49 research outputs found
Practical zero-knowledge Protocols based on the discrete logarithm Assumption
Zero-knowledge proofs were introduced by Goldwasser, Micali, and Rackoff. A zero-knowledge proof allows a prover to demonstrate knowledge of some information, for example that they know an element which is a member of a list or which is not a member of a list, without disclosing any further information about that element. Existing constructions of zero-knowledge proofs which can be applied to all languages in NP are impractical due to their communication and computational complexity. However, it has been known since Guillou and Quisquater's identification protocol from 1988 and Schnorr's identification protocol from 1991 that practical zero-knowledge protocols for specific problems exist. Because of this, a lot of work was undertaken over the recent decades to find practical zero-knowledge proofs for various other specific problems, and in recent years many protocols were published which have improved communication and computational complexity. Nevertheless, to find more problems which have an efficient and practical zero-knowledge proof system and which can be used as building blocks for other protocols is an ongoing challenge of modern cryptography. This work addresses the challenge, and constructs zero-knowledge arguments with sublinear communication complexity, and achievable computational demands. The security of our protocols is only based on the discrete logarithm assumption. Polynomial evaluation arguments are proposed for univariate polynomials, for multivariate polynomials, and for a batch of univariate polynomials. Furthermore, the polynomial evaluation argument is applied to construct practical membership and non-membership arguments. Finally, an efficient method for proving the correctness of a shuffle is proposed. The proposed protocols have been tested against current state of the art versions in order to verify their practicality in terms of run-time and communication cost. We observe that the performance of our protocols is fast enough to be practical for medium range parameters. Furthermore, all our verifiers have a better asymptotic behavior than earlier verifiers independent of the parameter range, and in real life settings our provers perform better than provers of existing protocols. The analysis of the results shows that the communication cost of our protocols is very small; therefore, our new protocols compare very favorably to the current state of the art
A Note On Groth-Ostrovsky-Sahai Non-Interactive Zero-Knowledge Proof System
In 2006, Groth, Ostrovsky and Sahai designed one non-interactive zero-knowledge (NIZK) proof system [new version, J. ACM, 59(3), 1-35, 2012] for plaintext being zero or one using bilinear groups with composite order. Based on the system, they presented the first perfect NIZK argument system for any NP language and the first universal composability secure NIZK argument for any NP language in the presence of a dynamic/adaptive adversary.
This resolves a central open problem concerning NIZK protocols.
In this note, we remark that in their proof system the prover has not to invoke the trapdoor key to generate witnesses. The mechanism was dramatically different from the previous works, such as Blum-Feldman-Micali proof system and Blum-Santis-Micali-Persiano proof system. We would like to stress that the prover can cheat the verifier to accept a false claim if the trapdoor key is available to him
Combining Shamir & Additive Secret Sharing to Improve Efficiency of SMC Primitives Against Malicious Adversaries
Secure multi-party computation provides a wide array of protocols for
mutually distrustful parties be able to securely evaluate functions of private
inputs. Within recent years, many such protocols have been proposed
representing a plethora of strategies to securely and efficiently handle such
computation. These protocols have become increasingly efficient, but their
performance still is impractical in many settings. We propose new approaches to
some of these problems which are either more efficient than previous works
within the same security models or offer better security guarantees with
comparable efficiency. The goals of this research are to improve efficiency and
security of secure multi-party protocols and explore the application of such
approaches to novel threat scenarios. Some of the novel optimizations employed
are dynamically switching domains of shared secrets, asymmetric computations,
and advantageous functional transformations, among others. Specifically, this
work presents a novel combination of Shamir and Additive secret sharing to be
used in parallel which allows for the transformation of efficient protocols
secure against passive adversaries to be secure against active adversaries.
From this set of primitives we propose the construction of a comparison
protocol which can be implemented under that approach with a complexity which
is more efficient than other recent works for common domains of interest.
Finally, we present a system which addresses a critical security threat for the
protection and obfuscation of information which may be of high consequence.Comment: arXiv admin note: text overlap with arXiv:1810.0157