Presentation on theme: "Efficient Non-Interactive Zero Knowledge Arguments for Set Operations Prastudy Fauzi, Helger Lipmaa, Bingsheng Zhang University of Tartu, University of."— Presentation transcript:
Efficient Non-Interactive Zero Knowledge Arguments for Set Operations Prastudy Fauzi, Helger Lipmaa, Bingsheng Zhang University of Tartu, University of Tartu, University of Athens,
Cryptographic Building Block: Pairings ›Bilinear operation –e(f1+f2,f3) = e(f1,f3) + e(f2,f3) –e(f1,f2+f3) = e(f1,f2) + e(f1,f3) ›With Hardness Assumptions –Given e(f1,f2), it is hard to compute f1 –…–… ›Much wow
Commitments We use a concrete succinct commitment scheme from 2013
Multiset Commitment Too costly!
Main Idea iff Commitments are randomized Proof = a crib E that compensates for randomness Enables to perform verification on commitments
Additional Obstacles ›Soundness: –We use knowledge assumptions ›Guarantee that prover knows committed values –Common in succinct NIZK construction –[Gentry Wichs 2011]: also necessary ›Zero Knowledge: –Simulator needs to create proof for given commitments ›Not created by simulator –We let prover to create new random commitments for all sets ›Add a NIZK proof of correctness –Simulator creates fake commitments ›Uses trapdoor to simulate