J.P.Morgan AI Research & AlgoCRYPT CoE, New York, USA takahashi dot akira dot 58s at gmail dot com
Greg Zaverucha
Microsoft Research, Redmond, USA gregz at microsoft dot com
Abstract
Verifiable encryption (VE) is a protocol where one can provide assurance that an encrypted plaintext satisfies certain properties, or relations. It is an important building block in cryptography with many useful applications, such as key escrow, group signatures, optimistic fair exchange, and others. However, the majority of previous VE schemes are restricted to instantiation with specific public-key encryption schemes or relations. In this work, we propose a novel framework that realizes VE protocols using zero-knowledge proof systems based on the MPC-in-the-head paradigm (Ishai et al. STOC 2007). Our generic compiler can turn a large class of zero-knowledge proofs into secure VE protocols for any secure public-key encryption scheme with the undeniability property, a notion that essentially guarantees binding of encryption when used as a commitment scheme. Our framework is versatile: because the circuit proven by the MPC-in-the-head prover is decoupled from a complex encryption function, the work of the prover is focused on proving the encrypted data satisfies the relation, not the proof of plaintext knowledge. Hence, our approach allows for instantiation with various combinations of properties about the encrypted data and encryption functions. We then consider concrete applications, to demonstrate the efficiency of our framework, by first giving a new approach and implementation to verifiably encrypt discrete logarithms in any prime order group more efficiently than was previously known. Then we give the first practical verifiable encryption scheme for AES keys with post-quantum security, along with an implementation and benchmarks.
References
[AHIV17]
Scott Ames, Carmit Hazay, Yuval Ishai, and Muthuramakrishnan Venkitasubramaniam.
Ligero: lightweight sublinear arguments without a trusted setup.
In Bhavani M. Thuraisingham, David Evans, Tal Malkin, and Dongyan Xu, editors, ACM CCS 2017, 2087–2104. October / November 2017. ACM Press.
https://doi.org/10.1145/3133956.3134104.
N. Asokan, Victor Shoup, and Michael Waidner.
Optimistic fair exchange of digital signatures (extended abstract).
In Kaisa Nyberg, editor, EUROCRYPT'98, volume 1403 of LNCS, 591–606. May / June 1998. Springer, Heidelberg.
https://doi.org/10.1007/BFb0054156.
Giuseppe Ateniese.
Efficient verifiable encryption (and fair exchange) of digital signatures.
In Juzar Motiwalla and Gene Tsudik, editors, ACM CCS 99, 138–146. November 1999. ACM Press.
https://doi.org/10.1145/319709.319728.
Benedikt Bünz, Jonathan Bootle, Dan Boneh, Andrew Poelstra, Pieter Wuille, and Greg Maxwell.
Bulletproofs: short proofs for confidential transactions and more.
In 2018 IEEE Symposium on Security and Privacy, 315–334. May 2018. IEEE Computer Society Press.
https://doi.org/10.1109/SP.2018.00020.
Carsten Baum, Cyprien Delpech de Saint Guilhem, Daniel Kales, Emmanuela Orsini, Peter Scholl, and Greg Zaverucha.
Banquet: short and fast signatures from AES.
In Juan Garay, editor, PKC 2021, Part I, volume 12710 of LNCS, 266–297. May 2021. Springer, Heidelberg.
https://doi.org/10.1007/978-3-030-75245-3_11.
Ward Beullens, Samuel Dobson, Shuichi Katsumata, Yi-Fu Lai, and Federico Pintore.
Group signatures and more from isogenies and lattices: generic, simple, and efficient.
In Orr Dunkelman and Stefan Dziembowski, editors, EUROCRYPT 2022, Part II, volume 13276 of LNCS, 95–126. May / June 2022. Springer, Heidelberg.
https://doi.org/10.1007/978-3-031-07085-3_4.
Ward Beullens.
Sigma protocols for MQ, PKP and SIS, and Fishy signature schemes.
In Anne Canteaut and Yuval Ishai, editors, EUROCRYPT 2020, Part III, volume 12107 of LNCS, 183–211. May 2020. Springer, Heidelberg.
https://doi.org/10.1007/978-3-030-45727-3_7.
