Abstract
Interactive zero-knowledge systems are a very important cryptographic primitive, used in many applications, especially when deniability (also known as non-transferability) is desired. In the lattice-based setting, the currently most efficient interactive zero-knowledge systems employ the technique of rejection sampling, which implies that the interaction does not always finish correctly in the first execution; the whole interaction must be re-run until abort does not happen.
While repetitions due to aborts are acceptable in theory, in some practical applications it is desirable to avoid re-runs for usability reasons. In this work we present a generic technique that departs from an interactive zero-knowledge system (that might require multiple re-runs to complete the protocol) and obtains a 3-moves zero-knowledge system (without re-runs). The transformation combines the well-known Fiat-Shamir technique with a couple of initially exchanged messages. The resulting 3-moves system enjoys honest-verifier zero-knowledge and can be easily turned into a fully deniable proof using standard techniques. We show some practical scenarios where our transformation can be beneficial and we also discuss the results of an implementation of our transformation.
- 1.Agrawal, S., Kirshanova, E., Stehlé, D., Yadav, A.: Can round-optimal lattice-based blind signatures be practical? Cryptology ePrint Archive, Report 2021/1565 (2021). https://ia.cr/2021/1565Google Scholar
- 2.Ajtai, M.: Generating hard instances of lattice problems (extended abstract). In: Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing, New York, NY, USA, pp. 99–108. Association for Computing Machinery (1996)Google Scholar
- 3.BLAZE: practical lattice-based blind signatures for privacy-preserving applicationsFinancial Cryptography and Data Security2020ChamSpringer48450210.1007/978-3-030-51280-4_26Google ScholarDigital Library
- 4.On lattice-based interactive protocols: an approach with less or no abortsInformation Security and Privacy2020ChamSpringer416110.1007/978-3-030-55304-3_31459.94155Google ScholarDigital Library
- 5.Attema, T., Fehr, S.: Parallel repetition of -special-sound multi-round interactive proofs. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022. LNCS, vol. 13507, pp. 415–443. Springer, Cham (2022). DOI: https://doi.org/10.1007/978-3-031-15802-5_15Google Scholar
- 6.Attema, T., Fehr, S., Klooß, M.: Fiat-Shamir transformation of multi-round interactive proofs. IACR Cryptol. ePrint Arch. 1377 (2021)Google Scholar
- 7.BioID: a privacy-friendly identity documentSecurity and Trust Management2019ChamSpringer537010.1007/978-3-030-31511-5_4Google ScholarDigital Library
- 8.On removing rejection conditions in practical lattice-based signaturesPost-Quantum Cryptography2021ChamSpringer38039810.1007/978-3-030-81293-5_20Google ScholarDigital Library
- 9.Improved security notions and protocols for non-transferable identificationComputer Security - ESORICS 20082008HeidelbergSpringer36437810.1007/978-3-540-88313-5_24Google ScholarDigital Library
- 10.More efficient amortization of exact zero-knowledge proofs for LWEComputer Security – ESORICS 20212021ChamSpringer60862710.1007/978-3-030-88428-4_30Google ScholarDigital Library
- 11.Algebraic techniques for short(er) exact lattice-based zero-knowledge proofsAdvances in Cryptology – CRYPTO 20192019ChamSpringer17620210.1007/978-3-030-26948-7_7Google ScholarDigital Library
- 12.Security of the Fiat-Shamir transformation in the quantum random-oracle modelAdvances in Cryptology – CRYPTO 20192019ChamSpringer35638310.1007/978-3-030-26951-7_1307178457Google ScholarDigital Library
- 13.Practical exact proofs from lattices: new techniques to exploit fully-splitting ringsAdvances in Cryptology – ASIACRYPT 20202020ChamSpringer25928810.1007/978-3-030-64834-3_9Google ScholarDigital Library
- 14.Lattice-based zero-knowledge proofs: new techniques for shorter and faster constructions and applicationsAdvances in Cryptology – CRYPTO 20192019ChamSpringer11514610.1007/978-3-030-26948-7_5Google ScholarDigital Library
