Skip to main content
SpringerLink
Log in

Black-Box Impossibilities of Obtaining 2-Round Weak ZK and Strong WI from Polynomial Hardness

  • Conference paper
  • First Online:
Theory of Cryptography (TCC 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 13042))

Included in the following conference series:

Abstract

We study the problem of obtaining 2-round interactive arguments for NP with weak zero-knowledge (weak ZK) [Dwork et al., 2003] or with strong witness indistinguishability (strong WI) [Goldreich, 2001] under polynomially hard falsifiable assumptions. We consider both the delayed-input setting [Jain et al., 2017] and the standard non-delayed-input setting, where in the delayed-input setting, (i) prover privacy is only required to hold against delayed-input verifiers (which learn statements in the last round of the protocol) and (ii) soundness is required to hold even against adaptive provers (which choose statements in the last round of the protocol).

Concretely, we show the following black-box (BB) impossibility results by relying on standard cryptographic primitives.

  1. 1.

    It is impossible to obtain 2-round delayed-input weak ZK arguments under polynomially hard falsifiable assumptions if BB reductions are used to prove soundness. This result holds even when non-black-box techniques are used to prove weak ZK.

  2. 2.

    It is impossible to obtain 2-round non-delayed-input strong WI arguments and 2-round publicly verifiable delayed-input strong WI arguments under polynomially hard falsifiable assumptions if a natural type of BB reductions, called “oblivious” BB reductions, are used to prove strong WI.

  3. 3.

    It is impossible to obtain 2-round delayed-input strong WI arguments under polynomially hard falsifiable assumptions if BB reductions are used to prove both soundness and strong WI (the BB reductions for strong WI are required to be oblivious as above). Compared with the above result, this result no longer requires public verifiability in the delayed-input setting.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Throughout this paper, we focus on interactive proofs/arguments for all NP.

  2. 2.

    Weak ZK is defined slightly differently in Bitansky et al. [5], where essentially \(\epsilon \)-weak ZK (for any inverse polynomial \(\epsilon \)) is referred as “weak ZK.” We follow other prior works [8, 12, 25] and require the distinguishing gap to be negligible.

  3. 3.

    In [5], weak ZK is proven by a non-black-box technique, but soundness is proven by a BB reduction.

  4. 4.

    It is easy to verify that for interactive proofs (rather than arguments) in the delayed-input setting, the classical impossibility result of 2-round ZK [18] can be extended to 2-round weak ZK.

  5. 5.

    This type of obliviousness is considered previously for witness hiding [23].

  6. 6.

    That is, a 2-round delayed-input strong WI protocol such that anyone can decide whether a proof is accepting or not given the protocol transcript (without knowing the verifier randomness).

  7. 7.

    In SPS ZK, the simulator is usually computationally bounded by a fixed moderate super-polynomial (e.g., a quasi-polynomial) but it can use its super-polynomial-time computing power arbitrarily. In pre-processing \((t, \epsilon )\)-ZK, the simulator is computationally unbounded but it can use its super-polynomial-time computing power only before receiving the statement.

  8. 8.

    Formally, \(R_{\textsc {swi}}\) also has oracle access to \(\mathcal {D}^{0}\) and \(\mathcal {D}^{1}\), but we ignore it for simplicity in this overview.

  9. 9.

    The soundness is proven based on quasi-polynomially hard assumptions.

  10. 10.

    It should be understood that the secret state that is generated in the first invocation of V is implicitly inherited by the second invocation of V.

  11. 11.

    Our definition of puncturable PKE is related to but is much simpler than the one that is proposed in [21].

  12. 12.

    We assume without loss of generality that on security parameter \(1^{n}\), \(\mathsf {Gen}\) and \(\mathsf {Enc}\) generate \((\mathsf {pk}, \mathsf {ct})\) such that \(|(\mathsf {pk}, \mathsf {ct}) | = n\).

