Proof of Plaintext Knowledge for the Ajtai-Dwork Cryptosystem

  • Shafi Goldwasser
  • Dmitriy Kharchenko
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3378)


Ajtai and Dwork proposed a public-key encryption scheme in 1996 which they proved secure under the assumption that the unique shortest vector problem is hard in the worst case. This cryptosystem and its extension by Regev are the only one known for which security can be proved under a worst case assumption, and as such present a particularly interesting case to study.

In this paper, we show statistical zero-knowledge protocols for statements of the form “plaintext m corresponds to ciphertext c” and “ciphertext c and c’ decrypt to the same value” for the Ajtai-Dwork cryptosystem. We then show a interactive zero-knowledge proof of plaintext knowledge (PPK) for the Ajtai-Dwork cryptosystem, based directly on the security of the cryptosystem rather than resorting to general interactive zero-knowledge constructions. The witness for these proofs is the randomness used in the encryption.


Lattices Verifiable Encryption Ajtai-Dwork Cryptosystem Worst Case Complexity Assumption Proof of Plaintext Knowledge 


  1. 1.
    Ajtai, M., Dwork, C.: A Public-Key Cryptosystem with Worst-Case/Average-Case Equivalence. In: ECCC, TR96-065 (December 1996)Google Scholar
  2. 2.
    Asokan, N., Shoup, V., Waidner, M.: Optimistic Fair Exchange of Digital Signatures. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 591–606. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Yung, M.: Certifying Permutations: Noninteractive Zero-Knowledge Based on Any Trapdoor Permutation. J. Cryptology 9(3), 149–166 (1996)zbMATHCrossRefMathSciNetGoogle Scholar
  4. 4.
    Camenisch, J.L., Damgård, I.B.: Verifiable encryption, group encryption, and their applications to separable group signatures and signature sharing schemes. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 331–345. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  5. 5.
    Camenisch, J.L., Shoup, V.: Practical verifiable encryption and decryption of discrete logarithms. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 126–144. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  6. 6.
    Cramer, R., Shoup, V.: A Practical Public Key Cryptosystem Provably Secure against Adaptive Chosen Ciphertext Attack (1998)Google Scholar
  7. 7.
    Cramer, R., Shoup, V.: Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, p. 45. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Dolev, D., Dwork, C., Naor, M.: Nonmalleable Cryptography. SIAM J. Comput. 30(2), 391–437 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    Diffie, W., Hellman, M.E.: New Directions in Cryptography. IEEE Transactions on Information Theory (1976)Google Scholar
  10. 10.
    El Gamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10–18. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  11. 11.
    Feige, U., Lapidot, D., Shamir, A.: Multiple NonInteractive Zero Knowledge Proofs Under General Assumptions. SIAM J. Comput. 29(1), 1–28 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    Feige, U., Fiat, A., Shamir, A.: Zero Knowledge Proofs of Identity. Journal of Cryptology 1(2), 77–94 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    Galil, Z., Haber, S., Yung, M.: Symmetric public-key encryption. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 128–137. Springer, Heidelberg (1986)Google Scholar
  14. 14.
    Goldreich, O., Goldwasser, S.: On the Limits of Nonapproximability of Lattice Problems. JCSS 60(3), 540–563 (2000)zbMATHMathSciNetGoogle Scholar
  15. 15.
    Goldreich, O., Goldwasser, S., Halevi, S.: Eliminating decryption errors in the ajtai-dwork cryptosystem. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 105–111. Springer, Heidelberg (1997)Google Scholar
  16. 16.
    Goldreich, O.: Foundations of Cryptography: Basic Tools. Cambridge University Press, Cambridge (2001)zbMATHCrossRefGoogle Scholar
  17. 17.
    Goldreich, O., Micali, S., Wigderon, A.: Proofs that Yield Nothing but their Validity or NP in Zero Knowledge. JACM (1991)Google Scholar
  18. 18.
    Halevi, S., Micali, S.: More on Proofs of Knowledge. LCS Document Number: MIT-LCS-TM-578Google Scholar
  19. 19.
    Hall, C., Goldberg, I., Schneier, B.: Reaction attacks against several public-key cryptosystem. In: Varadharajan, V., Mu, Y. (eds.) ICICS 1999. LNCS, vol. 1726, pp. 2–12. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  20. 20.
    Katz, J.: Efficient and Non-Malleable Proofs of Plaintext Knowledge and Applications. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656. Springer, Heidelberg (2003)Google Scholar
  21. 21.
    Micciancio, D., Vadhan, S.P.: Statistical zero-knowledge proofs with efficient provers: Lattice problems and more. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 282–298. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  22. 22.
    Naor, M., Yung, M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: Proceedings of the twenty-second annual ACM symposium on Theory of computing, Baltimore, Maryland, United States, May 13-17, pp. 427–437 (1990)Google Scholar
  23. 23.
    Nguyen, P., Stern, J.: Cryptanalysis of the ajtai-dwork cryptosystem. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 223–242. Springer, Heidelberg (1998)Google Scholar
  24. 24.
    Regev, O.: New Lattice Based Cryptographic Constructions. In: STOC 2003 (2003)Google Scholar
  25. 25.
    Rivest, R.L., Shamir, A., Adleman, L.: Public key cryptography. CACM 21, 120–126 (1978)zbMATHMathSciNetGoogle Scholar
  26. 26.
    Stadler, M.A.: Publicly verifiable secret sharing. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 190–199. Springer, Heidelberg (1996)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Shafi Goldwasser
    • 1
    • 2
  • Dmitriy Kharchenko
    • 2
  1. 1.CSAILMassachusetts Institute of TechnologyCambridgeUSA
  2. 2.Department of Computer Science and Applied MathematicsWeizmann Institute of ScienceRehovotIsrael

Personalised recommendations