International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: Triply Adaptive UC NIZK

Ran Canetti , Boston University
Xiao Wang , Northwestern University
Pratik Sarkar , Boston University
Search ePrint
Search Google
Presentation: Slides
Conference: ASIACRYPT 2022
Abstract: Non-interactive zero knowledge (NIZK) enables a prover, to prove that a statement in an NP language is valid, given an accepting witness, without leaking any information about the witness. We study universally composable (UC) NIZKs which are secure against adaptive corruption of parties and provides adaptive soundness, i.e. the statement is adaptively chosen by a malicious prover based on the setup string distribution. The only known adaptively secure NIZK protocols either fail to achieve full adaptive soundness or rely on non-falsifiable knowledge assumptions. We construct the first NIZK protocols which are triply adaptive - secure against adaptive corruptions, guarantees adaptive soundness and satisfies adaptive zero knowledge, from falsifiable assumptions. We do so using the following methodology: - We define a new ideal functionality, denoted as F_NICOM, for non-interactive commitment schemes in the UC framework. - We define and construct Sigma protocols which satisfy triply adaptive security in the F_NICOM model. - By relying on correlation intractable (CI) hash functions, we compile a triply adaptively secure Sigma protocol (in F_NICOM model) into a triply adaptive UC-NIZK argument in the F_NICOM+common reference string (crs) model. In addition to CI hash functions, our compiler requires standard cryptographic primitives - non-interactive equivocal commitments and public key encryption with obliviously samplable ciphertexts, for implementing F_NICOM in the crs model. We instantiate our framework by demonstrating that most statically secure Sigma protocols can be proven to be triply adaptively secure in the F_NICOM model, hence, bridging the gap between static and adaptive security for NIZKs. Our NIZK arguments can be concretely based on assumptions, like LWE, or LPN and DDH.
Video from ASIACRYPT 2022
  title={Triply Adaptive UC NIZK},
  author={Ran Canetti and Xiao Wang and Pratik Sarkar},