Perfect Non-interactive Zero-Knowledge for NP

Slides:



Advertisements
Similar presentations
Perfect Non-interactive Zero-Knowledge for NP
Advertisements

Short Pairing-based Non-interactive Zero-Knowledge Arguments Jens Groth University College London TexPoint fonts used in EMF. Read the TexPoint manual.
Simulation-sound NIZK Proofs for a Practical Language and Constant Size Group Signatures Jens Groth University of California Los Angeles Presenter: Eike.
Non-interactive Zero- Knowledge Arguments for Voting Jens Groth UCLA.
Short Non-interactive Zero-Knowledge Proofs
A Verifiable Secret Shuffle of Homomorphic Encryptions Jens Groth UCLA On ePrint archive:
Rerandomizable and Replayable Adaptive Chosen Ciphertext Attack Secure Cryptosystems Jens Groth BRICS, University of Aarhus Cryptomathic A/S.
Efficient Zero-Knowledge Argument for Correctness of a Shuffle Stephanie Bayer University College London Jens Groth University College London.
Efficient Non-interactive Proof Systems for Bilinear Groups Jens Groth University College London Amit Sahai University of California Los Angeles TexPoint.
On the Amortized Complexity of Zero-Knowledge Proofs Ronald Cramer, CWI Ivan Damgård, Århus University.
Time Complexity P vs NP.
Private Circuits Protecting Circuits Against Side-Channel Attacks Yuval Ishai Technion & UCLA Based on joint works with Manoj Prabhakaran, Amit Sahai,
Spreading Alerts Quietly and the Subgroup Escape Problem Aleksandr Yampolskiy (Yale) Joint work with James Aspnes, Zoë Diamadi, Kristian Gjøsteen, and.
Efficient Non-Interactive Zero Knowledge Arguments for Set Operations Prastudy Fauzi, Helger Lipmaa, Bingsheng Zhang University of Tartu, University of.
Efficient Zero-Knowledge Proof Systems Jens Groth University College London.
Probabilistically checkable proofs, hidden random bits and non-interactive zero-knowledge proofs Jens Groth University College London TexPoint fonts used.
1 Identity-Based Zero-Knowledge Jonathan Katz Rafail Ostrovsky Michael Rabin U. Maryland U.C.L.A. Harvard U.
Foundations of Cryptography Lecture 13 Lecturer: Moni Naor.
Sub-linear Zero-Knowledge Argument for Correctness of a Shuffle Jens Groth University College London Yuval Ishai Technion and University of California.
Efficient Zero-Knowledge Proof Systems Jens Groth University College London.
Efficient Zero-Knowledge Proof Systems Jens Groth University College London FOSAD 2014.
Non-interactive Zaps and New Techniques for NIZK Jens Groth Rafail Ostrovsky Amit Sahai University of California Los Angeles.
Ring Signatures of Sub- linear Size without Random Oracles Nishanth Chandran Jens Groth Amit Sahai University of California Los Angeles TexPoint fonts.
Cryptography in Subgroups of Z n * Jens Groth UCLA.
Non-interactive and Reusable Non-malleable Commitments Ivan Damgård, BRICS, Aarhus University Jens Groth, Cryptomathic A/S.
Zero Knowledge Proofs. Interactive proof An Interactive Proof System for a language L is a two-party game between a verifier and a prover that interact.
Sub-linear Size Pairing-Based Non-interactive Zero-Knowledge Arguments Jens Groth University College London TexPoint fonts used in EMF. Read the TexPoint.
ON THE PROVABLE SECURITY OF HOMOMORPHIC ENCRYPTION Andrej Bogdanov Chinese University of Hong Kong Bertinoro Summer School | July 2014 based on joint work.
Linear Algebra with Sub-linear Zero-Knowledge Arguments Jens Groth University College London TexPoint fonts used in EMF. Read the TexPoint manual before.
Fine-Tuning Groth-Sahai Proofs Alex Escala Scytl Secure Electronic Voting Jens Groth University College London.
Pairing-Based Non-interactive Proofs Jens Groth University College London Joint work with Rafail Ostrovsky and Amit Sahai Thanks also to Brent Waters TexPoint.
Efficient Zero-Knowledge Proofs Jens Groth University College London.
Unified, Minimal and Selectively Randomizable Structure-Preserving Signatures Masayaki Abe, NTT Jens Groth, University College London Miyako Ohkubo, NICT.
Quantum Homomorphic Encryption
Private Keyword Search on Streaming Data Rafail Ostrovsky William Skeith UCLA (patent pending)
Public Key Encryption with keyword Search Author: Dan Boneh Rafail Ostroversity Giovanni Di Crescenzo Giuseppe Persiano Presenter: 陳昱圻.
The Paillier Cryptosystem
New Techniques for NIZK Jens Groth Rafail Ostrovsky Amit Sahai University of California Los Angeles.
Polynomially Homomorphic Signatures Dan Boneh Stanford University Joint work with David Freeman.
Witness Encryption and Indistinguishability Obfuscation from the Multilinear Subgroup Elimination Assumption Craig Gentry IBM Allison Lewko Columbia Amit.
Algebraic Lower Bounds for Computing on Encrypted Data Rafail Ostrovsky William E. Skeith III.
1 Efficient Ring Signatures Without Random Oracles Hovav Shacham and Brent Waters.
CRYPTOGRAPHIC HARDNESS OTHER FUNCTIONALITIES Andrej Bogdanov Chinese University of Hong Kong MACS Foundations of Cryptography| January 2016.
1 Compact Group Signatures Without Random Oracles Xavier Boyen and Brent Waters.
Pairing-Based Non-interactive Zero-Knowledge Proofs Jens Groth University College London Based on joint work with Amit Sahai.
Distributed Secure Multiparty Computations in Hostile Environments by Joel Dominic, James Hunt, and Adam Mcculloch.
Cryptographic Shuffles Jens Groth University College London TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAAAAAAAAAAAA.
Graphs 4/13/2018 5:25 AM Presentation for use with the textbook, Algorithm Design and Applications, by M. T. Goodrich and R. Tamassia, Wiley, 2015 NP-Completeness.
Topic 36: Zero-Knowledge Proofs
The Exact Round Complexity of Secure Computation
On the Size of Pairing-based Non-interactive Arguments
Foundations of Secure Computation
Jens Groth, University College London
Linear Algebra with Sub-linear Zero-Knowledge Arguments
Verifiable Oblivious Storage
NP-Completeness NP-Completeness Graphs 11/16/2018 2:32 AM x x x x x x
cryptographic protocols 2014, lecture 14 Groth-Sahai proofs
Shorter Quasi-Adaptive NIZK Proofs for Linear Subspaces
cryptographic protocols 2014, lecture 12 Getting full zero knowledge
cryptographic protocols 2016, lecture 13 Sigma protocols for DL
Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data An, Sanghong KAIST
NP-Completeness NP-Completeness Graphs 12/3/2018 2:46 AM x x x x x x x
cryptographic protocols 2016, lecture 16 Groth-Sahai proofs
Alessandra Scafuro Practical UC security Black-box protocols
Zcash adds privacy to Bitcoin’s decentralization
Start by talking about lattice assumption on which protocol is based
Fiat-Shamir for Highly Sound Protocols is Instantiable
Short Pairing-based Non-interactive Zero-Knowledge Arguments
Jens Groth and Mary Maller University College London
Presentation transcript:

