Switching Lemma for Bilinear Tests and Constant-Size NIZK Proofs for Linear Subspaces.

As an immediate application, we show that the computationally-sound quasi-adaptive NIZK proofs for linear subspaces that were recently introduced [JR13] can be further shortened to constant -size proofs ... We state a switching lemma for tests on adversarial responses involving bilinear pairings in hard groups, where the tester can effectively switch the randomness used in the test from being given to the ... We recall the quasi-adaptive NIZK definitions in Section 3 and develop constant-size quasi-adaptive NIZKs for linear subspaces in Section 4. ...

doi:10.1007/978-3-662-44381-1_17 fatcat:rhbdnokeh5h6dcppomhi3v7fu4

For distributions on languages that are linear subspaces of vector spaces over bilinear groups, we give quasi-adaptive NIZKs that are shorter and more efficient than Groth-Sahai NIZKs. ... NIZK proofs. ... with existing techniques for NIZKs for Linear Subspaces. ...

doi:10.1007/s00145-016-9243-7 fatcat:gibzzoyztfdgzdtimggehepkgu

Moreover, the improvements are usually of a higher multiplicative factor order, as these constructions use Groth-Sahai NIZK proofs for zero-knowledge verification of pairing-product equations. ... We also give our construction under the more general and standard D k -MDDH (Matrix-DDH) assumption. The signature size in our scheme is 3k + 2 elements in one group, and one element in the other. ... Acknowledgments The authors would like to thank the anonymous referees for helpful comments and filling a couple of gaps in the submission. ...

doi:10.1007/978-3-662-54388-7_7 fatcat:pk37wd7vxffirez3jwn7pwsbje

The construction is surprisingly simple, involving only two additional group elements for general linear-subspace languages in asymmetric bilinear pairing groups. ... The latest published scheme which considered adaptive corruption, by Abdalla et al [ABB + 13], required non-constant (more than 10 times the bit-size of the password) number of group elements. ... proof, and the QA-NIZK verifiers for linear subspaces are just a single bi-linear product test. ...

doi:10.1007/978-3-662-48797-6_26 fatcat:rfvoetihbrcdtmyjcd7cuihrdi

We show that for any such family of MDDH assumptions, the corresponding Kernel assumptions are also strictly increasingly weaker. ... The k-Decisional Linear Assumption is an example of a family of decisional assumptions of strictly increasing hardness when k grows. ... For instance, Jutla and Roy [24] construct constant-size QA-NIZK arguments of membership in linear spaces under what they call the "Switching Lemma", which is proven under a certain D k+1,k -MDDH Assumption ...

doi:10.1007/978-3-662-53887-6_27 fatcat:filvfwfzefhs5fyjx5phkbf6uu

A series of recent works focused on obtaining very efficient NIZK proofs for linear spaces in a weaker quasi-adaptive model. ... Non-interactive zero-knowledge (NIZK) proofs for algebraic relations in a group, such as the Groth-Sahai proofs, are an extremely powerful tool in pairing-based cryptography. ... We thank Fabrice Benhamouda, Olivier Blazy, and Carla Ràfols for helpful discussions on prior works and the reviewers for detailed and constructive feedback. ...

doi:10.1007/978-3-662-46803-6_4 fatcat:m56dkvst45ehnduzh3qmypz4dm

In this work, we examine notions of malleability for non-interactive zero-knowledge (NIZK) proofs. ... our proofs and all their applications using only the Decision Linear (DLIN) assumption. * Work done as an intern at Microsoft Research Redmond ... Acknowledgments Anna Lysyanskaya was supported by NSF grants 1012060, 0964379, 0831293, and by a Sloan Foundation fellowship, and Sarah Meiklejohn was supported in part by a MURI grant administered by ...

doi:10.1007/978-3-642-29011-4_18 fatcat:mfamf75tcnak5hchijdgw4w54a

Reducing this size and presenting techniques for shorter signatures are thus natural questions. In this paper, our first contribution is to significantly reduce this overhead. ... (Asiacrypt'12) make it possible to design group signatures based on well-established, constant-size number theoretic assumptions (a.k.a. ... In [53] , (a variant of) this scheme was used to construct constant-size QA-NIZK arguments [43] showing that a vector v ∈ G n belongs to a linear subspace subspace of rank t spanned by a matrix ρ ∈ ...

doi:10.1007/978-3-662-48000-7_15 fatcat:5l7ltjdbnrfvtiacl2i44fugay

This notably provides the first constant-size nonmalleable commitment to group elements. ... Structure-preserving signatures (SPS) are signature schemes where messages, signatures and public keys all consist of elements of a group over which a bilinear map is efficiently computable. ... Acknowledgments The authors thank Dario Catalano for his comments and for pointing a necessary correction in the proof of Lemma 1. ...

