## CryptoDB

### Paper: Witness Authenticating NIZKs and Applications

Authors: Hanwen Feng , Beihang University Qiang Tang , University of Sydney DOI: 10.1007/978-3-030-84259-8_1 (login may be required) Search ePrint Search Google CRYPTO 2021 We initiate the study of witness authenticating NIZK proof systems (waNIZKs), in which one can use a witness $w$ of a statement $x$ to identify whether a valid proof for $x$ is indeed generated using $w$. Such a new identification functionality enables more diverse applications, and it also puts new requirements on soundness that: (1) no adversary can generate a valid proof that will not be identified by any witness; (2) or forge a proof using her valid witness to frame others. To work around the obvious obstacle towards conventional zero-knowledgeness, we define entropic zero-knowledgeness that requires the proof to leak no partial information, if the witness has sufficient computational entropy. We give a formal treatment of this new primitive. The modeling turns out to be quite involved and multiple subtle points arise and particular cares are required. We present general constructions from standard assumptions. We also demonstrate three applications in non-malleable (perfect one-way) hash, group signatures with verifier-local revocations and plaintext-checkable public-key encryption. Our waNIZK provides a new tool to advance the state of the art in all these applications.
##### BibTeX
@inproceedings{crypto-2021-31163,
title={Witness Authenticating NIZKs and Applications},
publisher={Springer-Verlag},
doi={10.1007/978-3-030-84259-8_1},
author={Hanwen Feng and Qiang Tang},
year=2021
}