TCC 2019: Theory of Cryptography pp 356-385

# Fully Homomorphic NIZK and NIWI Proofs

• Prabhanjan Ananth
• Apoorvaa Deshpande
• Yael Tauman Kalai
• Anna Lysyanskaya
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11892)

## Abstract

In this work, we define and construct fully homomorphic non-interactive zero knowledge (FH-NIZK) and non-interactive witness-indistinguishable (FH-NIWI) proof systems.

We focus on the NP complete language L, where, for a boolean circuit C and a bit b, the pair $$(C,b)\in L$$ if there exists an input $$\mathbf {w}$$ such that $$C(\mathbf {w})=b$$. For this language, we call a non-interactive proof system fully homomorphic if, given instances $$(C_i,b_i)\in L$$ along with their proofs $$\varPi _i$$, for $$i\in \{1,\ldots ,k\}$$, and given any circuit $$D:\{0,1\}^k\rightarrow \{0,1\}$$, one can efficiently compute a proof $$\varPi$$ for $$(C^*,b)\in L$$, where $$C^*(\mathbf {w}^{(1)},\ldots ,\mathbf {w}^{(k)})=D(C_1(\mathbf {w}^{(1)}),\ldots ,C_k(\mathbf {w}^{(k)}))$$ and $$D(b_1,\ldots ,b_k)=b$$. The key security property is unlinkability: the resulting proof $$\varPi$$ is indistinguishable from a fresh proof of the same statement.

Our first result, under the Decision Linear Assumption (DLIN), is an FH-NIZK proof system for L in the common random string model. Our more surprising second result (under a new decisional assumption on groups with bilinear maps) is an FH-NIWI proof system that requires no setup.

## Keywords

Homomorphism Non-interactive zero-knowledge Non-interactive Witness Indistinguishability

## References

1. 1.
Acar, T., Nguyen, L.: Homomorphic proofs and applications (2011). https://www.microsoft.com/en-us/research/wp-content/uploads/2011/03/rac.pdf
2. 2.
Agrawal, S., Ganesh, C., Mohassel, P.: Non-interactive zero-knowledge proofs for composite statements. In: IACR Cryptology ePrint Archive (2018)Google Scholar
3. 3.
Ananth, P., Cohen, A., Jain, A.: Cryptography with updates. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10211, pp. 445–472. Springer, Cham (2017).
4. 4.
Ananth, P., Deshpande, A., Kalai, Y.T., Lysyanskaya, A.: Fully homomorphic NIZK and NIWI proofs. IACR Cryptology ePrint Archive 2019/732 (2019). https://eprint.iacr.org/2019/732
5. 5.
Ananth, P., Goyal, V., Pandey, O.: Interactive proofs under continual memory leakage. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8617, pp. 164–182. Springer, Heidelberg (2014).
6. 6.
Barak, B., Ong, S.J., Vadhan, S.P.: Derandomization in cryptography. IACR Cryptology ePrint Archive 2005/365 (2005). http://eprint.iacr.org/2005/365
7. 7.
Belenkiy, M., Camenisch, J., Chase, M., Kohlweiss, M., Lysyanskaya, A., Shacham, H.: Randomizable proofs and delegatable anonymous credentials. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 108–125. Springer, Heidelberg (2009).
8. 8.
Bitansky, N., Canetti, R., Chiesa, A., Tromer, E.: Recursive composition and bootstrapping for snarks and proof-carrying data. In: Proceedings of the Forty-Fifth Annual ACM Symposium on Theory of Computing, pp. 111–120. ACM (2013)Google Scholar
9. 9.
Blum, M., De Santis, A., Micali, S., Persiano, G.: Non-interactive zero-knowledge. SIAM J. Comput. 20(6), 1084–1118 (1991)
10. 10.
Boneh, D., Freeman, D.M.: Homomorphic signatures for polynomial functions. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 149–168. Springer, Heidelberg (2011).
11. 11.
Boyle, E., Couteau, G., Gilboa, N., Ishai, Y., Orrù, M.: Homomorphic secret sharing: optimizations and applications. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 2105–2122. ACM (2017)Google Scholar
12. 12.
Boyle, E., Gilboa, N., Ishai, Y., Lin, H., Tessaro, S.: Foundations of homomorphic secret sharing. In: LIPIcs-Leibniz International Proceedings in Informatics, vol. 94. Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik (2018)Google Scholar
13. 13.
Brakerski, Z., Vaikuntanathan, V.: Efficient fully homomorphic encryption from (standard) LWE. SIAM J. Comput. 43(2), 831–871 (2014)
14. 14.
Chase, M., Kohlweiss, M., Lysyanskaya, A., Meiklejohn, S.: Malleable proof systems and applications. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 281–300. Springer, Heidelberg (2012).
15. 15.
Chase, M., Kohlweiss, M., Lysyanskaya, A., Meiklejohn, S.: Malleable signatures: complex unary transformations and delegatable anonymous credentials (2013). http://eprint.iacr.org/2013/179
16. 16.
Chase, M., Kohlweiss, M., Lysyanskaya, A., Meiklejohn, S.: Succinct malleable NIZKs and an application to compact shuffles. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 100–119. Springer, Heidelberg (2013).
17. 17.
Dwork, C., Naor, M.: Zaps and their applications. In: 2000 41st Annual Symposium on Foundations of Computer Science, Proceedings, pp. 283–293. IEEE (2000)Google Scholar
18. 18.
Gentry, C.: A fully homomorphic encryption scheme. Ph.D. thesis. International Journal of Distributed Sensor Networks, Stanford University (2009)Google Scholar
19. 19.
Goldreich, O.: Foundations of Cryptography: Basic Tools. Cambridge University Press, New York (2000)
20. 20.
Gorbunov, S., Vaikuntanathan, V., Wichs, D.: Leveled fully homomorphic signatures from standard lattices. In: Proceedings of the Forty-seventh Annual ACM Symposium on Theory of Computing, pp. 469–477. ACM (2015)Google Scholar
21. 21.
Groth, J., Ostrovsky, R., Sahai, A.: Non-interactive Zaps and New Techniques for NIZK. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 97–111. Springer, Heidelberg (2006).
22. 22.
Kim, S., Wu, D.J.: Multi-theorem preprocessing NIZKs from lattices. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 733–765. Springer, Cham (2018).
23. 23.
Micali, S.: Computationally sound proofs. SIAM J. Comput. 30(4), 1253–1298 (2000)
24. 24.
Naveh, A., Tromer, E.: PhotoProof: cryptographic image authentication for any set of permissible transformations. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 255–271. IEEE (2016)Google Scholar
25. 25.
Rivest, R.L., Adleman, L., Dertouzos, M.L.: On data banks and privacy homomorphisms. Found. Secure Comput. 4(11), 169–180 (1978)
26. 26.
Valiant, P.: Incrementally verifiable computation or proofs of knowledge imply time/space efficiency. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 1–18. Springer, Heidelberg (2008).

© International Association for Cryptologic Research 2019

## Authors and Affiliations

• Prabhanjan Ananth
• 1
Email author
• Apoorvaa Deshpande
• 2
• Yael Tauman Kalai
• 3
• Anna Lysyanskaya
• 2
1. 1.UCSBSanta BarbaraUSA
2. 2.Brown UniversityProvidenceUSA
3. 3.MIT and Microsoft ResearchCambridgeUSA