eprint.iacr.org will be offline for approximately an hour for routine maintenance at 11pm UTC on Tuesday, April 16. We lost some data between April 12 and April 14, and some authors have been notified that they need to resubmit their papers.

Paper 2018/1248

Fiat-Shamir: From Practice to Theory, Part II (NIZK and Correlation Intractability from Circular-Secure FHE)

Ran Canetti, Alex Lombardi, and Daniel Wichs

Abstract

We construct non-interactive zero-knowledge (NIZK) arguments for $\mathsf{NP}$ from any circular-secure fully homomorphic encryption (FHE) scheme. In particular, we obtain such NIZKs under a circular-secure variant of the learning with errors (LWE) problem while only assuming a standard (poly/negligible) level of security. Our construction can be modified to obtain NIZKs which are either: (1) statistically zero-knowledge arguments in the common random string model or (2) statistically sound proofs in the common reference string model. We obtain our result by constructing a new correlation-intractable hash family [Canetti, Goldreich, and Halevi, JACM~'04] for a large class of relations, which suffices to apply the Fiat-Shamir heuristic to specific 3-message proof systems that we call ``trapdoor $\Sigma$-protocols.'' In particular, assuming circular secure FHE, our hash function $h$ ensures that for any function $f$ of some a-priori bounded circuit size, it is hard to find an input $x$ such that $h(x)=f(x)$. This continues a recent line of works aiming to instantiate the Fiat-Shamir methodology via correlation intractability under progressively weaker and better-understood assumptions. Another consequence of our hash family construction is that, assuming circular-secure FHE, the classic quadratic residuosity protocol of [Goldwasser, Micali, and Rackoff, SICOMP~'89] is not zero knowledge when repeated in parallel. We also show that, under the plain LWE assumption (without circularity), our hash family is a universal correlation intractable family for general relations, in the following sense: If there exists any hash family of some description size that is correlation-intractable for general (even inefficient) relations, then our specific construction (with a comparable size) is correlation-intractable for general (efficiently verifiable) relations.

Note: A merge of this work with ePrint:2018/1004 appears in STOC 2019.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Major revision. STOC 2019
Contact author(s)
alexjl @ mit edu
History
2019-06-20: last of 3 revisions
2019-01-03: received
See all versions
Short URL
https://ia.cr/2018/1248
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2018/1248,
      author = {Ran Canetti and Alex Lombardi and Daniel Wichs},
      title = {Fiat-Shamir: From Practice to Theory, Part II (NIZK and Correlation Intractability from Circular-Secure FHE)},
      howpublished = {Cryptology ePrint Archive, Paper 2018/1248},
      year = {2018},
      note = {\url{https://eprint.iacr.org/2018/1248}},
      url = {https://eprint.iacr.org/2018/1248}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.