Multi-theorem preprocessing NIZKs from lattices. (English) Zbl 1457.94151
Summary: Non-interactive zero-knowledge (NIZK) proofs are fundamental to modern cryptography. Numerous NIZK constructions are known in both the random oracle and the common reference string (CRS) models. In the CRS model, there exist constructions from several classes of cryptographic assumptions such as trapdoor permutations, pairings, and indistinguishability obfuscation. However, at the time of the initial publication of this work, we did not have constructions of NIZKs from standard lattice assumptions. In this work, we take an initial step toward constructing multi-theorem NIZKs for general \(\mathsf{NP}\) languages from standard lattice assumptions by considering a relaxation to the preprocessing model and a new model we call the designated-prover model. In the preprocessing model, a setup algorithm generates secret proving and verification keys for the prover and the verifier, respectively. In the designated-prover model, the proving key is secret, but the verification key is public. In both settings, the proving key is used to construct proofs and the verification key is used to check proofs. Finally, in the multi-theorem setting, both the proving and verification keys should be reusable for an unbounded number of theorems without compromising soundness or zero-knowledge. Previous constructions of NIZKs in the preprocessing model that rely on weaker assumptions like one-way functions or oblivious transfer are only secure in a single-theorem setting. Thus, constructing multi-theorem NIZKs in these relaxed models does not seem to be inherently easier than constructing them in the CRS model. In this work, we first construct a multi-theorem preprocessing NIZK argument from context-hiding homomorphic signatures. In fact, the construction is a designated-prover NIZK. We also show that using homomorphic commitments, we can get statistically sound proofs in the preprocessing and designated-prover models. Together with lattice-based instantiations of homomorphic signatures and commitments, we obtain the first multi-theorem NIZKs in the preprocessing and designated-prover models from standard lattice assumptions. Finally, we show how to generalize our construction to obtain a universally composable NIZK (UC-NIZK) in the preprocessing model from standard lattice assumptions. Our UC-NIZK relies on a simple preprocessing protocol based on a new primitive we call blind homomorphic signatures.
Software:
DVNIZKReferences:
| [1] | S. Agrawal, D. Boneh, X. Boyen, Efficient lattice (H)IBE in the standard model, in EUROCRYPT (2010) · Zbl 1227.94022 |
| [2] | G. Ateniese, R.C. Burns, R. Curtmola, J. Herring, Lea Kissner, Z. N.J. Peterson, D.X. Song, Provable data possession at untrusted stores, in ACM CCS (2007) |
| [3] | J.H. Ahn, D. Boneh, J. Camenisch, S. Hohenberger, A. Shelat, Brent Waters, Computing on authenticated data. J. Cryptology28(2) (2015) · Zbl 1314.94100 |
| [4] | M. Abe, A secure three-move blind signature scheme for polynomially many signatures, in EUROCRYPT (2001) · Zbl 0981.94031 |
| [5] | B. Applebaum, D. Cash, C. Peikert, A. Sahai, Fast cryptographic primitives and circular-secure encryption based on hard learning problems, in CRYPTO (2009) · Zbl 1252.94044 |
| [6] | M. Abe, G. Fuchsbauer, J. Groth, K. Haralambiev, M. Ohkubo, Structure-preserving signatures and commitments to group elements, in CRYPTO (2010) · Zbl 1280.94102 |
| [7] | M. Abe, K. Haralambiev, M. Ohkubo, Signing on elements in bilinear groups for modular protocol design, IACR Cryptology ePrint Archive (2010) |
