International Association for Cryptologic Research

International Association
for Cryptologic Research


Witness Authenticating NIZKs and Applications

Hanwen Feng , Beihang University
Qiang Tang , University of Sydney
DOI: 10.1007/978-3-030-84259-8_1 (login may be required)
Search ePrint
Search Google
Conference: CRYPTO 2021
Abstract: We initiate the study of witness authenticating NIZK proof systems (waNIZKs), in which one can use a witness $w$ of a statement $x$ to identify whether a valid proof for $x$ is indeed generated using $w$. Such a new identification functionality enables more diverse applications, and it also puts new requirements on soundness that: (1) no adversary can generate a valid proof that will not be identified by any witness; (2) or forge a proof using her valid witness to frame others. To work around the obvious obstacle towards conventional zero-knowledgeness, we define entropic zero-knowledgeness that requires the proof to leak no partial information, if the witness has sufficient computational entropy. We give a formal treatment of this new primitive. The modeling turns out to be quite involved and multiple subtle points arise and particular cares are required. We present general constructions from standard assumptions. We also demonstrate three applications in non-malleable (perfect one-way) hash, group signatures with verifier-local revocations and plaintext-checkable public-key encryption. Our waNIZK provides a new tool to advance the state of the art in all these applications.
Video from CRYPTO 2021
  title={Witness Authenticating NIZKs and Applications},
  author={Hanwen Feng and Qiang Tang},