Rishabh Bhadauria, Zhiyong Fang, Carmit Hazay, Muthuramakrishnan Venkitasubramaniam, Tiancheng Xie, and Yupeng Zhang.
Ligero++: A new optimized sublinear IOP.
In Jay Ligatti, Xinming Ou, Jonathan Katz, and Giovanni Vigna, editors, ACM CCS 2020, 2025–2038. November 2020. ACM Press.
https://doi.org/10.1145/3372297.3417893.
Manuel Blum, Paul Feldman, and Silvio Micali.
Non-interactive zero-knowledge and its applications (extended abstract).
In 20th ACM STOC, 103–112. May 1988. ACM Press.
https://doi.org/10.1145/62212.62222.
Adam Bender, Jonathan Katz, and Ruggero Morselli.
Ring signatures: stronger definitions, and constructions without random oracles.
Journal of Cryptology, 22(1):114–138, January 2009.
https://doi.org/10.1007/s00145-007-9011-9.
Carsten Baum and Ariel Nof.
Concretely-efficient zero-knowledge arguments for arithmetic circuits and their application to lattice-based cryptography.
In Aggelos Kiayias, Markulf Kohlweiss, Petros Wallden, and Vassilis Zikas, editors, PKC 2020, Part I, volume 12110 of LNCS, 495–526. May 2020. Springer, Heidelberg.
https://doi.org/10.1007/978-3-030-45374-9_17.
Mihir Bellare, Haixia Shi, and Chong Zhang.
Foundations of group signatures: the case of dynamic groups.
In Alfred Menezes, editor, CT-RSA 2005, volume 3376 of LNCS, 136–153. February 2005. Springer, Heidelberg.
https://doi.org/10.1007/978-3-540-30574-3_11.
Pyrros Chaidos, Véronique Cortier, Georg Fuchsbauer, and David Galindo.
BeleniosRF: A non-interactive receipt-free electronic voting scheme.
In Edgar R. Weippl, Stefan Katzenbeisser, Christopher Kruegel, Andrew C. Myers, and Shai Halevi, editors, ACM CCS 2016, 1614–1625. October 2016. ACM Press.
https://doi.org/10.1145/2976749.2978337.
Jan Camenisch and Ivan Damgård.
Verifiable encryption, group encryption, and their applications to separable group signatures and signature sharing schemes.
In Tatsuaki Okamoto, editor, ASIACRYPT 2000, volume 1976 of LNCS, 331–345. December 2000. Springer, Heidelberg.
https://doi.org/10.1007/3-540-44448-3_25.
Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, and Greg Zaverucha.
Post-quantum zero-knowledge and signatures from symmetric-key primitives.
In Bhavani M. Thuraisingham, David Evans, Tal Malkin, and Dongyan Xu, editors, ACM CCS 2017, 1825–1842. October / November 2017. ACM Press.
https://doi.org/10.1145/3133956.3133997.
Matteo Campanelli, Bernardo David, Hamidreza Khoshakhlagh, Anders Konring, and Jesper Buus Nielsen.
Encryption to the future - A paradigm for sending secret messages to future (anonymous) committees.
In Shweta Agrawal and Dongdai Lin, editors, ASIACRYPT 2022, Part III, volume 13793 of LNCS, 151–180. December 2022. Springer, Heidelberg.
https://doi.org/10.1007/978-3-031-22969-5_6.
Josh D. Cohen and Michael J. Fischer.
A robust and verifiable cryptographically secure election scheme (extended abstract).
In 26th FOCS, 372–382. October 1985. IEEE Computer Society Press.
https://doi.org/10.1109/SFCS.1985.2.
Matteo Campanelli, Antonio Faonio, Dario Fiore, Anaïs Querol, and Hadrián Rodríguez.
Lunar: A toolbox for more efficient universal and updatable zkSNARKs and commit-and-prove extensions.
In Mehdi Tibouchi and Huaxiong Wang, editors, ASIACRYPT 2021, Part III, volume 13092 of LNCS, 3–33. December 2021. Springer, Heidelberg.
https://doi.org/10.1007/978-3-030-92078-4_1.
Alessandro Chiesa, Yuncong Hu, Mary Maller, Pratyush Mishra, Psi Vesely, and Nicholas P. Ward.
Marlin: preprocessing zkSNARKs with universal and updatable SRS.
