Advanced Concepts in Zero-Knowledge Proofs

unique nizks unique nizks and and steganography n.w
1 / 62
Embed
Share

Explore the evolution of zero-knowledge proofs, from the introduction by Goldwasser, Micali, and Rackoff in 1985 to modern techniques like Sahai-Waters NIZK and unique proofs. Discover the implications of removing interaction in proofs and the quest for unique accepting proofs.

  • Zero-Knowledge Proofs
  • NIZK
  • Unique Proofs
  • Sahai-Waters
  • Advanced Techniques
rayaanacharya
marisbsh Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Unique NIZKs Unique NIZKs and and Steganography Steganography Detection Detection W I L L Y W I L L Y Q U A C H Q U A C H , , L A K Y AH T Y N E R L A K Y AH T Y N E R , , A N D D A N I E L A N D D A N I E L W I C H S W I C H S

  2. Motivation Motivation Zero-knowledge proofs were introduced in 1985 by Goldwasser, Micali and, Rackoff ? ?? ?? ? ????? ???

  3. Motivation Motivation Zero-knowledge proofs were introduced in 1985 by Goldwasser, Micali and, Rackoff ? ?? ?? ? ????? ???

  4. Motivation Motivation Zero-knowledge proofs were introduced in 1985 by Goldwasser, Micali and, Rackoff ? ?? ?? ? ????? ??

  5. Motivation Motivation What if we remove interaction? Blum, Feldman, and Micali 1988 tells us we need a ??? ??? ? ?? ?? ??? ?? ??? [BFM88, FLS90, CHK03, GOS06, CCH+19, PS19]

  6. Motivation Motivation Sahai-Waters NIZK (from iO) has a deterministic prover ??? ? ?? ?? ??? So the prover send the same proof for a given statement

  7. Motivation Motivation Adversary could find a different proof that the verifier accepts ??? ? ?? ?? ??? ? ?? ?? ??

  8. Motivation Motivation Could there exists only a single unique accepting proof for a statement ?? ??? ? ?? ?? ???

  9. Motivation Motivation Uniqueness implies witness encryption, even when the prover is honest and even without ZK ??? ? ?? ?? ??? ? ? We can convert Sahai-Waters proof into a unique proof using injective OWF

  10. The Model and Our Results The Model and Our Results We consider a version of unique zero-knowledge proofs (UNIZKs) [Lepinski, Micali, shelat 05] with the following two relaxations: Stat. unique proofs proofs ? for NP languages with comp. unique witnesses witnesses ? 1. Any malicious ? who can produce accepting ? ? for ? also knows valid ? ? UNIZKs with prover setup. Given a ??? the prover samples random (??,??) 2. ?? is used to generate proofs for arbitrarily many statements. Once ?? is fixed, subsequent proofs are unique * We show that removing either relaxation implies witness encryption

  11. The Model and Our Results The Model and Our Results Assuming the hardness of Learning with Errors (LWE), we build multi- theorem Unique NIZKs (UNIZKs) for NP satisfying adaptive* soundness/uniqueness/zero-knowledge. *Adversary can see the ??? before choosing statement

  12. Prior Work Prior Work Fair Zero-Knowledge [Lepinski, Micali, shelat 05] Essentially equivalent definition of uniqueness but they achieve UNIZKs under Quadratic Residuosity Open question to get UNIZKs from other assumptions Steganography Free Zero Knowledge (SF-ZK) [Abdolmaleki et al. 22] Similar definition but interactive proof and interactive setup between P and V

  13. Application: Steganography Detection Application: Steganography Detection Consider a server that generates DSA signatures

  14. Application: Steganography Detection Application: Steganography Detection If the server is compromised then it could leak information about ?? steganographically The signatures are randomized so the server could intelligently choose which signatures to send

  15. Application: Steganography Detection Application: Steganography Detection Authority sets up a PRF Server uses a UNIZK to prove that randomness used is from PRF

  16. Recall: Recall: Multi-theorem UNIZK satisfying adaptive soundness/uniqueness/zero-knowledge against maliciously generated keys

  17. Recall: Recall: Multi-Single theorem UNIZK satisfying adaptive soundness/uniqueness/zero-knowledge against maliciouslyhonestly generated keys

  18. Single Theorem UNIZK with Honest Prover Setup Single Theorem UNIZK with Honest Prover Setup ?

  19. Single Theorem UNIZK with Honest Prover Setup Single Theorem UNIZK with Honest Prover Setup ? {0,1} ?

  20. Single Theorem UNIZK with Honest Prover Setup Single Theorem UNIZK with Honest Prover Setup ??? ? {0,1} ?

  21. Single Theorem UNIZK with Honest Prover Setup Single Theorem UNIZK with Honest Prover Setup ?? ? {0,1} ?

  22. Single Theorem UNIZK with Honest Prover Setup Single Theorem UNIZK with Honest Prover Setup ?? ?,? ? ? commitments to labels

  23. Single Theorem UNIZK with Honest Prover Setup Single Theorem UNIZK with Honest Prover Setup ?? *permuted for ? ?,? ? } ?? = { , , commitments to garbling randomness commitments to labels ?? = { } , openings to labels openings to garbling randomness

  24. Single Theorem UNIZK with Honest Prover Setup Single Theorem UNIZK with Honest Prover Setup ?? ?,? Opening to labels for ?||?

