Somewhere Statistically Binding Commitment Schemes with Applications

We define a new primitive that we call a somewhere statistically binding (SSB) commitment scheme, which is a generalization of dual-mode commitments but has similarities with SSB hash functions (Hubacek and Wichs, ITCS 2015) without local opening. In (existing) SSB hash functions, one can compute a hash of a vector v that is statistically binding in one coordinate of v. Meanwhile, in SSB commitment schemes, a commitment of a vector v is statistically binding in some coordinates of v and is statistically hiding in the other coordinates. The set of indices where binding holds is predetermined but known only to the commitment key generator. We show that the primitive can be instantiated by generalizing the succinct Extended Multi-Pedersen commitment scheme (González et al., Asiacrypt 2015). We further introduce the notion of functional SSB commitment schemes and, importantly, use it to get an efficient quasi-adaptive NIZK for arithmetic circuits and efficient oblivious database queries

Pairing-based non-interactive zero-knowledge arguments and applications

Elliptic curves with a bilinear map, or pairing, have a rich algebraic structure that has been fundamental to develop practical Non-Interactive Zero-Knowledge (NIZK) proofs. On the theoretical side, we explore how efficient can NIZK proofs be under weak complexity assumptions. Specifically, we reduce the cost of proofs of satisfiability of quadratic equations, we define a new commitment scheme that is compatible with other pairing-based NIZK arguments, and we construct a simulation-sound argument that results in a new a signature of knowledge with communication sublinear in the circuit size under standard assumptions. Additionally, we study how to reduce the cost of verification in one of the most widely deployed NIZK arguments in practice.Les corbes el·líptiques amb una aplicació bilineal, o pairing, tenen una estructura algebraica molt rica que ha sigut fonamental per desenvolupar proves de zero coneixement no interactives (NIZK). En la banda teòrica, explorem quant eficients poden ser les proves NIZK sota hipòtesis de complexitat dèbils. Més concretament, reduïm el cost de les proves de satisfacció per equacions quadràtiques, definim un nou esquema de compromís que és compatible amb altres proves NIZK basades en pairings i construïm una prova que resulta en una nova signatura de coneixement amb una comunicació sublineal en la mida del circuit sota hipòtesis estàndards. A més, estudiem com es redueix el cost de verificació en una de les proves NIZK més desenvolupades a la pràctica.Programa de doctorat en Tecnologies de la Informació i les Comunicacion

Simulation Extractable Versions of Groth’s zk-SNARK Revisited

Zero-knowledge Succinct Non-interactive Arguments of Knowledge (zk-SNARKs) are the most efficient proof systems in terms of proof size and verification. Currently, Groth\u27s scheme from EUROCRYPT 2016, $\textsf{Groth16}$, is the state-of-the-art and is widely deployed in practice. $\mathsf{Groth16}$ is originally proven to achieve knowledge soundness, which does not guarantee the non-malleability of proofs. There has been considerable progress in presenting new zk-SNARKs or modifying $\mathsf{Groth16}$ to efficiently achieve $\textit{strong}$ Simulation Extractability (SE), which is shown to be a necessary requirement in some applications. In this paper, we revise the Random Oracle (RO) based variant of $\mathsf{Groth16}$ proposed by Bowe and Gabizon, BG18, the most efficient one in terms of prover efficiency and CRS size among the candidates, and present a more efficient variant that saves $2$ pairings in the verification and $1$ group element in the proof. This supersedes our preliminary construction, presented in CANS 2020 [BPR20], which saved 1 pairing in the verification, and was proven in the Generic Group Model (GGM). Our new construction also improves on BG18 in that our proofs are in the Algebraic Group Model (AGM) with Random Oracles and reduces security to standard computational assumptions in bilinear groups (as opposed to using the full power of the GGM). We implement our proposed SE zk-SNARK along with BG18 in the $\textsf{Arkworks}$ library and compare the efficiency of our scheme with some related works. Our empirical experiences confirm that our SE zk-SNARK is more efficient than all previous SE schemes in most dimensions and it has very close efficiency to the original $\mathsf{Groth16}$

Shorter quadratic QA-NIZK proofs

Despite recent advances in the area of pairing-friendly Non-Interactive Zero-Knowledge proofs, there have not been many efficiency improvements in constructing arguments of satisfiability of quadratic (and larger degree) equations since the publication of the Groth-Sahai proof system (JoC’12). In this work, we address the problem of aggregating such proofs using techniques derived from the interactive setting and recent constructions of SNARKs. For certain types of quadratic equations, this problem was investigated before by González et al. (ASIACRYPT’15). Compared to their result, we reduce the proof size by approximately 50% and the common reference string from quadratic to linear, at the price of using less standard computational assumptions. A theoretical motivation for our work is to investigate how efficient NIZK proofs based on falsifiable assumptions can be. On the practical side, quadratic equations appear naturally in several cryptographic schemes like shuffle and range arguments.A. González—Supported in part by the French ANR ALAMBIC project (ANR-16- CE39-0006). J. Silva—Supported by a PhD formation grant from the Spanish government, cofinanced by the ESF (Ayudas para contratos predoctorales para la formación de doctores 2016)