In Anne Canteaut and Yuval Ishai, editors, EUROCRYPT 2020, Part I, volume 12105 of LNCS, 738–768. May 2020. Springer, Heidelberg.
https://doi.org/10.1007/978-3-030-45721-1_26.
Jan Camenisch and Victor Shoup.
Practical verifiable encryption and decryption of discrete logarithms.
In Dan Boneh, editor, CRYPTO 2003, volume 2729 of LNCS, 126–144. August 2003. Springer, Heidelberg.
https://doi.org/10.1007/978-3-540-45146-4_8.
Cyprien Delpech de Saint Guilhem, Lauren De Meyer, Emmanuela Orsini, and Nigel P. Smart.
BBQ: using AES in picnic signatures.
In Kenneth G. Paterson and Douglas Stebila, editors, SAC 2019, volume 11959 of LNCS, 669–692. August 2019. Springer, Heidelberg.
https://doi.org/10.1007/978-3-030-38471-5_27.
Jelle Don, Serge Fehr, Christian Majenz, and Christian Schaffner.
Online-extractability in the quantum random-oracle model.
In Orr Dunkelman and Stefan Dziembowski, editors, EUROCRYPT 2022, Part III, volume 13277 of LNCS, 677–706. May / June 2022. Springer, Heidelberg.
https://doi.org/10.1007/978-3-031-07082-2_24.
Nico Döttling, Lucjan Hanzlik, Bernardo Magri, and Stella Wohnig.
Mcfly: verifiable encryption to the future made practical.
In Foteini Baldimtsi and Christian Cachin, editors, Financial Cryptography and Data Security - 27th International Conference, FC 2023, Bol, Brač, Croatia, May 1-5, 2023, Revised Selected Papers, Part I, volume 13950 of Lecture Notes in Computer Science, 252–269. Springer, 2023.
https://doi.org/10.1007/978-3-031-47754-6_15.
Cyprien Delpech de Saint Guilhem, Emmanuela Orsini, and Titouan Tanguy.
Limbo: efficient zero-knowledge MPCitH-based arguments.
In Giovanni Vigna and Elaine Shi, editors, ACM CCS 2021, 3022–3036. November 2021. ACM Press.
https://doi.org/10.1145/3460120.3484595.
Paul Feldman.
A practical scheme for non-interactive verifiable secret sharing.
In 28th FOCS, 427–437. October 1987. IEEE Computer Society Press.
https://doi.org/10.1109/SFCS.1987.4.
Eiichiro Fujisaki and Tatsuaki Okamoto.
How to enhance the security of public-key encryption at minimum cost.
In Hideki Imai and Yuliang Zheng, editors, PKC'99, volume 1560 of LNCS, 53–68. March 1999. Springer, Heidelberg.
https://doi.org/10.1007/3-540-49162-7_5.
Eiichiro Fujisaki and Tatsuaki Okamoto.
Secure integration of asymmetric and symmetric encryption schemes.
Journal of Cryptology, 26(1):80–101, January 2013.
https://doi.org/10.1007/s00145-011-9114-1.
Thibauld Feneuil and Matthieu Rivain.
Threshold linear secret sharing to the rescue of MPC-in-the-head.
In Jian Guo and Ron Steinfeld, editors, ASIACRYPT 2023, Part I, volume 14438 of LNCS, 441–473. December 2023. Springer, Heidelberg.
https://doi.org/10.1007/978-981-99-8721-4_14.
Amos Fiat and Adi Shamir.
How to prove yourself: Practical solutions to identification and signature problems.
In Andrew M. Odlyzko, editor, CRYPTO'86, volume 263 of LNCS, 186–194. August 1987. Springer, Heidelberg.
https://doi.org/10.1007/3-540-47721-7_12.
Tim Güneysu, Philip W. Hodges, Georg Land, Mike Ounsworth, Douglas Stebila, and Greg Zaverucha.
Proof-of-possession for KEM certificates using verifiable generation.
In Heng Yin, Angelos Stavrou, Cas Cremers, and Elaine Shi, editors, ACM CCS 2022, 1337–1351. November 2022. ACM Press.
https://doi.org/10.1145/3548606.3560560.
Vipul Goyal, Chen-Kuei Lee, Rafail Ostrovsky, and Ivan Visconti.
