocoin), we will explain the construction of Zerocash cryptocurrency and discuss the intuition behind the construction. More precisely, we will introduce the deployed primitives and will discuss the role of each primitive in the construction of the coin. In particular, we explain zero-knowledge Succinct Non-Interactive Arguments of Knowledge (a.k.a. zk-SNARKs) that play the main role in achieving strong privacy in Zerocash. Due to the importance of zk-SNARKs in privacy-preserving applications, in the second part of the thesis, we will present a new variation of Groth's 2016 zk-SNARK that currently is the most efficient pairing-based scheme. The main difference between the proposed variation and the original one is that unlike the original version, new variation guarantees non-malleability of generated proofs. Our analysis shows that the proposed changes have minimal effects on the efficiency of the original scheme and particularly it outperforms Groth and Maller's 2017 zk-SNARK that also guarantees non-malleability of proofs