Libert, Benoît
[Technicolor, France]
Peters, Thomas
[UCL]
Joye, Marc
[Technicolor, France]
Yung, Moti
[Columbia University, USA]
Verifiability is central to building protocols and systems with integrity. Initially, efficient methods employed the Fiat-Shamir heuristics. Since 2008, the Groth-Sahai techniques have been the most efficient in constructing non-interactive witness indistinguishable and zero-knowledge proofs for algebraic relations. For the important task of proving membership in linear subspaces, Jutla and Roy (Asiacrypt 2013) gave significantly more efficient proofs in the quasi-adaptive setting (QA-NIZK). For membership of the row space of a t x n matrix, their QA-NIZK proofs save O(2t) group elements compared to Groth-Sahai. Here, we give QA-NIZK proofs made of a constant number group elements -- regardless of the number of equations or the number of variables -- and additionally prove them unbounded simulation-sound. Unlike previous unbounded simulation-sound Groth-Sahai-based proofs, our construction does not involve quadratic pairing product equations and does not rely on a chosen-ciphertext-secure encryption scheme. We then apply our methods to design new and improved CCA2-secure encryption schemes. In particular, we build the first efficient threshold CCA-secure keyed-homomorphic encryption scheme (i.e., where homomorphic operations can only be carried out using a dedicated evaluation key) with publicly verifiable ciphertexts.
Bibliographic reference |
Libert, Benoît ; Peters, Thomas ; Joye, Marc ; Yung, Moti. Non-Malleability from Malleability: Simulation-Sound Quasi-Adaptive NIZK Proofs and CCA2-Secure Encryption from Homomorphic Signatures.Advances in Cryptology - EUROCRYPT 2014 - 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques (Copenhagen (Denmark), du 11/05/2014 au 15/05/2014). In: Proceedings of Advances in Cryptology - EUROCRYPT 2014 - 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2014 |
Permanent URL |
http://hdl.handle.net/2078.1/137948 |