| [8] | G. Asharov, A. Jain, A. López-Alt, E. Tromer, V. Vaikuntanathan, D. Wichs, Multiparty computation with low communication, computation and interaction via threshold FHE, in EUROCRYPT (2012) · Zbl 1297.94042 |
| [9] | M. Ajtai, Generating hard instances of lattice problems, in STOC (1996) · Zbl 0921.11071 |
| [10] | M. Ajtai, Generating hard instances of the short basis problem, in ICALP (1999) · Zbl 0987.94021 |
| [11] | G. Ateniese, S. Kamara, J. Katz, Proofs of storage from homomorphic identification protocols, in ASIACRYPT (2009) · Zbl 1267.94033 |
| [12] | N. Attrapadung, B. Libert, Homomorphic network coding signatures in the standard model, in PKC (2011) · Zbl 1291.94177 |
| [13] | M. Abe, M. Ohkubo, A framework for universally composable non-committing blind signatures, in ASIACRYPT (2009) · Zbl 1267.94113 |
| [14] | J. Alwen, C. Peikert, Generating shorter bases for hard random lattices, in STACS (2009) · Zbl 1236.94049 |
| [15] | J. Alperin-Sheriff, C. Peikert, Faster bootstrapping with polynomial error, in CRYPTO (2014) · Zbl 1336.94034 |
| [16] | N. Alamati, C. Peikert, N. Stephens-Davidowitz, New (and old) proof systems for lattice problems, in PKC (2018) · Zbl 1420.94032 |
| [17] | F. Benhamouda, O. Blazy, L. Ducas, W. Quach, Hash proof systems over lattices revisited, in PKC (2018) · Zbl 1400.94119 |
| [18] | E. Boyle, G. Couteau, N. Gilboa, Y. Ishai, Compressing vector OLE, in ACM CCS (2018) |
| [19] | M. Blum, A. De Santis, S. Micali, G. Persiano, Noninteractive zero-knowledge. SIAM J. Comput.20(6) (1991) · Zbl 0738.68027 |
| [20] | D. Beaver, Efficient multiparty protocols using circuit randomization, in CRYPTO (1991) · Zbl 0789.68061 |
| [21] | D. Boneh, D.M. Freeman, Homomorphic signatures for polynomial functions, in EUROCRYPT (2011) · Zbl 1281.94072 |
| [22] | D. Boneh, D.M. Freeman, Linearly homomorphic signatures over binary fields and new tools for lattice-based signatures, in PKC (2011) · Zbl 1291.94181 |
| [23] | C. Brzuska, M. Fischlin, T. Freudenreich, A. Lehmann, M. Page, J. Schelbert, D. Schröder, F. Volk, Security of sanitizable signatures revisited, in PKC (2009) · Zbl 1227.94073 |
| [24] | D. Boneh, D.M. Freeman, J. Katz, B. Waters, Signing a linear subspace: Signature schemes for network coding, in PKC (2009) · Zbl 1227.68024 |
| [25] | M. Blum, P. Feldman, S. Micali, Non-interactive zero-knowledge and its applications, in STOC (1988) |
| [26] | M. Backes, D. Fiore, R.M. Reischuk, Verifiable delegation of computation on outsourced data, in ACM CCS (2013) |
| [27] | M. Bellare, O. Goldreich, On defining proofs of knowledge, in CRYPTO (1992) · Zbl 0823.94016 |
| [28] | D. Boneh, C. Gentry, S. Gorbunov, S. Halevi, V. Nikolaenko, G. Segev, V. Vaikuntanathan, D. Vinayagamurthy, Fully key-homomorphic encryption, arithmetic circuit ABE and compact garbled circuits, in EUROCRYPT (2014) · Zbl 1327.94035 |
| [29] | E. Boyle, N. Gilboa, Y. Ishai, Breaking the circuit size barrier for secure computation under DDH, in CRYPTO (2016) · Zbl 1384.94038 |
| [30] | F. Baldimtsi, A. Lysyanskaya, Anonymous credentials light, in ACM CCS (2013) |
| [31] | Z. Brakerski, A. Langlois, C. Peikert, O. Regev, D. Stehlé, Classical hardness of learning with errors, in STOC (2013) · Zbl 1293.68159 |
| [32] | M. Blum, How to prove a theorem so no one else can claim it, in Proceedings of the International Congress of Mathematicians, vol. 1 (1986) · Zbl 0672.94005 |
| [33] | M. Bellare, C. Namprempre, D. Pointcheval, M. Semanko, The one-more-rsa-inversion problems and the security of Chaum’s blind signature scheme. J. Cryptology16(3) (2003) · Zbl 1045.94012 |
| [34] | A. Boldyreva, T. signatures, multisignatures and blind signatures based on the gap-Diffie-Hellman-group signature scheme, in PKC (2003) · Zbl 1033.94552 |