Perfect Non-interactive Zero-Knowledge for NP Jens Groth Rafail Ostrovsky Amit Sahai UCLA Will appear on ePrint archive shortly

Non-Interactive Zero-Knowledge common reference string σ C(w)=1 circuit C P V proof/argument π Problems even computational NIZK inefficient no statistical NIZK arguments for NP no UC NIZK arguments for NP

Our contributions Computational NIZK proof for Circuit SAT - O(k)-bit common reference string - O(|C|k)-bit proofs Perfect NIZK argument for Circuit SAT - non-adaptive soundness - adaptive soundness (restrictions) Perfect zero-knowledge UC NIZK argument for Circuit SAT

BGN cryptosystem (TCC 2005) Setup G group of order n = pq bilinear map e: G  G  G1 pk = (n, G, G1, e, g, h) ord(g) = n, ord(h) = q Additively homomorphic gm1hr1 gm2hr2 = gm1+m2hr1+r2 Multiplication-mapping e(gm1hr1, gm2hr2) = e(g,g)m1m2e(h,gm1r2+m2r1hr1r2) Decision subgroup problem ord(h) = q or ord(h) = n ?

NIZK proof NIZK for Circuit SAT (NAND-gates) BGN-encrypt all wires NIZK proof 0 or 1 plaintexts * - e(c, cg-1) encrypts 0 NIZK proof encrypted bits respect NAND-gates Zero-knowledge simulation ord(g) = ord(h) = n gmhr is perfectly hiding

Perfect zero-knowledge Perfect NIZK argument ord(g) = ord(h) = n Adaptive soundness problem - C satisfiable on ord(h) = q reference string - C unsatisfiable on ord(h) = n ref. string Solution restrict ourselves to circuits of small size so 2|C|log|C|Adv-SD(k) is negligible

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.