References

  1. Badrinarayanan, S., Fernando, R., Jain, A., Khurana, D., Sahai, A.: Statistical ZAP Arguments. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12107, pp. 642–667. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45727-3_22

    Chapter  Google Scholar 

  2. Badrinarayanan, S., Garg, S., Ishai, Y., Sahai, A., Wadia, A.: Two-message witness indistinguishability and secure computation in the plain model from new assumptions. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10626, pp. 275–303. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70700-6_10

    Chapter  MATH  Google Scholar 

  3. Bellare, M., Micali, S., Ostrovsky, R.: The (true) complexity of statistical zero knowledge. In: 22nd ACM STOC, pp. 494–502. ACM Press, May 1990

    Google Scholar 

  4. Bitansky, N., Canetti, R., Paneth, O., Rosen, A.: On the existence of extractable one-way functions. SIAM J. Comput. 45(5), 1910–1952 (2016)

    Article  MathSciNet  Google Scholar 

  5. Bitansky, N., Khurana, D., Paneth, O.: Weak zero-knowledge beyond the black-box barrier. In: Charikar, M., Cohen, E. (eds.) 51st ACM STOC, pp. 1091–1102. ACM Press, June 2019

    Google Scholar 

  6. Brassard, G., Chaum, D., Crépeau, C.: Minimum disclosure proofs of knowledge. J. Comput. Syst. Sci. 37(2), 156–189 (1988)

    Article  MathSciNet  Google Scholar 

  7. Chung, K.M., Lui, E., Mahmoody, M., Pass, R.: Unprovable security of two-message zero knowledge. Cryptology ePrint Archive, Report 2012/711 (2012). https://eprint.iacr.org/2012/711

  8. Chung, K.-M., Lui, E., Pass, R.: From weak to strong zero-knowledge and applications. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9014, pp. 66–92. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46494-6_4

    Chapter  Google Scholar 

  9. Dachman-Soled, D., Jain, A., Kalai, Y.T., Lopez-Alt, A.: On the (in)security of the Fiat-Shamir paradigm, revisited. Cryptology ePrint Archive, Report 2012/706 (2012). https://eprint.iacr.org/2012/706

  10. Dolev, D., Dwork, C., Naor, M.: Nonmalleable cryptography. SIAM J. Comput. 30(2), 391–437 (2000)

    Article  MathSciNet  Google Scholar 

  11. Dwork, C., Naor, M.: Zaps and their applications. SIAM J. Comput. 36(6), 1513–1543 (2007). https://doi.org/10.1137/S0097539703426817

  12. Dwork, C., Naor, M., Reingold, O., Stockmeyer, L.J.: Magic functions. J. ACM 50(6), 852–921 (2003). https://doi.org/10.1145/950620.950623

  13. Feige, U., Lapidot, D., Shamir, A.: Multiple noninteractive zero knowledge proofs under general assumptions. SIAM J. Comput. 29(1), 1–28 (1999). https://doi.org/10.1137/S0097539792230010

  14. Feige, U., Shamir, A.: Witness indistinguishable and witness hiding protocols. In: 22nd ACM STOC, pp. 416–426. ACM Press, May 1990

    Google Scholar 

  15. Garg, S., Gentry, C., Sahai, A., Waters, B.: Witness encryption and its applications. In: Boneh, D., Roughgarden, T., Feigenbaum, J. (eds.) 45th ACM STOC, pp. 467–476. ACM Press, June 2013

    Google Scholar 

  16. Gentry, C., Wichs, D.: Separating succinct non-interactive arguments from all falsifiable assumptions. In: Fortnow, L., Vadhan, S.P. (eds.) 43rd ACM STOC, pp. 99–108. ACM Press, June 2011