| [35] | Brands, SA, Rethinking public key infrastructures and digital certificates: building in privacy (2000), Cambridge: MIT Press, Cambridge |
| [36] | Z. Brakerski, V. Vaikuntanathan, Lattice-based FHE as secure as PKE, in ITCS (2014) · Zbl 1364.94528 |
| [37] | M. Bellare, M. Yung, Certifying cryptographic tools: The case of trapdoor permutations, in CRYPTO (1992), pp. 442-460 · Zbl 0817.94011 |
| [38] | R. Canetti, Universally composable security: A new paradigm for cryptographic protocols, in FOCS (2001) |
| [39] | R. Canetti, Universally composable signature, certification, and authentication, in CSFW (2004) |
| [40] | D. Catalano, Homomorphic signatures and message authentication codes, in SCN (2014) · Zbl 1378.94029 |
| [41] | P. Chaidos, G. Couteau, Efficient designated-verifier non-interactive zero-knowledge proofs of knowledge, in EUROCRYPT (2018) · Zbl 1415.94415 |
| [42] | R. Canetti, Y. Chen, J. Holmgren, A. Lombardi, G.N. Rothblum, R.D. Rothblum, Fiat-Shamir from simpler assumptions, IACR Cryptology ePrint Archive (2018) · Zbl 1434.94060 |
| [43] | R. Canetti, Y. Chen, J. Holmgren, A. Lombardi, G.N. Rothblum, R.D. Rothblum, D. Wichs, Fiat-Shamir: from practice to theory, in STOC (2019) |
| [44] | R. Canetti, Y. Chen, L. Reyzin, On the correlation intractability of obfuscated pseudorandom functions, in TCC (2016) · Zbl 1388.94038 |
| [45] | R. Canetti, Y. Chen, L. Reyzin, R.D. Rothblum, Fiat-Shamir and correlation intractability from strong KDM-secure encryption, in EUROCRYPT (2018) · Zbl 1423.94058 |
| [46] | R. Cramer, I. Damgård, Secret-key zero-knowlegde and non-interactive verifiable exponentiation, in TCC (2004) · Zbl 1197.94216 |
| [47] | D. Catalano, D. Fiore. Practical homomorphic MACs for arithmetic circuits, in EUROCRYPT (2013) · Zbl 1306.94101 |
| [48] | D. Catalano, D. Fiore, R. Gennaro, L. Nizzardo, Generalizing homomorphic MACs for arithmetic circuits, in PKC (2014) · Zbl 1335.94036 |
| [49] | D. Catalano, D. Fiore, B. Warinschi, Efficient network coding signatures in the standard model, in PKC (2012) · Zbl 1291.94182 |
| [50] | D. Catalano, D. Fiore, B. Warinschi, Homomorphic signatures with efficient verification for polynomial functions, in CRYPTO (2014) · Zbl 1345.94049 |
| [51] | P. Chaidos, J. Groth, Making sigma-protocols non-interactive without random oracles, in PKC (2015) · Zbl 1345.94051 |
| [52] | G. Couteau, D. Hofheinz, Designated-verifier pseudorandom generators, and their applications, in EUROCRYPT (2019) · Zbl 1509.94078 |
| [53] | D. Chaum, Blind signatures for untraceable payments, in CRYPTO (1982) · Zbl 0521.94012 |
| [54] | R. Canetti, S. Halevi, J. Katz, A forward-secure public-key encryption scheme, IACR Cryptology ePrint Archive (2003) · Zbl 1037.68532 |
| [55] | D. Cash, D. Hofheinz, E. Kiltz, C. Peikert, Bonsai trees, or how to delegate a lattice basis, in EUROCRYPT (2010) · Zbl 1280.94043 |
| [56] | J. Camenisch, M. Koprowski, B. Warinschi, Efficient blind signatures without random oracles, in SCN (2004) · Zbl 1116.94311 |
| [57] | R. Canetti, A. Lichtenberg, Certifying trapdoor permutations, revisited, in TCC (2018) · Zbl 1443.94049 |
| [58] | R. Canetti, Y. Lindell, R. Ostrovsky, A. Sahai, Universally composable two-party and multi-party secure computation, in STOC (2002) · Zbl 1192.94112 |
| [59] | R. Canetti, A. Lombardi, D. Wichs, Non-interactive zero knowledge and correlation intractability from circular-secure FHE, IACR Cryptology ePrint Archive (2018) |
| [60] | R. Canetti, T. Rabin, Universal composition with joint state, in CRYPTO (2003) · Zbl 1122.94360 |
| [61] | R. Cramer, V. Shoup, Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption, in EUROCRYPT (2002) · Zbl 1055.94011 |