- 15.How (not) to achieve both coercion resistance and cast as intended verifiability in remote eVotingCryptology and Network Security2021ChamSpringer48349110.1007/978-3-030-92548-2_2507550505Google ScholarDigital Library
- 16.Lattice-based blind signatures, revisitedAdvances in Cryptology – CRYPTO 20202020ChamSpringer50052910.1007/978-3-030-56880-1_18Google ScholarDigital Library
- 17.A new simple technique to bootstrap various lattice zero-knowledge proofs to QROM secure NIZKsAdvances in Cryptology – CRYPTO 20212021ChamSpringer58061010.1007/978-3-030-84245-1_20Google ScholarDigital Library
- 18.Fiat-Shamir with aborts: applications to lattice and factoring-based signaturesAdvances in Cryptology – ASIACRYPT 20092009HeidelbergSpringer59861610.1007/978-3-642-10366-7_35Google ScholarDigital Library
- 19.Efficient lattice-based blind signatures via Gaussian one-time signaturesPublic-Key Cryptography – PKC 20222022ChamSpringer49852710.1007/978-3-030-97131-1_17Google ScholarDigital Library
- 20.Lyubashevsky, V., Nguyen, N.K., Plançon, M.: Lattice-based zero-knowledge proofs and applications: shorter, simpler, and more general. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022. LNCS, vol. 13508, pp. 71–101. Springer, Cham (2022). DOI: https://doi.org/10.1007/978-3-031-15979-4_3Google Scholar
- 21.Shorter lattice-based zero-knowledge proofs via one-time commitmentsPublic-Key Cryptography – PKC 20212021ChamSpringer21524110.1007/978-3-030-75245-3_9Google ScholarDigital Library
- 22.Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. J. ACM 60(6), 43:1–43:35 (2013)Google Scholar
- 23.Efficient deniable authentication for signaturesApplied Cryptography and Network Security2009HeidelbergSpringer27229110.1007/978-3-642-01957-9_17Google ScholarDigital Library
- 24.On deniability in the common reference string and random oracle modelAdvances in Cryptology - CRYPTO 20032003HeidelbergSpringer31633710.1007/978-3-540-45146-4_19Google Scholar
- 25.Security arguments for digital signatures and blind signaturesJ. Cryptol.200013336139610.1007/s0014500100031025.94015Google ScholarDigital Library
- 26.Lattice-based undeniable signature schemeAnn. Télécommun.2022773–411912610.1007/s12243-021-00843-1Google ScholarCross Ref
- 27.On-line non-transferable signatures revisitedPublic Key Cryptography – PKC 20112011HeidelbergSpringer36938610.1007/978-3-642-19379-8_23Google Scholar
- 28.A new identification scheme based on syndrome decodingAdvances in Cryptology — CRYPTO’ 931994HeidelbergSpringer132110.1007/3-540-48329-2_2Google Scholar
- 29.Post-quantum security of Fiat-ShamirAdvances in Cryptology – ASIACRYPT 20172017ChamSpringer659510.1007/978-3-319-70694-8_3Google Scholar
- 30.Efficient lattice-based zero-knowledge arguments with standard soundness: construction and applicationsAdvances in Cryptology – CRYPTO 20192019ChamSpringer14717510.1007/978-3-030-26948-7_6Google ScholarDigital Library
Index Terms
- How to Avoid Repetitions in Lattice-Based Deniable Zero-Knowledge Proofs
Recommendations
Pairing-based non-interactive zero-knowledge proofs
Pairing'10: Proceedings of the 4th international conference on Pairing-based cryptographyA non-interactive zero-knowledge proof permits the construction of a proof of the truth of a statement that reveals nothing else but the fact that the statement is true. Non-interactive zero-knowledge proofs are used in the construction of numerous ...
Zero-knowledge proofs of knowledge for group homomorphisms
A simple zero-knowledge proof of knowledge protocol is presented of which many known protocols are instantiations. These include Schnorr's protocol for proving knowledge of a discrete logarithm, the Fiat---Shamir and Guillou---Quisquater protocols for ...
Constant-round adaptive zero-knowledge proofs for NP
Secure two-party computation allows two parties with private inputs to securely compute some function of their inputs, even in the presence of a malicious adversary. In this work, we revisit zero-knowledge proofs and focus on adaptive adversaries, which ...
Comments