Skip to main content

2025 | OriginalPaper | Buchkapitel

Monotone Policy BARGs from BARGs and Additively Homomorphic Encryption

verfasst von : Shafik Nassar, Brent Waters, David J. Wu

Erschienen in: Theory of Cryptography

Verlag: Springer Nature Switzerland

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

A monotone policy batch \(\textsf{NP} \) language \(\mathcal {L}_{\mathcal {R}, P}\) is parameterized by a monotone policy \(P :\{0,1\}^k \rightarrow \{0,1\}\) and an \(\textsf{NP} \) relation \(\mathcal {R}\). A statement \((x_1, \ldots , x_k)\) is a yes instance if there exists \(w_1, \ldots , w_k\) where \(P(\mathcal {R}(x_1, w_1), \ldots , \mathcal {R}(x_k, w_k)) = 1\). For example, we might say that an instance \((x_1, \ldots , x_k)\) is a yes instance if a majority of the statements are true. A monotone policy batch argument (BARG) for \(\textsf{NP} \) allows a prover to prove that \((x_1, \ldots , x_k) \in \mathcal {L}_{\mathcal {R}, P}\) with a proof of size \(\textsf{poly}(\lambda , |\mathcal {R}|, \log k)\), where \(\lambda \) is the security parameter, \(|\mathcal {R}|\) is the size of the Boolean circuit that computes \(\mathcal {R}\), and k is the number of instances. Recently, Brakerski, Brodsky, Kalai, Lombardi, and Paneth (CRYPTO 2023) gave the first monotone policy BARG for \(\textsf{NP} \) from the learning with errors (LWE) assumption.
In this work, we describe a generic approach for constructing monotone policy BARGs from any BARG for \(\textsf{NP} \) together with an additively homomorphic encryption scheme. This yields the first constructions of monotone policy BARGs from the k-\(\textsf{Lin}\) assumption in prime-order pairing groups as well as the (subexponential) DDH assumption in pairing-free groups. Central to our construction is a notion of a zero-fixing hash function, which is a relaxed version of a predicate-extractable hash function from the work of Brakerski et al. Our relaxation enables a direct realization of zero-fixing hash functions from BARGs for \(\textsf{NP} \) and additively homomorphic encryption, whereas the previous notion relied on leveled homomorphic encryption, and by extension, the LWE assumption.
As an application, we also show how to combine a monotone policy BARG with a puncturable signature scheme to obtain a monotone policy aggregate signature scheme. Our work yields the first (statically-secure) monotone policy aggregate signatures that supports general monotone Boolean circuits from standard pairing-based assumptions. Previously, this was only known from LWE.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Fußnoten
1
This is conceptually similar to the notion of function-binding hash functions introduced concurrently in [FWW23].
 
2
With a suitable strengthening of the notion of predicate-extractable hash functions, the authors of [BBK+23] also show how to obtain a somewhere extractable monotone policy BARG. In this work, we focus on achieving the core notion of non-adaptive soundness.
 
3
This step is straightforward if we had a predicate-extractable hash function where the extractor outputs a mismatching index. Namely, if the upper layer digest is \(\textsf{NotMatching}\), then the extractor outputs an index \(j \in J_{i + 1}\) that is mismatching (i.e., cannot be opened to a 0). This means the efficient adversary can only open wire j to the value 1. Now, if the BARG is extracting on the statement associated with wire j, then we either (1) obtain the opening of some index \(j' \in J_{i}\) to a 1, which breaks security of the hash function (since the lower layer digest is \(\textsf{Matching}\)); or (2) the value of wire j is inconsistent with the input wires associated with the gate computing wire j, which breaks security of the BARG.
 
4
This type of property where the output of the extractor does not change for different choices of the CRS is often referred to as a “no-signaling” extraction property [PR17, KPY19, GZ21, KVZ21, CJJ21b].
 
5
Otherwise, an honest digest on the input that is 1 at index i (and 0 everywhere else) would be declared \(\textsf{Matching}\) if the hash key was zero-fixing on a set S that contains i and \(\textsf{NotMatching}\) if the hash key was zero-fixing on the set \(S \setminus \left\{ i \right\} \).
 
6
In the static security model, we require that the adversary declare the set of corrupted verification keys, its challenge message, and the aggregation policy at the beginning of the security game.
 