| [62] | I. Damgård, Non-interactive circuit based proofs and non-interactive perfect zero-knowledge with proprocessing, in EUROCRYPT (1992) |
| [63] | A. De Santis, G. Di Crescenzo, R. Ostrovsky, G. Persiano, A. Sahai, Robust non-interactive zero knowledge, in CRYPTO (2001) · Zbl 1003.94526 |
| [64] | I. Damgård, N. Fazio, A. Nicolosi, Non-interactive zero-knowledge from homomorphic encryption, in TCC (2006) · Zbl 1112.94007 |
| [65] | A. De Santis, S. Micali, G. Persiano, Non-interactive zero-knowledge proof systems, in CRYPTO (1987) · Zbl 0645.68100 |
| [66] | A. De Santis, S. Micali, G. Persiano, Non-interactive zero-knowledge with preprocessing, in CRYPTO (1988) · Zbl 0645.68100 |
| [67] | I. Damgård, V. Pastro, N.P. Smart, S. Zakarias, Multiparty computation from somewhat homomorphic encryption, in CRYPTO (2012) · Zbl 1296.94104 |
| [68] | Y. Dodis, S.P. Vadhan, D. Wichs, Proofs of retrievability via hardness amplification, in TCC (2009) · Zbl 1213.68246 |
| [69] | G. Fuchsbauer, C. Hanser, C. Kamath, D. Slamanig, Practical round-optimal blind signatures in the standard model from weaker assumptions, in SCN (2016) · Zbl 1482.94067 |
| [70] | G. Fuchsbauer, C. Hanser, D. Slamanig, Practical round-optimal blind signatures in the standard model, in CRYPTO (2015) · Zbl 1351.94045 |
| [71] | M. Fischlin, Round-optimal composable blind signatures in the common reference string model. in CRYPTO (2006) · Zbl 1161.94441 |
| [72] | U. Feige, D. Lapidot, A. Shamir, Multiple non-interactive zero knowledge proofs based on a single random string, in FOCS (1990) |
| [73] | D. Fiore, A. Mitrokotsa, L. Nizzardo, E. Pagnin, Multi-key homomorphic authenticators, in ASIACRYPT (2016) · Zbl 1407.94169 |
| [74] | D.M. Freeman, Improved security for linearly homomorphic signatures: A generic framework, in PKC (2012) · Zbl 1291.94186 |
| [75] | A. Fiat, A. Shamir, How to prove yourself: Practical solutions to identification and signature problems, in CRYPTO (1986) · Zbl 0636.94012 |
| [76] | G. Fuchsbauer, Automorphic signatures in bilinear groups and an application to round-optimal blind signatures, IACR Cryptology ePrint Archive (2009) · Zbl 1248.94104 |
| [77] | C. Gentry, Fully homomorphic encryption using ideal lattices, in STOC (2009) · Zbl 1304.94059 |
| [78] | C. Gentry, J. Groth, Y. Ishai, C. Peikert, A. Sahai, A.D. Smith, Using fully homomorphic hybrid encryption to minimize non-interative zero-knowledge proofs. J. Cryptology28(4) (2015) · Zbl 1332.94066 |
| [79] | R. Gennaro, J. Katz, H. Krawczyk, T. Rabin, Secure network coding over the integers, in PKC (2010) · Zbl 1279.94075 |
| [80] | S. Goldwasser, S. Micali, C. Rackoff, The knowledge complexity of interactive proof-systems (extended abstract), in STOC (1985) · Zbl 0900.94025 |
| [81] | O. Goldreich, S. Micali, A. Wigderson, How to prove all np-statements in zero-knowledge, and a methodology of cryptographic protocol design, in CRYPTO (1986) · Zbl 0636.94010 |
| [82] | O. Goldreich, S. Micali, A. Wigderson, How to play any mental game or A completeness theorem for protocols with honest majority, in STOC (1987) |
| [83] | O. Goldreich, Y. Oren, Definitions and properties of zero-knowledge proof systems. J. Cryptology7(1) (1994) · Zbl 0791.94010 |
| [84] | O. Goldreich, Basing non-interactive zero-knowledge on (enhanced) trapdoor permutations: The state of the art, in Studies in Complexity and Cryptography. Miscellanea on the Interplay between Randomness and Computation (2011) · Zbl 1343.94053 |
| [85] | J. Groth, R. Ostrovsky, A. Sahai, Perfect non-interactive zero knowledge for NP, in EUROCRYPT (2006) · Zbl 1129.94025 |