Constructing non-malleable commitments: A black-box approach.
In 53rd FOCS, 51–60. October 2012. IEEE Computer Society Press.
https://doi.org/10.1109/FOCS.2012.47.
Irene Giacomelli, Jesper Madsen, and Claudio Orlandi.
ZKBoo: faster zero-knowledge for Boolean circuits.
In Thorsten Holz and Stefan Savage, editors, USENIX Security 2016, 1069–1083. August 2016. USENIX Association.
https://doi.org/?
Jens Groth, Rafail Ostrovsky, and Amit Sahai.
Perfect non-interactive zero knowledge for NP.
In Serge Vaudenay, editor, EUROCRYPT 2006, volume 4004 of LNCS, 339–358. May / June 2006. Springer, Heidelberg.
https://doi.org/10.1007/11761679_21.
Jens Groth.
On the size of pairing-based non-interactive arguments.
In Marc Fischlin and Jean-Sébastien Coron, editors, EUROCRYPT 2016, Part II, volume 9666 of LNCS, 305–326. May 2016. Springer, Heidelberg.
https://doi.org/10.1007/978-3-662-49896-5_11.
Dennis Hofheinz, Kathrin Hövelmanns, and Eike Kiltz.
A modular analysis of the Fujisaki-Okamoto transformation.
In Yael Kalai and Leonid Reyzin, editors, TCC 2017, Part I, volume 10677 of LNCS, 341–371. November 2017. Springer, Heidelberg.
https://doi.org/10.1007/978-3-319-70500-2_12.
Justin Holmgren, Alex Lombardi, and Ron D. Rothblum.
Fiat-Shamir via list-recoverable codes (or: parallel repetition of GMW is not zero-knowledge).
In Samir Khuller and Virginia Vassilevska Williams, editors, STOC '21: 53rd Annual ACMSIGACT Symposium on Theory of Computing, Virtual Event, Italy, June 21-25, 2021, 750–760. ACM, 2021.
https://doi.org/10.1145/3406325.3451116.
Yuval Ishai, Eyal Kushilevitz, Rafail Ostrovsky, and Amit Sahai.
Zero-knowledge from secure multiparty computation.
In David S. Johnson and Uriel Feige, editors, 39th ACM STOC, 21–30. June 2007. ACM Press.
https://doi.org/10.1145/1250790.1250794.
Shuichi Katsumata.
A new simple technique to bootstrap various lattice zero-knowledge proofs to QROM secure NIZKs.
In Tal Malkin and Chris Peikert, editors, CRYPTO 2021, Part II, volume 12826 of LNCS, 580–610. Virtual Event, August 2021. Springer, Heidelberg.
https://doi.org/10.1007/978-3-030-84245-1_20.
Susumu Kiyoshima.
Round-optimal black-box commit-and-prove with succinct communication.
In Daniele Micciancio and Thomas Ristenpart, editors, CRYPTO 2020, Part II, volume 12171 of LNCS, 533–561. August 2020. Springer, Heidelberg.
https://doi.org/10.1007/978-3-030-56880-1_19.
Jonathan Katz, Vladimir Kolesnikov, and Xiao Wang.
Improved non-interactive zero knowledge with applications to post-quantum signatures.
In David Lie, Mohammad Mannan, Michael Backes, and XiaoFeng Wang, editors, ACM CCS 2018, 525–537. October 2018. ACM Press.
https://doi.org/10.1145/3243734.3243805.
Eike Kiltz, Daniel Masny, and Jiaxin Pan.
Optimal security proofs for signatures from identification schemes.
In Matthew Robshaw and Jonathan Katz, editors, CRYPTO 2016, Part II, volume 9815 of LNCS, 33–61. August 2016. Springer, Heidelberg.
https://doi.org/10.1007/978-3-662-53008-5_2.
Dakshita Khurana, Rafail Ostrovsky, and Akshayaram Srinivasan.
Round optimal black-box “commit-and-prove”.
In Amos Beimel and Stefan Dziembowski, editors, TCC 2018, Part I, volume 11239 of LNCS, 286–313. November 2018. Springer, Heidelberg.
https://doi.org/10.1007/978-3-030-03807-6_11.