7
Recall that when the bound on the extraction set parameter \(\ell \) is not given, it defaults to the value 1.
 
Literatur
[BBK+23]
Zurück zum Zitat Brakerski, Z., Brodsky, M.F., Kalai, Y.T., Lombardi, A., Paneth, O.: SNARGs for monotone policy batch NP. In: CRYPTO, pp. 252–283 (2023) Brakerski, Z., Brodsky, M.F., Kalai, Y.T., Lombardi, A., Paneth, O.: SNARGs for monotone policy batch NP. In: CRYPTO, pp. 252–283 (2023)
[BKP22]
Zurück zum Zitat Ben-David, S., Kalai, Y.T., Paneth, O.: Verifiable private information retrieval. In: TCC, pp. 3–32 (2022) Ben-David, S., Kalai, Y.T., Paneth, O.: Verifiable private information retrieval. In: TCC, pp. 3–32 (2022)
[CF13]
Zurück zum Zitat Catalano, D., Fiore, D.: Vector commitments and their applications. In: PKC, pp. 55–72 (2013) Catalano, D., Fiore, D.: Vector commitments and their applications. In: PKC, pp. 55–72 (2013)
[CGJ+23]
Zurück zum Zitat Choudhuri, A.R., Garg, S., Jain, A., Jin, Z., Zhang, J.: Correlation intractability and SNARGs from sub-exponential DDH. In: CRYPTO, pp. 635–668 (2023) Choudhuri, A.R., Garg, S., Jain, A., Jin, Z., Zhang, J.: Correlation intractability and SNARGs from sub-exponential DDH. In: CRYPTO, pp. 635–668 (2023)
[CJJ21a]
Zurück zum Zitat Choudhuri, A.R., Jain, A., Jin, Z.: Non-interactive batch arguments for NP from standard assumptions. In: CRYPTO, pp. 394–423 (2021) Choudhuri, A.R., Jain, A., Jin, Z.: Non-interactive batch arguments for NP from standard assumptions. In: CRYPTO, pp. 394–423 (2021)
[CJJ21b]
Zurück zum Zitat Choudhuri, A.R., Jain, A., Jin, Z.: SNARGs for P from LWE. In: FOCS, pp. 68–79 (2021) Choudhuri, A.R., Jain, A., Jin, Z.: SNARGs for P from LWE. In: FOCS, pp. 68–79 (2021)
[DGKV22]
Zurück zum Zitat Devadas, L., Goyal, R., Kalai, Y., Vaikuntanathan, V.: Rate-1 non-interactive arguments for batch-NP and applications. In: FOCS, pp. 1057–1068 (2022) Devadas, L., Goyal, R., Kalai, Y., Vaikuntanathan, V.: Rate-1 non-interactive arguments for batch-NP and applications. In: FOCS, pp. 1057–1068 (2022)
[FWW23]
Zurück zum Zitat Freitag, C., Waters, B., Wu, D.J.: How to use (plain) witness encryption: registered ABE, flexible broadcast, and more. In: CRYPTO, pp. 498–531 (2023) Freitag, C., Waters, B., Wu, D.J.: How to use (plain) witness encryption: registered ABE, flexible broadcast, and more. In: CRYPTO, pp. 498–531 (2023)
[Gam84]
Zurück zum Zitat El Gamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: CRYPTO, pp. 10–18 (1984) El Gamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: CRYPTO, pp. 10–18 (1984)
[GVW19]
Zurück zum Zitat Goyal, R., Vusirikala, S., Waters, B.: Collusion resistant broadcast and trace from positional witness encryption. In: PKC, pp. 3–33 (2019) Goyal, R., Vusirikala, S., Waters, B.: Collusion resistant broadcast and trace from positional witness encryption. In: PKC, pp. 3–33 (2019)
[GZ21]
Zurück zum Zitat González, A., Zacharakis, A.: Succinct publicly verifiable computation. IACR Cryptol. ePrint Arch., p. 353 (2021) González, A., Zacharakis, A.: Succinct publicly verifiable computation. IACR Cryptol. ePrint Arch., p. 353 (2021)
[HJKS22]
Zurück zum Zitat Hulett, J., Jawale, R., Khurana, D., Srinivasan, A.: SNARGs for P from sub-exponential DDH and QR. In: EUROCRYPT, pp. 520–549 (2022) Hulett, J., Jawale, R., Khurana, D., Srinivasan, A.: SNARGs for P from sub-exponential DDH and QR. In: EUROCRYPT, pp. 520–549 (2022)
[HW15]