| [86] | C. Gentry, C. Peikert, V. Vaikuntanathan, Trapdoors for hard lattices and new cryptographic constructions, in STOC (2008) · Zbl 1231.68124 |
| [87] | O. Goldreich, R.D. Rothblum, Enhancements of trapdoor permutations. J. Cryptology26(3) (2013) · Zbl 1372.94427 |
| [88] | J. Groth, Simulation-sound NIZK proofs for a practical language and constant size group signatures, in ASIACRYPT (2006) · Zbl 1172.94615 |
| [89] | J. Groth, Short non-interactive zero-knowledge proofs, in ASIACRYPT (2010) · Zbl 1253.94050 |
| [90] | S. Garg, V. Rao, A. Sahai, D. Schröder, D. Unruh, Round optimal blind signatures, in CRYPTO (2011) · Zbl 1290.94075 |
| [91] | J. Groth, A. Sahai, Efficient non-interactive proof systems for bilinear groups, in EUROCRYPT (2008) · Zbl 1149.94320 |
| [92] | E. Ghadafi, N.P. Smart, Efficient two-move blind signatures in the common reference string model, in ISC (2012) |
| [93] | S. Garg, A. Srinivasan, Two-round multiparty secure computation from minimal assumptions, in EUROCRYPT (2018) · Zbl 1428.94072 |
| [94] | C. Gentry, A. Sahai, B. Waters, Homomorphic encryption from learning with errors: Conceptually-simpler, asymptotically-faster, attribute-based, in CRYPTO (2013) · Zbl 1310.94148 |
| [95] | S. Gorbunov, D. Vinayagamurthy, Riding on asymmetry: Efficient ABE for branching programs, in ASIACRYPT (2015) · Zbl 1380.94094 |
| [96] | S. Gorbunov, V. Vaikuntanathan, D. Wichs, Leveled fully homomorphic signatures from standard lattices, in STOC (2015) · Zbl 1321.94062 |
| [97] | R. Gennaro, D. Wichs, Fully homomorphic message authenticators, in ASIACRYPT (2013) · Zbl 1326.94126 |
| [98] | L. Hanzlik, K. Kluczniak, A short paper on blind signatures from knowledge assumptions, in Financial Cryptography (2016) · Zbl 1403.94098 |
| [99] | J. Holmgren, A. Lombardi, Cryptographic hashing from strong one-way functions (or: One-way product functions and their applications), in FOCS (2018) |
| [100] | Y. Ishai, E. Kushilevitz, R. Ostrovsky, A. Sahai, Zero-knowledge proofs from secure multiparty computation. SIAM J. Comput.39(3) (2009) · Zbl 1192.68239 |
| [101] | J. Kilian, S. Micali, R. Ostrovsky, Minimum resource zero-knowledge proofs, in CRYPTO (1989) |
| [102] | S. Katsumata, R. Nishimaki, S. Yamada, T. Yamakawa, Designated verifier/prover and preprocessing NIZKs from Diffie-Hellman assumptions, in EUROCRYPT (2019) · Zbl 1509.94101 |
| [103] | J. Kilian, E. Petrank, An efficient non-interactive zero-knowledge proof system for NP with general assumptions. Journal of Cryptology11(1) (1998) · Zbl 1019.94014 |
| [104] | Y.T. Kalai, R. Raz, Succinct non-interactive zero-knowledge proofs with preprocessing for LOGSNP, in FOCS (2006) |
| [105] | Y.T. Kalai, G.N. Rothblum, R.D. Rothblum, From obfuscation to the security of Fiat-Shamir for proofs, in CRYPTO (2017) · Zbl 1409.94881 |
| [106] | J. Katz, V. Vaikuntanathan, Smooth projective hashing and password-based authenticated key exchange from lattices, in ASIACRYPT (2009) · Zbl 1267.94122 |
| [107] | S. Kim, D.J. Wu, Multi-theorem preprocessing NIZKs from lattices, in CRYPTO (2018) · Zbl 1436.94075 |
| [108] | A. Kiayias, H.-S. Zhou, Concurrent blind signatures without random oracles, in SCN (2006) · Zbl 1152.94427 |
| [109] | S. Ling, K. Nguyen, D. Stehlé, H. Wang, Improved zero-knowledge proofs of knowledge for the ISIS problem, and applications, in PKC (2013) · Zbl 1314.94087 |
| [110] | Y. Lindell, B. Pinkas, An efficient protocol for secure two-party computation in the presence of malicious adversaries, in EUROCRYPT (2007) · Zbl 1141.94362 |
| [111] | A. Lombardi, W. Quach, R.D. Rothblum, D. Wichs, D.J. Wu, New constructions of reusable designated-verifier NIZKs, IACR Cryptology ePrint Archive (2019) · Zbl 1509.94117 |
