Paper 2018/272

Multi-Theorem Preprocessing NIZKs from Lattices

Sam Kim and David J. Wu

Abstract

Non-interactive zero-knowledge (NIZK) proofs are fundamental to modern cryptography. Numerous NIZK constructions are known in both the random oracle and the common reference string (CRS) models. In the CRS model, there exist constructions from several classes of cryptographic assumptions such as trapdoor permutations, pairings, and indistinguishability obfuscation. Notably absent from this list, however, are constructions from standard lattice assumptions. While there has been partial progress in realizing NIZKs from lattices for specific languages, constructing NIZK proofs (and arguments) for all of NP from standard lattice assumptions remains open. In this work, we make progress on this problem by giving the first construction of a multi-theorem NIZK for NP from standard lattice assumptions in the preprocessing model. In the preprocessing model, a (trusted) setup algorithm generates proving and verification keys. The proving key is needed to construct proofs and the verification key is needed to check proofs. In the multi-theorem setting, the proving and verification keys should be reusable for an unbounded number of theorems without compromising soundness or zero-knowledge. Existing constructions of NIZKs in the preprocessing model (or even the designated-verifier model) that rely on weaker assumptions like one-way functions or oblivious transfer are only secure in a single-theorem setting. Thus, constructing multi-theorem NIZKs in the preprocessing model does not seem to be inherently easier than constructing them in the CRS model. We begin by constructing a multi-theorem preprocessing NIZK directly from context-hiding homomorphic signatures. Then, we show how to efficiently implement the preprocessing step using a new cryptographic primitive called blind homomorphic signatures. This primitive may be of independent interest. Finally, we show how to leverage our new lattice-based preprocessing NIZKs to obtain new malicious-secure MPC protocols purely from standard lattice assumptions.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
A major revision of an IACR publication in CRYPTO 2018
Contact author(s)
skim13 @ cs stanford edu
History
2018-06-06: revised
2018-03-22: received
See all versions
Short URL
https://ia.cr/2018/272
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/272,
      author = {Sam Kim and David J.  Wu},
      title = {Multi-Theorem Preprocessing NIZKs from Lattices},
      howpublished = {Cryptology ePrint Archive, Paper 2018/272},
      year = {2018},
      note = {\url{https://eprint.iacr.org/2018/272}},
      url = {https://eprint.iacr.org/2018/272}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.