Zurück zum Zitat Hubacek, P., Wichs, D.: On the communication complexity of secure function evaluation with long output. In: ITCS, pp. 163–172 (2015) Hubacek, P., Wichs, D.: On the communication complexity of secure function evaluation with long output. In: ITCS, pp. 163–172 (2015)
[KLVW23]
Zurück zum Zitat Kalai, Y., Lombardi, A., Vaikuntanathan, V., Wichs, D.: Boosting batch arguments and RAM delegation. In: STOC, pp. 1545–1552 (2023) Kalai, Y., Lombardi, A., Vaikuntanathan, V., Wichs, D.: Boosting batch arguments and RAM delegation. In: STOC, pp. 1545–1552 (2023)
[KPY19]
Zurück zum Zitat Kalai, Y.T., Paneth, O., Yang, L.: How to delegate computations publicly. In: STOC, pp. 1115–1124 (2019) Kalai, Y.T., Paneth, O., Yang, L.: How to delegate computations publicly. In: STOC, pp. 1115–1124 (2019)
[KVZ21]
Zurück zum Zitat Kalai, Y.T., Vaikuntanathan, V., Zhang, R.Y.: Somewhere statistical soundness, post-quantum security, and SNARGs. In: TCC, pp. 330–368 (2021) Kalai, Y.T., Vaikuntanathan, V., Zhang, R.Y.: Somewhere statistical soundness, post-quantum security, and SNARGs. In: TCC, pp. 330–368 (2021)
[NWW23]
Zurück zum Zitat Nassar, S., Waters, B., Wu, D.J.: Monotone policy Bargs from Bargs and additively homomorphic encryption. IACR Cryptol. ePrint Arch. (2023) Nassar, S., Waters, B., Wu, D.J.: Monotone policy Bargs from Bargs and additively homomorphic encryption. IACR Cryptol. ePrint Arch. (2023)
[NY90]
Zurück zum Zitat Naor, M., Yung, M.: 1 Public-key cryptosystems provably secure against chosen ciphertext attacks. In: STOC, pp. 427–437 (1990) Naor, M., Yung, M.: 1 Public-key cryptosystems provably secure against chosen ciphertext attacks. In: STOC, pp. 427–437 (1990)
[Pai99]
Zurück zum Zitat Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: EUROCRYPT, pp. 223–238 (1999) Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: EUROCRYPT, pp. 223–238 (1999)
[PP22]
Zurück zum Zitat Paneth, O., Pass, R.: Incrementally verifiable computation via rate-1 batch arguments. In: FOCS, pp. 1045–1056 (2022) Paneth, O., Pass, R.: Incrementally verifiable computation via rate-1 batch arguments. In: FOCS, pp. 1045–1056 (2022)
[PR17]
Zurück zum Zitat Paneth, O., Rothblum, G.N.: On zero-testable homomorphic encryption and publicly verifiable non-interactive arguments. In: TCC, pp. 283–315 (2017) Paneth, O., Rothblum, G.N.: On zero-testable homomorphic encryption and publicly verifiable non-interactive arguments. In: TCC, pp. 283–315 (2017)
[Reg05]
Zurück zum Zitat Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: STOC, pp. 84–93 (2005) Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: STOC, pp. 84–93 (2005)
[Vad06]
Zurück zum Zitat Vadhan, S.P.: An unconditional study of computational zero knowledge. SIAM J. Comput. 36(4), 1160–1214 (2006)MathSciNetCrossRef Vadhan, S.P.: An unconditional study of computational zero knowledge. SIAM J. Comput. 36(4), 1160–1214 (2006)MathSciNetCrossRef
[WW22]
Zurück zum Zitat Waters, B., Wu, D.J.: Batch arguments for NP and more from standard bilinear group assumptions. In: CRYPTO, pp. 433–463 (2022) Waters, B., Wu, D.J.: Batch arguments for NP and more from standard bilinear group assumptions. In: CRYPTO, pp. 433–463 (2022)
Metadaten
Titel
Monotone Policy BARGs from BARGs and Additively Homomorphic Encryption
verfasst von
Shafik Nassar
Brent Waters
David J. Wu
Copyright-Jahr
2025
DOI
https://doi.org/10.1007/978-3-031-78017-2_14