Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright (c) 2012 NTT Secure Platform Labs. Group to Group Commitments Do Not Shrink Masayuki ABE Kristiyan Haralambiev Miyako Ohkubo 1.

Published byErik Harrison Modified over 8 years ago

Similar presentations

Presentation on theme: "Copyright (c) 2012 NTT Secure Platform Labs. Group to Group Commitments Do Not Shrink Masayuki ABE Kristiyan Haralambiev Miyako Ohkubo 1."— Presentation transcript:

1 Copyright (c) 2012 NTT Secure Platform Labs. Group to Group Commitments Do Not Shrink Masayuki ABE Kristiyan Haralambiev Miyako Ohkubo 1

2 Copyright (c) 2012 NTT Secure Platform Labs. Contents Introduction for Structure-Preserving Schemes – Motivation – State of the Art Structure-Preserving Commitments (SPC) – Lower Bounds size(commitment) >= size(message) #(verification equations) >= 2 in Type-I groups – Upper Bounds constructions with optimal expansion factor 2/32

3 Copyright (c) 2012 NTT Secure Platform Labs. Combination of Building Blocks – Encryption, Signatures, Commitments, etc.. Zero-knowledge Proof System ex) Proving possession of a valid signature without showing it. Extra Requirements – Non-interactive, Proof of knowledge Modular Protocol Design

4 Copyright (c) 2012 NTT Secure Platform Labs. NIZK in Theory Translate “Verify” function into a circuit. Then prove the correctness of I/O at every gate by NIZK. Very powerful tool. But not practical.

5 Copyright (c) 2012 NTT Secure Platform Labs. Practical NIZK Groth-Sahai Proof System [GS08] – Currently the only practical Non-Interactive Proof system. – Works on bilinear groups. – A Witness Indistinguishable Proof System (NIWI) for quadratic relations among witnesses. – A Proof of Knowledge for relations represented by pairing product equations. (see next page)

6 Copyright (c) 2012 NTT Secure Platform Labs. Pairing Product Equation Bilinear Groups Z=1 for ZK witnesses must be base group elements for PoK

7 Copyright (c) 2012 NTT Secure Platform Labs. Structure-Preserving Schemes Cryptographic schemes such as signatures, encryption, commitments, etc... – constructed over bilinear groups, and – public objects such as public-keys, messages, signatures, commitments, de-commitments, ciphertexts, and etc., are group elements, and – relevant verifications such as signature verification, correct decryption, correct decommitment, evaluate pairing product equations. 7/32

8 Copyright (c) 2012 NTT Secure Platform Labs. Structure-Preserving Schemes Proof System – NIWI: [GS08] – GS with Extra Properties: [BCCKLS09,Fuc11,CKLM12] Signature Schemes – Constructions: [Gro06, GH08, CLY09, AFGHO10, AHO10, AGHO11, CK11] – Bounds: [AGHO11, AGH11] CCA2 Public-Key Encryption – [CKH11] Commitment Schemes – Constructions: [Gro09, CLY09, AFGHO10, AHO10] 8/32

9 Copyright (c) 2012 NTT Secure Platform Labs. STRUCTURE-PRESERVING COMMITMENTS (SPC) 9/32

10 Copyright (c) 2012 NTT Secure Platform Labs. Syntax 10/32 evaluates pairing product equations from the base group ( Strict-SPC ) vector of group elements

11 Copyright (c) 2012 NTT Secure Platform Labs. SPC in the Literature 11/32 Question: Can Strict-SPC be shrinking? Question: Can Strict-SPC be shrinking?

12 Copyright (c) 2012 NTT Secure Platform Labs. Impossibility Result (1) 12/32 The theorem holds for type-III groups as well.

13 Copyright (c) 2012 NTT Secure Platform Labs. Algebraic Algorithm 13/32

14 Copyright (c) 2012 NTT Secure Platform Labs. Alg.Alg. is not KEA Algebraic Algorithms – Class of Reduction / Construction – Often used for showing separation – Considered as “not overly restrictive” – Positive consequence if avoided Knowledge of Exponent Assumption – Assumption on adversaries – Often used in security proofs for specific constructions – Often criticized as too strong since it is not falsifiable – Negative impact if not hold 14/32

15 Copyright (c) 2012 NTT Secure Platform Labs. Proof Intuition (1/3) 15/32

16 Copyright (c) 2012 NTT Secure Platform Labs. Proof Intuition (2/3) 16/32

17 Copyright (c) 2012 NTT Secure Platform Labs. Proof Intuition (3/3) 17/32

18 Copyright (c) 2012 NTT Secure Platform Labs. Impossibility Result (2) 18/32

19 Copyright (c) 2012 NTT Secure Platform Labs. OPTIMAL CONSTRUCTIONS 19/32

20 Copyright (c) 2012 NTT Secure Platform Labs. Two New Strict-SPCs 20/32 All schemes are homomorphic and trapdoor as well as previous schemes.

21 Copyright (c) 2012 NTT Secure Platform Labs. Scheme 1 in Type-III Groups 21/32

22 Copyright (c) 2012 NTT Secure Platform Labs. Security 22/32 DBP is implied by SXDH.

23 Copyright (c) 2012 NTT Secure Platform Labs. Summary Upper and Lower Bounds for Strict-SPC – Strict-SPC does not shrink! – Bounds w.r.t. commitment size match each other except for small additive terms. Open Issues – Get rid of the additive terms, or show its impossibility. – Do non-algebraic constructions help to get around the lower bound? 23/32

24 Copyright (c) 2012 NTT Secure Platform Labs. Reduction 24/32

25 Copyright (c) 2012 NTT Secure Platform Labs. Scheme 1 in Type-III Groups 25/32

26 Copyright (c) 2012 NTT Secure Platform Labs. Scheme 1 (Cont’d) 26/32

27 Copyright (c) 2012 NTT Secure Platform Labs. Bilinear Groups

Download ppt "Copyright (c) 2012 NTT Secure Platform Labs. Group to Group Commitments Do Not Shrink Masayuki ABE Kristiyan Haralambiev Miyako Ohkubo 1."

