Resumable zero-knowledge for circuits from symmetric key primitives
Consider the scenario that the prover and the verifier perform the zero-knowledge (ZK) proof protocol for the same statement multiple times sequentially, where each proof is modeled as a session. We focus on the problem of how to resume a ZK proof efficiently in such scenario. We introduce a new pri...
Saved in:
| Main Authors: | , , , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2022
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/9202 https://ink.library.smu.edu.sg/context/sis_research/article/10207/viewcontent/resumable_zero.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-10207 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-102072024-08-13T05:08:58Z Resumable zero-knowledge for circuits from symmetric key primitives ZHANG, Handong WEI, Puwen XUE, Haiyang DENG, Yi LI, Jinsong WANG, Wei LIU, Guoxiao Consider the scenario that the prover and the verifier perform the zero-knowledge (ZK) proof protocol for the same statement multiple times sequentially, where each proof is modeled as a session. We focus on the problem of how to resume a ZK proof efficiently in such scenario. We introduce a new primitive called resumable honest verifier zero-knowledge proof of knowledge (resumable HVZKPoK) and propose a general construction of the resumable HVZKPoK for circuits based on the “MPC-in-the-head" paradigm, where the complexity of the resumed session is less than that of the original ZK proofs. To ensure the knowledge soundness for the resumed session, we identify a property called extractable decomposition. Interestingly, most block ciphers satisfy this property and the cost of resuming session can be reduced dramatically when the underlying circuits are implemented with block ciphers. As a direct application of our resumable HVZKPoK, we construct a post quantum secure stateful signature scheme, which makes Picnic3 suitable for blockchain protocol. Using the same parameter setting of Picnic3, the sign/verify time of our subsequent signatures can be reduced to 3.1%/3.3% of Picnic3 and the corresponding signature size can be reduced to 36%. Moreover, by applying a parallel version of our method to the well known Cramer, Damgård and Schoenmakers (CDS) transformation, we get a compressed one-out-of-N proof for circuits, which can be further used to construct a ring signature from symmetric key primitives only. When the ring size is less than 24, the size of our ring signature scheme is only about 1/3 of Katz et al.’s construction. 2022-08-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/9202 info:doi/10.1007/978-3-031-22301-3_19 https://ink.library.smu.edu.sg/context/sis_research/article/10207/viewcontent/resumable_zero.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Resumable Honest verifier zero-knowledge MPC-in-the-head Stateful signature Ring signature Blockchain Information Security |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Resumable Honest verifier zero-knowledge MPC-in-the-head Stateful signature Ring signature Blockchain Information Security |
| spellingShingle |
Resumable Honest verifier zero-knowledge MPC-in-the-head Stateful signature Ring signature Blockchain Information Security ZHANG, Handong WEI, Puwen XUE, Haiyang DENG, Yi LI, Jinsong WANG, Wei LIU, Guoxiao Resumable zero-knowledge for circuits from symmetric key primitives |
| description |
Consider the scenario that the prover and the verifier perform the zero-knowledge (ZK) proof protocol for the same statement multiple times sequentially, where each proof is modeled as a session. We focus on the problem of how to resume a ZK proof efficiently in such scenario. We introduce a new primitive called resumable honest verifier zero-knowledge proof of knowledge (resumable HVZKPoK) and propose a general construction of the resumable HVZKPoK for circuits based on the “MPC-in-the-head" paradigm, where the complexity of the resumed session is less than that of the original ZK proofs. To ensure the knowledge soundness for the resumed session, we identify a property called extractable decomposition. Interestingly, most block ciphers satisfy this property and the cost of resuming session can be reduced dramatically when the underlying circuits are implemented with block ciphers. As a direct application of our resumable HVZKPoK, we construct a post quantum secure stateful signature scheme, which makes Picnic3 suitable for blockchain protocol. Using the same parameter setting of Picnic3, the sign/verify time of our subsequent signatures can be reduced to 3.1%/3.3% of Picnic3 and the corresponding signature size can be reduced to 36%. Moreover, by applying a parallel version of our method to the well known Cramer, Damgård and Schoenmakers (CDS) transformation, we get a compressed one-out-of-N proof for circuits, which can be further used to construct a ring signature from symmetric key primitives only. When the ring size is less than 24, the size of our ring signature scheme is only about 1/3 of Katz et al.’s construction. |
| format |
text |
| author |
ZHANG, Handong WEI, Puwen XUE, Haiyang DENG, Yi LI, Jinsong WANG, Wei LIU, Guoxiao |
| author_facet |
ZHANG, Handong WEI, Puwen XUE, Haiyang DENG, Yi LI, Jinsong WANG, Wei LIU, Guoxiao |
| author_sort |
ZHANG, Handong |
| title |
Resumable zero-knowledge for circuits from symmetric key primitives |
| title_short |
Resumable zero-knowledge for circuits from symmetric key primitives |
| title_full |
Resumable zero-knowledge for circuits from symmetric key primitives |
| title_fullStr |
Resumable zero-knowledge for circuits from symmetric key primitives |
| title_full_unstemmed |
Resumable zero-knowledge for circuits from symmetric key primitives |
| title_sort |
resumable zero-knowledge for circuits from symmetric key primitives |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2022 |
| url |
https://ink.library.smu.edu.sg/sis_research/9202 https://ink.library.smu.edu.sg/context/sis_research/article/10207/viewcontent/resumable_zero.pdf |
| _version_ |
1814047789753040896 |