International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News item: 17 September 2015

Alonso González, Alejandro Hevia, Carla Ràfols
ePrint Report ePrint Report
A sequence of recent works have constructed constant-size quasi-adaptive (QA) NIZK argu- ments of membership in linear subspaces of $G^m$, where $G$ is a group equipped with a bilinear map $e : G × H \\to T$. Although applicable to any bilinear group, these techniques are less useful in the asymmetric case. For example, Jutla and Roy (Crypto 2014) show how to do QA aggregation of Groth-Sahai proofs, but the types of equations which can be aggregated are more restricted in the asymmetric setting. Furthermore, there are natural statements which cannot be expressed as membership in linear subspaces, for example the satisfiability of quadratic equations.

In this paper we develop specific techniques for asymmetric groups. We introduce a new computational assumption, under which we can recover all the aggregation results of Groth- Sahai proofs known in the symmetric setting. We adapt the arguments of membership in linear spaces of $G^m$ to linear subspaces of $G^m \\times H^n . In particular, we give a constant-size argument that two sets of Groth-Sahai commitments, defined over different groups $G$, $H$, open to the same scalars in $Z_q$, a useful tool to prove satisfiability of quadratic equations in $Z_q$. We then use one of the arguments for subspaces in $G^m \\times H^n$ and develop new techniques to give constant-size QA-NIZK proofs that a commitment opens to a bit-string. To the best of our knowledge, these are the first constant-size proofs for quadratic equations in $Z_q$ under standard and falsifiable assumptions. As a result, we obtain improved threshold Groth-Sahai proofs for pairing product equations, ring signatures, proofs of membership in a list, and various types of signature schemes.

Expand

Additional news items may be found on the IACR news page.