Efficiency Limitations of Σ-Protocols for Group Homomorphisms Revisited

Terelius, Björn; Wikström, Douglas

doi:10.1007/978-3-642-32928-9_26

Cited by 5 publications

(6 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Moreover, the bottleneck of our instantiation is the use of binary challenges in a zero knowledge proof of knowledge, used during key generation, in order to cope with the fact we are working in a cyclic subgroup of a group of unknown order and that we can not check that elements belong to the subgroup. There have been many proposals to deal with generalized Schnorr proofs in groups of unknown order (see for instance the framework of [CKY09] using safeguard groups, or [TW12]). For the case of subgroups of (Z/nZ) × , efficient solutions for this type of proofs enlarge the challenge space, and rely on variants of the strong RSA assumption.…”

Section: Resultsmentioning

confidence: 99%

Two-Party ECDSA from Hash Proof Systems and Efficient Instantiations

Castagnos

Catalano

Laguillaumie

et al. 2019

Advances in Cryptology – CRYPTO 2019

View full text Add to dashboard Cite

ECDSA is a widely adopted digital signature standard. Unfortunately, efficient distributed variants of this primitive are notoriously hard to achieve and known solutions often require expensive zero knowledge proofs to deal with malicious adversaries. For the two party case, Lindell [Lin17] recently managed to get an efficient solution which, to achieve simulation-based security, relies on an interactive, non standard, assumption on Paillier's cryptosystem. In this paper we generalize Lindell's solution using hash proof systems. The main advantage of our generic method is that it results in a simulation-based security proof without resorting to non-standard interactive assumptions. Moving to concrete constructions, we show how to instantiate our framework using class groups of imaginary quadratic fields. Our implementations show that the practical impact of dropping such interactive assumptions is minimal. Indeed, while for 128-bit security our scheme is marginally slower than Lindell's, for 256-bit security it turns out to be better both in key generation and signing time. Moreover, in terms of communication cost, our implementation significantly reduces both the number of rounds and the transmitted bits without exception.

show abstract

Section: Resultsmentioning

confidence: 99%

Two-Party ECDSA from Hash Proof Systems and Efficient Instantiations

Castagnos

Catalano

Laguillaumie

et al. 2019

Advances in Cryptology – CRYPTO 2019

View full text Add to dashboard Cite

show abstract

“…For a single proof it cannot be applied. Finally, Bangerter et al [6] and Terelius et al [60] show a lower bound on soundness error for constant round sigma-like protocols in the standard model (no CRS, no RO), that translates to 1/2 for common parameters.…”

Section: Proofs Over Groups Of Unknownmentioning

confidence: 99%

“…In this work we design efficient designated-verifier ZK protocols for knowledge and range of RSA group homomorphisms, which have negligible soundness error without repetitions even when the group is maliciously chosen. The main unifying ideas of all our techniques are (1) an alternative approach to Σ-protocols' witness extraction and (2) a careful realisation through homomorphic encryption with respect to (also potentially subverted) verifier's modulus, which allows hiding protocol challenges from the prover in a way that prevents lower-bound attacks of [6,60].…”

Section: Overview Of Techniquesmentioning

confidence: 99%

See 1 more Smart Citation

Zero-Knowledge Arguments for Subverted RSA Groups

Kolonelos

Maller²,

Volkhov

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

This work investigates zero-knowledge protocols in subverted RSA groups where the prover can choose the modulus and where the verifier does not know the group order. We introduce a novel technique for extracting the witness from a general homomorphism over a group of unknown order that does not require parallel repetitions. We then present a NIZK range proof for general homomorphisms as Paillier encryptions in the designated verifier model that works under a subverted setup. The key ingredient of our proof is a constant sized NIZK proof of knowledge for a plaintext. Security is proven in the ROM assuming an IND-CPA additively homomorphic encryption scheme. The verifier's public key can be maliciously generated and is reusable and linear in the number of proofs to be verified.

show abstract

“…In the context of verifiable electronic voting mix-nets are also required to be verifiable. This is achieved by proving the correctness of the shuffle using a ZKP, of which two techniques are dominant; namely those of Bayer and Groth [4] and that of Terelius and Wikström [23]. Both techniques are general in nature and tend to be optimised for the particularities of the system in which they are used.…”

Section: Introductionmentioning

confidence: 99%

Improvements in Everlasting Privacy: Efficient and Secure Zero Knowledge Proofs

Haines

Gritti

2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Verifiable electronic voting promises to ensure the correctness of elections even in the presence of a corrupt authority, while providing strong privacy guarantees. However, few practical systems with end-to-end verifiability are expected to offer long term privacy, let alone guarantee it. Since good guarantees of privacy are essential to the democratic process, good guarantees of everlasting privacy must be a major goal of secure online voting systems. Various currently proposed solutions rely on unusual constructions whose security has not been established. Further, the cost of verifying the zero knowledge proofs of other solutions has only been partially analysed. Our work builds upon Moran and Naor's solution-and its extensions, applications and generalisationsto present a scheme which is additively homomorphic, efficient to verify, and rests upon well studied assumptions.

show abstract

Efficiency Limitations of Σ-Protocols for Group Homomorphisms Revisited

Cited by 5 publications

References 17 publications

Two-Party ECDSA from Hash Proof Systems and Efficient Instantiations

Two-Party ECDSA from Hash Proof Systems and Efficient Instantiations

Zero-Knowledge Arguments for Subverted RSA Groups

Improvements in Everlasting Privacy: Efficient and Secure Zero Knowledge Proofs

Contact Info

Product

Resources

About