4 research outputs found
Une classification des hypothÚses calculatoire dans le modÚle du groupe algébrique
International audiencea We give a taxonomy of computational assumptions in the algebraic group model (AGM). We first analyze Boyen's Uber assumption family for bilinear groups and then extend it in several ways to cover assumptions as diverse as Gap Diffie-Hellman and LRSW. We show that in the AGM every member of these families is implied by the q-discrete logarithm (DL) assumption, for some q that depends on the degrees of the polynomials defining the Uber assumption. Using the meta-reduction technique, we then separate (q + 1)-DL from q-DL, which yields a classification of all members of the extended Uber-assumption families. We finally show that there are strong assumptions, such as one-more DL, that provably fall outside our classification, by proving that they cannot be reduced from q-DL even in the AGM
Accumulators in (and Beyond) Generic Groups: Non-Trivial Batch Verification Requires Interaction
We prove a tight lower bound on the number of group operations required for batch verification by any generic-group accumulator that stores a less-than-trivial amount of information. Specifically, we show that group operations are required for the batch verification of any subset of elements, where is the security parameter, thus ruling out non-trivial batch verification in the standard non-interactive manner.
Our lower bound applies already to the most basic form of accumulators (i.e., static accumulators that support membership proofs), and holds both for known-order (and even multilinear) groups and for unknown-order groups, where it matches the asymptotic performance of the known bilinear and RSA accumulators, respectively. In addition, it complements the techniques underlying the generic-group accumulators of Boneh, B{ĂŒ}nz and Fisch (CRYPTO \u2719) and Thakur (ePrint \u2719) by justifying their application of the Fiat-Shamir heuristic for transforming their interactive batch-verification protocols into non-interactive procedures.
Moreover, motivated by a fundamental challenge introduced by Aggarwal and Maurer (EUROCRYPT \u2709), we propose an extension of the generic-group model that enables us to capture a bounded amount of arbitrary non-generic information (e.g., least-significant bits or Jacobi symbols that are hard to compute generically but are easy to compute non-generically). We prove our lower bound within this extended model, which may be of independent interest for strengthening the implications of impossibility results in idealized models
Dual-Mode NIZKs from Obfuscation
Two standard security properties of a non-interactive zero-knowledge (NIZK)
scheme are soundness and zero-knowledge. But while standard NIZK systems can
only provide one of those properties against unbounded adversaries,
dual-mode NIZK systems allow to choose dynamically and adaptively which
of these properties holds unconditionally. The only known dual-mode NIZK
systems are Groth-Sahai proofs (which have proved extremely useful in a variety
of applications), and the
FHE-based NIZK constructions of Canetti et al. and Peikert et al,
which are concurrent and independent to this work.
However, all these constructions rely on specific algebraic settings.
Here, we provide a generic construction of dual-mode NIZK systems for all
of NP. The public parameters of our scheme can be set up in one of two
indistinguishable ways. One way provides unconditional soundness, while the
other provides unconditional zero-knowledge. Our scheme relies on
subexponentially secure indistinguishability obfuscation and subexponentially
secure one-way functions, but otherwise only on comparatively mild and generic
computational assumptions. These generic assumptions can be instantiated under
any one of the DDH, k-LIN, DCR, or QR assumptions.
As an application, we reduce the required assumptions necessary for several
recent obfuscation-based constructions of multilinear maps. Combined with
previous work, our scheme can be used to construct multilinear maps from
obfuscation and a group in which the strong Diffie-Hellman assumption holds. We
also believe that our work adds to the understanding of the construction of
NIZK systems, as it provides a conceptually new way to achieve dual-mode
properties
On Instantiating the Algebraic Group Model from Falsifiable Assumptions
We provide a standard-model implementation (of a relaxation) of the algebraic group model (AGM, [Fuchsbauer, Kiltz, Loss, CRYPTO 2018]). Specifically, we show that every algorithm that uses our group is algebraic, and hence âmust knowâ a representation of its output group elements in terms of its input group elements. Here, âmust knowâ means that a suitable extractor can extract such a representation efficiently. We stress that our implementation relies only on falsifiable assumptions in the standard model, and in particular does not use any knowledge assumptions.
As a consequence, our group allows to transport a number of results obtained in the AGM into the standard model, under falsifiable assumptions. For instance, we show that in our group, several Diffie-Hellman-like assumptions (including computational Diffie-Hellman) are equivalent to the discrete logarithm assumption. Furthermore, we show that our group allows to prove the Schnorr signature scheme tightly secure in the random oracle model.
Our construction relies on indistinguishability obfuscation, and hence should not be considered as a practical group itself. However, our results show that the AGM is a realistic computational model (since it can be instantiated in the standard model), and that results obtained in the AGM are also possible with standard-model groups.ISSN:0302-9743ISSN:1611-334