Non-interactive Zero-Knowledge Proofs
Lead Research Organisation:
University College London
Department Name: Adastral Park Campus
Abstract
Society is becoming increasingly digitalized and interconnected. When building the future society it is important to think about security; we need protection against criminal organizations, hostile nations and other types of adversaries that may use techniques such as eavesdropping and wiretapping, hacking, attempts of impersonation, etc. In short, we need secure protocols.Two important issues frequently come up when designing secure protocols between two or more parties: verifiability and privacy. As an example, consider a protocol by which an internet bank customer gains access to her account. On one hand the internet bank wants to verify that it is talking to its customer, on the other hand the customer wants her password to remain private. As a more general example, verifiability and privacy issues come up whenever we need to verify that somebody is following a particular protocol correctly, yet that person or entity has some secrets that cannot be revealed.This proposal relates to techniques in the field of cryptography known as zero-knowledge proofs, which simultaneously provide verification and privacy. A zero-knowledge proof allows one party to convince another party that a certain statement is true without leaking any other information. The internet bank customer can for instance convince the bank that she should get access to her account without even sending a password or any other private information over the internet. Or in the more general example, somebody we are interacting with can convince us that they are following the protocol without divulging their private information.Zero-knowledge proofs can be both interactive and non-interactive. Whereas the two parties exchange messages back and forth in standard zero-knowledge proofs, a non-interactive zero-knowledge proof consists of a single message that is sent from one party to the other. This distinction is important since there are many examples of non-interactive tasks, where only one party acts. For instance, we can make a digital signature on a document without interacting with other parties. Non-interactive zero-knowledge proofs can be used in connection with such non-interactive tasks.In this research project we intend to improve state of the art in non-interactive zero-knowledge proofs. We will construct more efficient non-interactive zero-knowledge proofs. We will construct non-interactive zero-knowledge proofs with additional advanced security properties. We will base our constructions on as sound security assumptions as possible. We will extend their range of applicability to more and different settings than are currently known how to handle. In addition to these improvements, we will also demonstrate the advances made by giving concrete applications.
Organisations
People |
ORCID iD |
| Jens Groth (Principal Investigator) |
Publications
Abe M
(2011)
Advances in Cryptology - ASIACRYPT 2011
Abe M
(2011)
Advances in Cryptology - CRYPTO 2011
Bayer S
(2012)
Advances in Cryptology - EUROCRYPT 2012
Escala A
(2014)
Public-Key Cryptography - PKC 2014
Gentry C
(2014)
Using Fully Homomorphic Hybrid Encryption to Minimize Non-interative Zero-Knowledge Proofs
in Journal of Cryptology
Groth J
(2010)
Advances in Cryptology - ASIACRYPT 2010
Groth J
(2012)
Efficient Noninteractive Proof Systems for Bilinear Groups
in SIAM Journal on Computing
Groth J
(2013)
Cryptography in the Multi-string Model
in Journal of Cryptology
| Description | Non-interactive zero-knowledge proofs make it possible to prove a statement is true without revealing any other information. Non-interactive zero-knowledge proofs are used as a fundamental building block in numerous cryptographic systems because they make it possible to verify correctness, for instance that a participant knows a certain secret or that the participant is following the protocol correctly, without revealing any private information. We have developed a number of new techniques for non-interactive zero-knowledge proofs that give increased efficiency, increased security and open up for new applications. We have invented the first non-interactive zero-knowledge argument based on sound security foundations, which is smaller than the statement itself. By drastically decreasing communication we both get an immediate efficiency gain and follow-up research in the cryptographic community have also found several new applications of non-interactive zero-knowledge arguments that are only possible because of the small communication. We have obtained significant efficiency improvements in non-interactive zero-knowledge proofs based on the so-called hidden random bits technique. We did this by being the first to incorporate probabilistically checkable proofs, where only a few bits need to be checked to get high assurance of correctness, into non-interactive zero-knowledge proofs. We have in a series of works introduced the notion of structure-preserving pairing-based cryptography. Part of the motivation for these works is that structure-preservation makes it easy to use them in connection with pairing-based non-interactive zero-knowledge proofs. More precisely, non-interactive zero-knowledge proofs can serve as a glue to put several structure-preserving protocols together when building more advanced systems. We have improved the efficiency of public-coin zero-knowledge arguments, which can be made non-interactive using the so-called Fiat-Shamir heuristic, for concrete applications including range proofs and verifiable shuffles. The latter can be used in internet voting systems and has attracted significant interest. |
| Exploitation Route | The work we have done on zero-knowledge arguments for shuffles can be applied in voting protocols. We have provided the source code to developers on the Zeus voting project. Our work on short pairing based non-interactive zero-knowledge arguments make it possible to convince somebody of the truth of a statement with very little communication. This can for instance be used in verifiable computation where a client outsources computation to a powerful server or cluster to verify that the result of the computation is correct. The ideas we developed are now central in many prototype systems for verifiable computation including one developed by researchers at IBM and Microsoft. |
| Sectors | Digital/Communication/Information Technologies (including Software),Government, Democracy and Justice |
| Description | The work we have done on zero-knowledge arguments for shuffles has applications in voting protocols. We have released the software to developers on the Zeus voting project. The protocols have also been implemented by Scytl, a company specializing in voting technology. Our work on short pairing-based NIZK arguments has spawned a lot of follow-up work, which is now used by a cryptocurrency company ZCash. |
| First Year Of Impact | 2014 |
| Sector | Digital/Communication/Information Technologies (including Software),Financial Services, and Management Consultancy |
| Impact Types | Economic |
| Description | European Research Council |
| Amount | £1,080,783 (GBP) |
| Funding ID | ERC Starting Grant - ECAP |
| Organisation | European Research Council (ERC) |
| Sector | Public |
| Country | Belgium |
| Start | 10/2012 |
| End | 09/2017 |