Abstract
Distributed Zero-Knowledge (dZK) proofs, recently introduced by Boneh et al. (CRYPTO‘19), allow a prover P to prove NP statements on an input x which is distributed between k verifiers V1, …, Vk, where each Vi holds only a piece of x. As in standard ZK proofs, dZK proofs guarantee Completeness when all parties are honest; Soundness against a malicious prover colluding with t verifiers; and Zero Knowledge against a subset of t malicious verifiers, in the sense that they learn nothing about the NP witness and the input pieces of the honest verifiers. Unfortunately, dZK proofs provide no correctness guarantee for an honest prover against a subset of maliciously corrupted verifiers. In particular, such verifiers might be able to “frame” the prover, causing honest verifiers to reject a true claim. This is a significant limitation, since such scenarios arise naturally in dZK applications, e.g., for proving honest behavior, and such attacks are indeed possible in existing dZKs (Boneh et al., CRYPTO‘19). We put forth and study the notion of strong completeness for dZKs, guaranteeing that true claims are accepted even when t verifiers are maliciously corrupted. We then design strongly-complete dZK proofs using the “MPC-in-the-head” paradigm of Ishai et al. (STOC‘07), providing a novel analysis that exploits the unique properties of the distributed setting. To demonstrate the usefulness of strong completeness, we present several applications in which it is instrumental in obtaining security. First, we construct a certifiable version of Verifiable Secret Sharing (VSS), which is a VSS in which the dealer additionally proves that the shared secret satisfies a given NP relation. Our construction withstands a constant fraction of corruptions, whereas a previous construction of Ishai et al. (TCC‘14) required k= poly(t). We also design a reusable version of certifiable VSS that we introduce, in which the dealer can prove an unlimited number of predicates on the same shared secret. Finally, we extend a compiler of Boneh et al. (CRYPTO‘19), who used dZKs to transform a class of “natural” semi-honest protocols in the honest-majority setting into maliciously secure ones with abort. Our compiler uses strongly-complete dZKs to obtain identifiable abort.
Original language | English |
---|---|
Title of host publication | Theory of Cryptography - 21st International Conference, TCC 2023, Proceedings |
Editors | Guy Rothblum, Hoeteck Wee |
Publisher | Springer Science and Business Media Deutschland GmbH |
Pages | 34-64 |
Number of pages | 31 |
ISBN (Print) | 9783031486142 |
DOIs | |
State | Published - 2023 |
Event | 21st International conference on Theory of Cryptography Conference, TCC 2023 - Taipei, Taiwan, Province of China Duration: 29 Nov 2023 → 2 Dec 2023 |
Publication series
Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|
Volume | 14369 LNCS |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Conference
Conference | 21st International conference on Theory of Cryptography Conference, TCC 2023 |
---|---|
Country/Territory | Taiwan, Province of China |
City | Taipei |
Period | 29/11/23 → 2/12/23 |
Bibliographical note
Publisher Copyright:© 2023, International Association for Cryptologic Research.
Funding
Acknowledgment. We thank Benny Applebaum for helpful discussions and for pointing out to us the reduction from VRS to dZK. The first and third authors are supported by the BIU Center for Research in Applied Crypytography and Cyber Security in conjunction with the Israel National Cyber Bureau in the Prime Minister’s Office. The first author is supported by ISF grant No. 1316/18. The first and second authors are supported by DARPA under Contract No. HR001120C0087. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the United States Government or DARPA. The first author is supported by the Algorand Centres of Excellence programme managed by Algorand Foundation. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of Algorand Foundation.
Funders | Funder number |
---|---|
Algorand Centres of Excellence | |
Algorand Foundation | |
Defense Advanced Research Projects Agency | HR001120C0087 |
Israel Science Foundation | 1316/18 |