  25. Single Theorem UNIZK with Honest Prover Setup Single Theorem UNIZK with Honest Prover Setup ? } ?? = { , , ?? commitments to garbling randomness commitments to labels Opening to labels for ?||? correspond? and openings labels (?,?) ? {0,1}

  26. Proof Intuition Proof Intuition *permuted for ? } ????? = { ? } ?? = { , , Opening to labels for ?||? commitments to garbling randomness commitments to labels Soundness follows from binding of commitments and correctness of garbling Uniqueness holds as long as commitments have statistically unique openings Zero-Knowledge follow from hiding of the commitments

  27. Recall: Recall: Multi-Single theorem UNIZK satisfying adaptive soundness/uniqueness/zero-knowledge against maliciouslyhonestly generated keys

  28. Recall: Recall: Multi-theorem UNIZK satisfying adaptive soundness/uniqueness/zero-knowledge against maliciouslyhonestly generated keys

  29. Transformation to Multi Transformation to Multi- -theorem: Take 1 theorem: Take 1 Similar to transformation from one Similar to transformation from one- -time to many time to many- -time signatures time signatures (??,??) (??0,??0) (??1,??1) (??01,??01) (??00,??00) (??10,??10) (??11,??11) . . . . . .

  30. Transformation to Multi Transformation to Multi- -theorem: Take 1 theorem: Take 1 Similar to transformation from one Similar to transformation from one- -time to many time to many- -time signatures time signatures commitment to PRF (??0,??0) Madre (??01,??01) Ni a (??00,??00) Ni o Generates ??00,??00 and (??01,??01) Proves that task #1 is done wrt a committed PRF key using single theorem UNIZK

  31. Transformation to Multi Transformation to Multi- -theorem: Take 1 theorem: Take 1 Similar to transformation from one Similar to transformation from one- -time to many time to many- -time signatures time signatures (??,??) commitment to PRF (??0,??0) (??1,??1) . . . . . . (??01,??01) (??00,??00) (??10,??10) (??11,??11) (???,???)

  32. Transformation to Multi Transformation to Multi- -theorem: Take 1 theorem: Take 1 Similar to transformation from one Similar to transformation from one- -time to many time to many- -time signatures time signatures (??,??) commitment to PRF (??0,??0) (??1,??1) . . . . . . (??01,??01) (??00,??00) (??10,??10) (??11,??11) (???,???)

  33. Multi Multi- -theorem: Take 1 Summary theorem: Take 1 Summary Similar to transformation from one Similar to transformation from one- -time to many time to many- -time signatures time signatures ????? ???? (??,??) ?? = { } ?,? (???,???) commitment to PRF ? (??0,??0) Single theorem UNIZK (??01,??01) s? = { ? } , opening for ? commitment (???,???) The security of the parent single theorem proofs ensures soundness + uniqueness of the child proofs

  34. Issue with previous attempt Issue with previous attempt Recall that ?? for single theorem proof includes garbled ? which grows with ||?|| *permuted for ? ? } ?? = { , , commitments to garbling randomness commitments to labels

  35. Issue with previous attempt Issue with previous attempt | generated child keys using ? | = ? | generated child keys using ? | = ?

  36. Issue with previous attempt Issue with previous attempt | generated child keys using ? | = ? |??0| | generated child keys using ? | = ? |??1|

  37. Issue with previous attempt Issue with previous attempt ?? ??0 + ??1 2? | generated child keys using ? | = ? |??0| | generated child keys using ? | = ? |??1|

  38. Issue with previous attempt Issue with previous attempt ?? ??0 + ??1 2? | generated child keys using ? | = ? |??0| | generated child keys using ? | = ? |??1| Need a single-theorem UNIZK that can prove statements about setup efficiently Use FHE to get one with fixed key size for arbitrary statements

  39. Recall: Recall: Multi-theorem UNIZK satisfying adaptive soundness/uniqueness/zero-knowledge against maliciouslyhonestly generated keys

  40. Recall: Recall: Multi-theorem UNIZK satisfying adaptive soundness/uniqueness/zero-knowledge against maliciously generated keys

  41. Multi Multi- -theorem with Malicious Keys theorem with Malicious Keys ????? (??,??) (??0,??0) (??1,??1) (??01,??01) (??00,??00) (??10,??10) (??11,??11) . . . . . .