doi:10.1007/978-3-642-40084-1_17 fatcat:tylkt7dnezaahcojhwdeq3rjaa

This notably provides the first constant-size nonmalleable commitment to group elements. ... Structure-preserving signatures (SPS) are signature schemes where messages, signatures and public keys all consist of elements of a group over which a bilinear map is efficiently computable. ... Acknowledgments The authors thank Dario Catalano for his comments and for pointing a necessary correction in the proof of Lemma 1. ...

doi:10.1007/s10623-015-0079-1 fatcat:ewmdi6swcnftfcf6acissydhq4

Bilinear groups form the algebraic setting for a multitude of important cryptographic protocols including anonymous credentials, e-cash, e-voting, e-coupon, and loyalty systems. ... probabilistic polynomial identity testing following Schwartz-Zippel can be applied. ... ACKNOWLEDGMENTS We would like to thank the authors of BeleniosRF for providing information about their proof and batching techniques. ...

doi:10.1145/3133956.3134068 dblp:conf/ccs/HeroldHKRR17 fatcat:htfnxcgvn5g43kp73vhtsaxmga

We also show how to use our techniques in the NIZK setting. Specifically, we construct the first tightly simulation-sound designated-verifier NIZK for linear languages without pairings. ... Compared to the proceedings version, this version offers a detailed description of (designated-verifier and publicly verifiable) NIZK proof systems, and of course full proofs. CNRS. ... We would like to thank Jie Chen for insightful and inspiring discussions, and the reviewers for helpful comments. ...

doi:10.1007/978-3-662-49890-3_1 fatcat:e3wabanzzrdf3fs6zrn3o46eci

We have two tightly secure constructions, one with constant ciphertext size, and the other with tighter security at the cost of linear ciphertext size. ... At the core of our constructions is a novel randomization technique that enables us to randomize user secret keys for identities with flexible length. ... ciphertext size (in terms of the number of group elements) and O(αL 2 ) security loss, and the other with ciphertext size linear in L but O(αL) security loss. ...

doi:10.1007/s00145-020-09356-x fatcat:qk7flxdpufdpzppt7h2ae2hspi

Open Access

We follow a recent variant of the dual system proof technique due to Lewko and Waters and build our system using bilinear groups of composite order. ... In our system, any party can become an authority and there is no requirement for any global coordination other than the creation of an initial set of common reference parameters. ... For background on access structures, linear secret-sharing schemes, and composite order bilinear groups, see Appendix A. ...

doi:10.1007/978-3-642-20465-4_31 fatcat:4mdp5taytnat3ozxoqcmtfvadq

Kenny for inviting me to RHUL (twice!). Eduarda for being the most annoying and most wonderful co-author I had so far. ... Proof. See Lemma 4.4.2, Lemma 4.4.3, Lemma 4.4.4. ... We conclude that the 2-SCasc instantiation with polynomial multiplication is definitely the most efficient implementation for GS NIZK proofs in symmetric bilinear map, not only because of the size of the ...

doi:10.5445/ir/1000064807 fatcat:btcwfqx6dvbahiyvazz2ow7tke

Switching Lemma for Bilinear Tests and Constant-Size NIZK Proofs for Linear Subspaces [chapter]

Preserved Fulltext

Shorter Quasi-Adaptive NIZK Proofs for Linear Subspaces

Preserved Fulltext

Improved Structure Preserving Signatures Under Standard Bilinear Assumptions [chapter]

Preserved Fulltext

Dual-System Simulation-Soundness with Applications to UC-PAKE and More [chapter]

Preserved Fulltext

The Kernel Matrix Diffie-Hellman Assumption [chapter]

Preserved Fulltext

Quasi-Adaptive NIZK for Linear Subspaces Revisited [chapter]

Preserved Fulltext

Malleable Proof Systems and Applications [chapter]

Preserved Fulltext

Short Group Signatures via Structure-Preserving Signatures: Standard Model Security from Simple Assumptions [chapter]

Preserved Fulltext

Linearly Homomorphic Structure-Preserving Signatures and Their Applications [chapter]

Preserved Fulltext

Linearly homomorphic structure-preserving signatures and their applications

Preserved Fulltext

New Techniques for Structural Batch Verification in Bilinear Groups with Applications to Groth-Sahai Proofs

Preserved Fulltext

Tightly CCA-Secure Encryption Without Pairings [chapter]

Preserved Fulltext

Tightly Secure Hierarchical Identity-Based Encryption

Preserved Fulltext

Decentralizing Attribute-Based Encryption [chapter]

Preserved Fulltext

Multilinear Maps in Cryptography

Preserved Fulltext