Similar presentations

Perfect Non-interactive Zero-Knowledge for NP

Perfect Non-interactive Zero-Knowledge for NP
Short Pairing-based Non-interactive Zero-Knowledge Arguments Jens Groth University College London TexPoint fonts used in EMF. Read the TexPoint manual.

Short Pairing-based Non-interactive Zero-Knowledge Arguments Jens Groth University College London TexPoint fonts used in EMF. Read the TexPoint manual.
Simulation-sound NIZK Proofs for a Practical Language and Constant Size Group Signatures Jens Groth University of California Los Angeles Presenter: Eike.

Simulation-sound NIZK Proofs for a Practical Language and Constant Size Group Signatures Jens Groth University of California Los Angeles Presenter: Eike.
On the (Im)Possibility of Arthur-Merlin Witness Hiding Protocols Iftach Haitner, Alon Rosen and Ronen Shaltiel 1.

On the (Im)Possibility of Arthur-Merlin Witness Hiding Protocols Iftach Haitner, Alon Rosen and Ronen Shaltiel 1.
Efficient Non-interactive Proof Systems for Bilinear Groups Jens Groth University College London Amit Sahai University of California Los Angeles TexPoint.

Efficient Non-interactive Proof Systems for Bilinear Groups Jens Groth University College London Amit Sahai University of California Los Angeles TexPoint.
Spreading Alerts Quietly and the Subgroup Escape Problem Aleksandr Yampolskiy (Yale) Joint work with James Aspnes, Zoë Diamadi, Kristian Gjøsteen, and.

Spreading Alerts Quietly and the Subgroup Escape Problem Aleksandr Yampolskiy (Yale) Joint work with James Aspnes, Zoë Diamadi, Kristian Gjøsteen, and.
Efficient Non-Interactive Zero Knowledge Arguments for Set Operations Prastudy Fauzi, Helger Lipmaa, Bingsheng Zhang University of Tartu, University of.

Efficient Non-Interactive Zero Knowledge Arguments for Set Operations Prastudy Fauzi, Helger Lipmaa, Bingsheng Zhang University of Tartu, University of.
Vote privacy: models and cryptographic underpinnings Bogdan Warinschi University of Bristol 1.

Vote privacy: models and cryptographic underpinnings Bogdan Warinschi University of Bristol 1.
Efficient Zero-Knowledge Proof Systems Jens Groth University College London.

Efficient Zero-Knowledge Proof Systems Jens Groth University College London.
New Results on PA/CCA Encryption Carmine Ventre and Ivan Visconti Università di Salerno.

New Results on PA/CCA Encryption Carmine Ventre and Ivan Visconti Università di Salerno.
1 Identity-Based Zero-Knowledge Jonathan Katz Rafail Ostrovsky Michael Rabin U. Maryland U.C.L.A. Harvard U.

1 Identity-Based Zero-Knowledge Jonathan Katz Rafail Ostrovsky Michael Rabin U. Maryland U.C.L.A. Harvard U.
REDUCTION-RESILIENT CRYPTOGRAPHY: PRIMITIVES THAT RESIST REDUCTIONS FROM ALL STANDARD ASSUMPTIONS Daniel Wichs (Charles River Crypto Day ‘12)

REDUCTION-RESILIENT CRYPTOGRAPHY: PRIMITIVES THAT RESIST REDUCTIONS FROM ALL STANDARD ASSUMPTIONS Daniel Wichs (Charles River Crypto Day ‘12)
Hybrid Signcryption with Insider Security Alexander W. Dent.

Hybrid Signcryption with Insider Security Alexander W. Dent.
Yevgeniy Dodis, Kristiyan Haralambiev, Adriana López-Alt, Daniel Wichs New York University Efficient Public-Key Cryptography in the Presence of Leakage.

Yevgeniy Dodis, Kristiyan Haralambiev, Adriana López-Alt, Daniel Wichs New York University Efficient Public-Key Cryptography in the Presence of Leakage.
Nir Bitansky, Ran Canetti, Omer Paneth, Alon Rosen.

Nir Bitansky, Ran Canetti, Omer Paneth, Alon Rosen.
Efficient Zero-Knowledge Proof Systems Jens Groth University College London FOSAD 2014.

Efficient Zero-Knowledge Proof Systems Jens Groth University College London FOSAD 2014.
Optimal Structure-Preserving Signatures in Asymmetric Bilinear Groups Masayuki Abe, NTT Jens Groth, University College London Kristiyan Haralambiev, NYU.

Optimal Structure-Preserving Signatures in Asymmetric Bilinear Groups Masayuki Abe, NTT Jens Groth, University College London Kristiyan Haralambiev, NYU.
Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.

Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.
01101100101001001010011001011110010110101000101010010010110010100010100101010101010001101001010101001000101001011110011110100110 100100101010100010101010100101010101010010100101010101010010100111001001001000101000001010110000100101000100111101001010100101

Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from

Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from

Similar presentations

Ads by Google