  42. Summary Summary Defining UNIZKs Application for Steganography Detection Constructed Single-theorem UNIZKs Constructed Multi-theorem UNIZKs from Single-theorem Constructed Multi-theorem UNIZKs with malicious keys

  43. Thank you!

  44. Proof Intuition for Multi Proof Intuition for Multi- -theorem theorem

  45. Proof Intuition: Multi Proof Intuition: Multi- -theorem Zero Knowledge theorem Zero Knowledge ????? ???? (??,??) ?,? ?? = { } {???}? , (???,???) commitment to PRF ? (??0,??0) (??01,??01) Single theorem UNIZK s? = { } ? {???}? , , (???,???) opening for ? commitment

  46. Proof Intuition: Soundness Proof Intuition: Soundness ????? ???? (??,??) pseudo ?,? ?? = { } {???}? , (???,???) commitment to PRF ? (??0,??0) pseudo (??01,??01) pseudo Single theorem UNIZK s? = { } ? {???}? , , (???,???) pseudo opening for ? commitment

  47. Proof Intuition: Uniqueness Proof Intuition: Uniqueness (??,??) (??,??) ?,? ?,? (???,???) (???,???) (??0,??0) (??0,??0) (??01,??01) (??01,??01) Single theorem UNIZK Single theorem UNIZK (???,???) (???,???) Proof #1 Proof #2

  48. Proof Intuition: Uniqueness Proof Intuition: Uniqueness (??,??) (??,??) ?,? ?,? (???,???) (???,???) (??0,??0) (??0,??0) (??01,??01) (??01,??01) Single theorem UNIZK Single theorem UNIZK (???,???) (???,???) Proof #1 Proof #2

  49. Proof Intuition: Uniqueness Proof Intuition: Uniqueness (??,??) (??,??) ?,? ?,? (???,???) (???,???) (??0,??0) (??0,??0) (??01,??01) (??01,??01) Single theorem UNIZK Single theorem UNIZK (???,???) (???,???) Proof #1 Proof #2

  50. Proof Intuition: Uniqueness Proof Intuition: Uniqueness statement = generated child keys using ? statement = generated child keys using ? witness = {?, witness = {?, } } opening for ? commitment opening for ? commitment Proof #1 Proof #2

Related


Visual Presentation Slides from Griffin & Pustay on International Business

Visual Presentation Slides from Griffin & Pustay on International Business

langston
Tentative Timeline for Submission Process and Visual Slides

Tentative Timeline for Submission Process and Visual Slides

severin
Visual Presentation Slides for Webinar

Visual Presentation Slides for Webinar

adelheid
ARGOS Inventory by Fund Queries Presentation Slides

ARGOS Inventory by Fund Queries Presentation Slides

fionn
Slides Gallery for Presentation

Slides Gallery for Presentation

arav
Beautiful Slides Showcase

Beautiful Slides Showcase

emilie
Collection of Beautiful Slides for Presentation

Collection of Beautiful Slides for Presentation

delphi
Instructions for Using These Slides

Instructions for Using These Slides

mars
Physics Presentation Slides on Rotational Motion, Thermodynamics, and Data-Based Questions

Physics Presentation Slides on Rotational Motion, Thermodynamics, and Data-Based Questions

laila
Visual Presentation Slides Showcase

Visual Presentation Slides Showcase

luella
Collection of Slides with Descriptions

Collection of Slides with Descriptions

astraea
Visual Presentation Slides Collection

Visual Presentation Slides Collection

xochitl
Guidelines for Using UPMC PowerPoint Template

Guidelines for Using UPMC PowerPoint Template

zayd
Visual Presentation Slides Collection

Visual Presentation Slides Collection

tansy
Beautiful Presentation Slides Showcase

Beautiful Presentation Slides Showcase

asta
Visual Drill and Alphabet Presentation Slides Collection

Visual Drill and Alphabet Presentation Slides Collection

dulcie
Analysis of 'The Scholarship Jacket' by Marta Salinas

Analysis of 'The Scholarship Jacket' by Marta Salinas

absalom
Visual Presentation Slides Collection

Visual Presentation Slides Collection

talullah
Presentation Slides Showcase

Presentation Slides Showcase

aoife
Collection of Slides for Presentation

Collection of Slides for Presentation

imelda
Louisiana's MFP Formula 2018-19

Louisiana's MFP Formula 2018-19

jorgie
Comprehensive Update on Legislative Bills, Budget Allocation, and Reporting Requirements

Comprehensive Update on Legislative Bills, Budget Allocation, and Reporting Requirements

macaulay

More Related Content