## CryptoDB

### Paper: On QA-NIZK in the BPK Model

Authors: Behzad Abdolmaleki Helger Lipmaa Janno Siim Michał Zając DOI: 10.1007/978-3-030-45374-9_20 Search ePrint Search Google Recently, Bellare et al. defined subversion-resistance (security in the case the CRS creator may be malicious) for NIZK. In particular, a Sub-ZK NIZK is zero-knowledge, even in the case of subverted CRS. We study Sub-ZK QA-NIZKs, where the CRS can depend on the language parameter. First, we observe that subversion zero-knowledge (Sub-ZK) in the CRS model corresponds to no-auxiliary-string non-black-box NIZK in the Bare Public Key model, and hence, the use of non-black-box techniques is needed to obtain Sub-ZK. Second, we give a precise definition of Sub-ZK QA-NIZKs that are (knowledge-)sound if the language parameter but not the CRS is subverted and zero-knowledge even if both are subverted. Third, we prove that the most efficient known QA-NIZK for linear subspaces by Kiltz and Wee is Sub-ZK under a new knowledge assumption that by itself is secure in (a weaker version of) the algebraic group model. Depending on the parameter setting, it is (knowledge-)sound under different non-falsifiable assumptions, some of which do not belong to the family of knowledge assumptions.
##### BibTeX
@article{pkc-2020-30300,
title={On QA-NIZK in the BPK Model},
booktitle={Public-Key Cryptography – PKC 2020},
series={Public-Key Cryptography – PKC 2020},
publisher={Springer},
volume={12110},
pages={590-620},
doi={10.1007/978-3-030-45374-9_20},
author={Behzad Abdolmaleki and Helger Lipmaa and Janno Siim and Michał Zając},
year=2020
}