On Adaptive Security of Delayed-Input Sigma Protocols and Fiat-Shamir NIZKs

Michele Ciampi, Roberto Parisella, Daniele Venturi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

We study adaptive security of delayed-input Sigma protocols and non-interactive zero-knowledge (NIZK) proof systems in the common reference string (CRS) model. Our contributions are threefold:

- We exhibit a generic compiler taking any delayed-input Sigma protocol and returning a delayed-input Sigma protocol satisfying adaptive-input special honest-verifier zero knowledge (SHVZK). In case the initial Sigma protocol also satisfies adaptive-input special soundness, our compiler preserves this property.
- We revisit the recent paradigm by Canetti et al. (STOC 2019) for obtaining NIZK proof systems in the CRS model via the Fiat-Shamir transform applied to so-called trapdoor Sigma protocols, in the context of adaptive security. In particular, assuming correlation-intractable hash functions for all sparse relations, we prove that Fiat-Shamir NIZKs satisfy either:
- (i) Adaptive soundness (and non-adaptive zero knowledge), so long as the challenge is obtained by hashing both the prover’s first round and the instance being proven;

- (ii) Adaptive zero knowledge (and non-adaptive soundness), so long as the challenge is obtained by hashing only the prover’s first round, and further assuming that the initial trapdoor Sigma protocol satisfies adaptive-input SHVZK.


- We exhibit a generic compiler taking any Sigma protocol and returning a trapdoor Sigma protocol. Unfortunately, this transform does not preserve the delayed-input property of the initial Sigma protocol (if any). To complement this result, we also give yet another compiler taking any delayed-input trapdoor Sigma protocol and returning a delayed-input trapdoor Sigma protocol with adaptive-input SHVZK.

An attractive feature of our first two compilers is that they allow obtaining efficient delayed-input Sigma protocols with adaptive security, and efficient Fiat-Shamir NIZKs with adaptive soundness (and non-adaptive zero knowledge) in the CRS model. Prior to our work, the latter was only possible using generic NP reductions.
Original languageEnglish
Title of host publicationSecurity and Cryptography for Networks. SCN 2020
EditorsClemente Galdi, Vladimir Kolesnikov
PublisherSpringer
Pages670-690
Number of pages21
ISBN (Electronic)978-3-030-57990-6
ISBN (Print)978-3-030-57989-0
DOIs
Publication statusPublished - 7 Sept 2020
Event12th Conference on Security and Cryptography for Networks - Virtual Conference
Duration: 14 Sept 202016 Sept 2020
https://scn.unisa.it/

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
Volume12238
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference12th Conference on Security and Cryptography for Networks
Abbreviated titleSCN 2020
CityVirtual Conference
Period14/09/2016/09/20
Internet address

Fingerprint

Dive into the research topics of 'On Adaptive Security of Delayed-Input Sigma Protocols and Fiat-Shamir NIZKs'. Together they form a unique fingerprint.

Cite this