    Google Scholar 

  17. Goldreich, O.: Foundations of Cryptography: Basic Tools, vol. 1. Cambridge University Press, Cambridge, UK (2001)

    Google Scholar 

  18. Goldreich, O., Oren, Y.: Definitions and properties of zero-knowledge proof systems. J. Cryptol. 7(1), 1–32 (1994)

    Article  MathSciNet  Google Scholar 

  19. Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186–208 (1989)

    Article  MathSciNet  Google Scholar 

  20. Goyal, V., Jain, A., Jin, Z., Malavolta, G.: Statistical zaps and new oblivious transfer protocols. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12107, pp. 668–699. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45727-3_23

    Chapter  Google Scholar 

  21. Green, M.D., Miers, I.: Forward secure asynchronous messaging from puncturable encryption. In: 2015 IEEE Symposium on Security and Privacy, pp. 305–320. IEEE Computer Society Press, May 2015

    Google Scholar 

  22. Groth, J., Ostrovsky, R., Sahai, A.: New techniques for noninteractive zero-knowledge. J. ACM 59(3), June 2012. https://doi.org/10.1145/2220357.2220358

  23. Haitner, I., Rosen, A., Shaltiel, R.: On the (Im)Possibility of Arthur-Merlin witness hiding protocols. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 220–237. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00457-5_14

    Chapter  MATH  Google Scholar 

  24. Håstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999)

    Article  MathSciNet  Google Scholar 

  25. Jain, A., Kalai, Y.T., Khurana, D., Rothblum, R.: Distinguisher-dependent simulation in two rounds and its applications. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 158–189. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63715-0_6

    Chapter  MATH  Google Scholar 

  26. Kalai, Y.T., Khurana, D., Sahai, A.: Statistical witness indistinguishability (and more) in two messages. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10822, pp. 34–65. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78372-7_2

    Chapter  MATH  Google Scholar 

  27. Khurana, D., Sahai, A.: How to achieve non-malleability in one or two rounds. In: Umans, C. (ed.) 58th FOCS, pp. 564–575. IEEE Computer Society Press, October 2017

    Google Scholar 

  28. Lombardi, A., Vaikuntanathan, V., Wichs, D.: Statistical ZAPR arguments from bilinear maps. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020, Part III. LNCS, vol. 12107, pp. 620–641. Springer, Heidelberg, May 2020

    Google Scholar 

  29. Naor, M.: On cryptographic assumptions and challenges (invited talk). In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 96–109. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45146-4_6

    Chapter  Google Scholar 

  30. Naor, M., Yung, M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: 22nd ACM STOC, pp. 427–437. ACM Press, May 1990

    Google Scholar 

  31. Pass, R.: Simulation in quasi-polynomial time, and its application to protocol composition. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 160–176. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_10

    Chapter  Google Scholar 

  32. Rackoff, C., Simon, D.R.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 433–444. Springer, Heidelberg (1992). https://doi.org/10.1007/3-540-46766-1_35

    Chapter  Google Scholar 

  33. Wichs, D.: Barriers in cryptography with weak, correlated and leaky sources. In: Kleinberg, R.D. (ed.) ITCS 2013, pp. 111–126. ACM, January 2013

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. NTT Research, Sunnyvale, CA, USA

    Susumu Kiyoshima

Authors
  1. Susumu Kiyoshima
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Susumu Kiyoshima .

Editor information

Editors and Affiliations

  1. Georgetown University, Washington, WA, USA

    Kobbi Nissim

  2. The University of Texas at Austin, Austin, TX, USA

    Brent Waters

Rights and permissions

Reprints and permissions

Copyright information

© 2021 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kiyoshima, S. (2021). Black-Box Impossibilities of Obtaining 2-Round Weak ZK and Strong WI from Polynomial Hardness. In: Nissim, K., Waters, B. (eds) Theory of Cryptography. TCC 2021. Lecture Notes in Computer Science(), vol 13042. Springer, Cham. https://doi.org/10.1007/978-3-030-90459-3_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-90459-3_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-90458-6

  • Online ISBN: 978-3-030-90459-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation