On Succinct Arguments and Witness Encryption from Groups

Barta, Ohad; Ishai, Yuval; Ostrovsky, Rafail; Wu, David J.

doi:10.1007/978-3-030-56784-2_26

Cited by 12 publications

(6 citation statements)

References 51 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Whereas QSPs (as well as their arithmetic QAP variant) are tied to polynomials and to quadratic verification, the linear PCP and LIP primitives are more general. GGPR-style linear PCPs still give the best efficiency for most applications, however, other linear PCPs have proven useful in this work and in subsequent works [7,22,87]. For example, we show that a LIP based on the Hadamard linear PCP, which is not captured by a QSP, yields a very simple SNARK construction with quadratic CRS size.…”

Section: Related and Subsequent Workmentioning

confidence: 77%

“…These barriers from [65] were recently circumvented in [22] by relaxing either the soundness or the completeness requirement. Settling for inverse-polynomial soundness, practical designated-verifier SNARKs for small circuits with only 2 group elements were obtained by applying a variant of the packing transformation from this work to the Hadamard PCP.…”

Section: Subsequent Developments An Influential Work Of Grothmentioning

confidence: 99%

See 1 more Smart Citation

Succinct Non-Interactive Arguments via Linear Interactive Proofs

et al. 2022

Self Cite

View full text Add to dashboard Cite

Succinct non-interactive arguments (SNARGs) enable verifying NP statements with lower complexity than required for classical NP verification. Traditionally, the focus has been on minimizing the length of such arguments; nowadays, researchers have focused also on minimizing verification time, by drawing motivation from the problem of delegating computation. A common relaxation is a preprocessing SNARG, which allows the verifier to conduct an expensive offline phase that is independent of the statement to be proven later. Recent constructions of preprocessing SNARGs have achieved attractive features: they are publicly-verifiable, proofs consist of only O(1) encrypted (or encoded) field elements, and verification is via arithmetic circuits of size linear in the NP statement. Additionally, these constructions seem to have “escaped the hegemony” of probabilistically-checkable proofs (PCPs) as a basic building block of succinct arguments. We present a general methodology for the construction of preprocessing $$\text{ SNARG } $$ SNARG s, as well as resulting new efficiency features. Our contribution is threefold: (1) We introduce and study a natural extension of the interactive proof model that considers algebraically-bounded provers; this new setting is analogous to the common study of algebraically-bounded “adversaries” in other fields, such as pseudorandomness and randomness extraction. More concretely, in this work we focus on linear (or affine) provers, and provide several constructions of (succinct two-message) linear interactive proofs (LIPs) for NP. Our constructions are based on general transformations applied to both linear PCPs (LPCPs) and traditional “unstructured” PCPs. (2) We give conceptually simple cryptographic transformations from LIPs to preprocessing SNARGs, whose security can be based on different forms of linear targeted malleability (implied by previous knowledge assumptions). Our transformations convert arbitrary (two-message) LIPs into designated-verifier SNARGs, and LIPs with degree-bounded verifiers into publicly-verifiable SNARGs. We also extend our methodology to obtain zero-knowledge LIPs and SNARGs. Our techniques yield SNARGs of knowledge and thus can benefit from known recursive composition and bootstrapping techniques. (3) Following this methodology, we exhibit several constructions achieving new efficiency features, such as “single-ciphertext preprocessing SNARGs.” We also offer a new perspective on existing constructions of preprocessing SNARGs, revealing a direct connection of these to LPCPs and LIPs.

show abstract

Section: Related and Subsequent Workmentioning

confidence: 77%

Section: Subsequent Developments An Influential Work Of Grothmentioning

confidence: 99%

Succinct Non-Interactive Arguments via Linear Interactive Proofs

et al. 2022

Self Cite

View full text Add to dashboard Cite

show abstract

“…Witness encryption is a strong cryptographic primitive and efficiently instantiating this remains a work in progress. Recent interesting results include constructions by Barta et al [3] based on the generic group model, and Bartusek et al [4] based on affine determinant programs, with the latter claimed to be the first construction sufficiently efficient to be implementable. However, these works do not consider extractability, and it is unclear whether efficient extractors can be obtained for these construction.…”

Section: Instantiating Witness Encryptionmentioning

confidence: 99%

PoS Blockchain-Based Forward-Secure Public Key Encryption with Immutable Keys and Post-Compromise Security Guarantees

Nuta

Schuldt

Nishide

2023

IEICE Trans. Fundamentals

View full text Add to dashboard Cite

We present a forward-secure public-key encryption (PKE) scheme without key update, i.e. both public and private keys are immutable. In contrast, prior forward-secure PKE schemes achieve forward security by constantly updating the secret keys. Our scheme is based on witness encryption by Garg et al. (STOC 2013) and a proof-of-stake blockchain with the distinguishable forking property introduced by Goyal et al. (TCC 2017), and ensures a ciphertext cannot be decrypted more than once, thereby rendering a compromised secret key useless with respect to decryption of past ciphertext the legitimate user has already decrypted.In this work, we formalize the notion of blockchain-based forwardsecure PKE, show the feasibility of constructing a forward-secure PKE scheme without key update, and discuss interesting properties of our scheme such as post-compromise security.

show abstract

“…- an element y ∈ S to a "pre-hash" h which belongs to another domain. 2 When it is clear from context, we omit pgp and write Prehash(y).…”

Section: Definition 7 (Hidden Group With Hashing) a Hidden Group With...mentioning

confidence: 99%

“…An alternate approach from Faonio et al [9] relies on predictable arguments of knowledge. It was used by Barta et al [2] to construct a solution based on the approximation problem for the minimal distance of a linear code.…”

Section: Introductionmentioning

confidence: 99%

Towards Witness Encryption Without Multilinear Maps

Choi¹,

Vaudenay²

2022

Information Security and Cryptology – ICISC 2021

View full text Add to dashboard Cite

Current proposals of extractable witness encryption are based on multilinear maps. In this paper, we propose a new construction without.We propose the notion of hidden group with hashing and make an extractable witness encryption from it. We show that the construction is secure in a generic model. We propose a concrete construction based on RSA-related problems. Namely, we use an extension of the knowledgeof-exponent assumption and the order problem. Our construction allows to encrypt for an instance of the subset sum problem (actually, a multidimensional variant of it) for which short solutions to the homogeneous equation are hard to find. Alas, we do not propose any reduction from a known NP-complete problem.

show abstract

On Succinct Arguments and Witness Encryption from Groups

Cited by 12 publications

References 51 publications

Succinct Non-Interactive Arguments via Linear Interactive Proofs

Succinct Non-Interactive Arguments via Linear Interactive Proofs

PoS Blockchain-Based Forward-Secure Public Key Encryption with Immutable Keys and Post-Compromise Security Guarantees

Towards Witness Encryption Without Multilinear Maps

Contact Info

Product

Resources

About