| [112] | D. Lapidot, A. Shamir, Publicly verifiable non-interactive zero-knowledge proofs, in CRYPTO (1990) · Zbl 0800.68414 |
| [113] | V. Lyubashevsky, D. Wichs, Simple lattice trapdoor sampling from a broad class of distributions, in PKC (2015) · Zbl 1345.94079 |
| [114] | D. Micciancio, Almost perfect lattices, the covering radius problem, and applications to Ajtai’s connection factor. SIAM J. Comput.34(1) (2004) · Zbl 1112.68067 |
| [115] | D. Micciancio, P. Mol. Pseudorandom knapsacks and the sample complexity of LWE search-to-decision reductions, in CRYPTO (2011) · Zbl 1287.94085 |
| [116] | D. Micciancio, C. Peikert, Trapdoors for lattices: Simpler, tighter, faster, smaller, in EUROCRYPT (2012) · Zbl 1297.94090 |
| [117] | D. Micciancio, C. Peikert, Hardness of SIS and LWE with small parameters, in CRYPTO (2013) · Zbl 1310.94161 |
| [118] | D. Micciancio, O. Regev, Worst-case to average-case reductions based on gaussian measures. SIAM J. Comput.37(1) (2007) · Zbl 1142.68037 |
| [119] | P. Mukherjee, D. Wichs, Two round multiparty computation via multi-key FHE, in EUROCRYPT (2016) · Zbl 1351.94060 |
| [120] | M. Naor, O. Reingold, Number-theoretic constructions of efficient pseudo-random functions, in FOCS (1997) · Zbl 1248.94086 |
| [121] | C. Peikert, Public-key cryptosystems from the worst-case shortest vector problem, in STOC (2009) · Zbl 1304.94079 |
| [122] | D. Pointcheval, J. Stern, Security proofs for signature schemes, in EUROCRYPT (1996) · Zbl 1304.94106 |
| [123] | D. Pointcheval, J. Stern, Security arguments for digital signatures and blind signatures. J. Cryptology13(3) (2000) · Zbl 1025.94015 |
| [124] | R. Pass, a. shelat, Unconditional characterizations of non-interactive zero-knowledge, in CRYPTO (2005) · Zbl 1145.94473 |
| [125] | C. Peikert, S. Shiehian, Noninteractive zero knowledge for NP from (plain) learning with errors, IACR Cryptology ePrint Archive (2019) · Zbl 1456.94106 |
| [126] | R. Pass, A. Shelat, V. Vaikuntanathan, Construction of a non-malleable encryption scheme from any semantically secure one, in CRYPTO (2006) · Zbl 1161.94424 |
| [127] | C. Peikert, V. Vaikuntanathan, Noninteractive statistical zero-knowledge proofs for lattice problems, in CRYPTO (2008) · Zbl 1183.94045 |
| [128] | C. Peikert, V. Vaikuntanathan, B. Waters, A framework for efficient and composable oblivious transfer, in CRYPTO (2008) · Zbl 1183.94046 |
| [129] | W. Quach, R.D. Rothblum, D. Wichs, Reusable designated-verifier NIZKs for all NP from CDH, in EUROCRYPT (2019) · Zbl 1509.94132 |
| [130] | O. Regev, On lattices, learning with errors, random linear codes, and cryptography, in STOC (2005) · Zbl 1192.94106 |
| [131] | R.D. Rothblum, A. Sealfon, K. Sotiraki, Towards non-interactive zero-knowledge for NP from LWE, in PKC (2019) · Zbl 1447.94055 |
| [132] | M. Rückert, Lattice-based blind signatures, in ASIACRYPT (2010) · Zbl 1253.94073 |
| [133] | C.-P. Schnorr, Efficient identification and signatures for smart cards, in CRYPTO (1989) · Zbl 0722.68050 |
| [134] | A. De Santis, G. Persiano, Zero-knowledge proofs of knowledge without interaction, in FOCS (1992) · Zbl 0942.68606 |
| [135] | H. Shacham, B. Waters, Compact proofs of retrievability, in ASIACRYPT (2008) · Zbl 1206.68110 |
| [136] | A. Sahai, B. Waters, How to use indistinguishability obfuscation: deniable encryption, and more, in STOC (2014) · Zbl 1315.94102 |
| [137] | X. Xie, R. Xue, M. Wang, Zero knowledge proofs from ring-lwe, in CANS (2013) |
| [138] | J. Zhang, Y. Yu, Two-round PAKE from approximate SPH and instantiations from lattices, in ASIACRYPT (2017) · Zbl 1417.94088 |
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.