Matthias J. Kannwischer, Peter Schwabe, Douglas Stebila, and Thom Wiggers.
Improving software quality in cryptography standardization projects.
In IEEE European Symposium on Security and Privacy, EuroS&P 2022 - Workshops, Genoa, Italy, June 6-10, 2022, 19–30. IEEE, 2022.
https://doi.org/10.1109/EUROSPW55150.2022.00010.
Jiwon Lee, Jaekyoung Choi, Jihye Kim, and Hyunok Oh.
SAVER: snark-friendly, additively-homomorphic, and verifiable encryption and decryption with rerandomization.
2019.
Vadim Lyubashevsky and Gregory Neven.
One-shot verifiable encryption from lattices.
In Jean-Sébastien Coron and Jesper Buus Nielsen, editors, EUROCRYPT 2017, Part I, volume 10210 of LNCS, 293–323. April / May 2017. Springer, Heidelberg.
https://doi.org/10.1007/978-3-319-56620-7_11.
Mary Maller, Sean Bowe, Markulf Kohlweiss, and Sarah Meiklejohn.
Sonic: zero-knowledge SNARKs from linear-size universal and updatable structured reference strings.
In Lorenzo Cavallaro, Johannes Kinder, XiaoFeng Wang, and Jonathan Katz, editors, ACM CCS 2019, 2111–2128. November 2019. ACM Press.
https://doi.org/10.1145/3319535.3339817.
Michael Naehrig, Erdem Alkim, Joppe Bos, Léo Ducas, Karen Easterbrook, Brian LaMacchia, Patrick Longa, Ilya Mironov, Valeria Nikolaenko, Christopher Peikert, Ananth Raghunathan, and Douglas Stebila.
FrodoKEM.
Technical Report, National Institute of Standards and Technology, 2019.
Jonas Nick, Tim Ruffing, Yannick Seurin, and Pieter Wuille.
MuSig-DN: schnorr multi-signatures with verifiably deterministic nonces.
In Jay Ligatti, Xinming Ou, Jonathan Katz, and Giovanni Vigna, editors, ACM CCS 2020, 1717–1731. November 2020. ACM Press.
https://doi.org/10.1145/3372297.3417236.
Rafael Pass.
On deniability in the common reference string and random oracle model.
In Dan Boneh, editor, CRYPTO 2003, volume 2729 of LNCS, 316–337. August 2003. Springer, Heidelberg.
https://doi.org/10.1007/978-3-540-45146-4_19.
Torben P. Pedersen.
Non-interactive and information-theoretic secure verifiable secret sharing.
In Joan Feigenbaum, editor, CRYPTO'91, volume 576 of LNCS, 129–140. August 1992. Springer, Heidelberg.
https://doi.org/10.1007/3-540-46766-1_9.
Guillaume Poupard and Jacques Stern.
Fair encryption of RSA keys.
In Bart Preneel, editor, EUROCRYPT 2000, volume 1807 of LNCS, 172–189. May 2000. Springer, Heidelberg.
https://doi.org/10.1007/3-540-45539-6_13.
Peter Schwabe, Roberto Avanzi, Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John M. Schanck, Gregor Seiler, and Damien Stehlé.
CRYSTALS-KYBER.
Technical Report, National Institute of Standards and Technology, 2020.
Claus-Peter Schnorr.
Efficient signature generation by smart cards.
Journal of Cryptology, 4(3):161–174, January 1991.
https://doi.org/10.1007/BF00196725.
Srinath Setty.
Spartan: efficient and general-purpose zkSNARKs without trusted setup.
In Daniele Micciancio and Thomas Ristenpart, editors, CRYPTO 2020, Part III, volume 12172 of LNCS, 704–737. August 2020. Springer, Heidelberg.
https://doi.org/10.1007/978-3-030-56877-1_25.
Markus Stadler.
Publicly verifiable secret sharing.
In Ueli M. Maurer, editor, EUROCRYPT'96, volume 1070 of LNCS, 190–199. May 1996. Springer, Heidelberg.
https://doi.org/10.1007/3-540-68339-9_17.
Adam Young and Moti Yung.
Auto-recoverable auto-certifiable cryptosystems.
In Kaisa Nyberg, editor, EUROCRYPT'98, volume 1403 of LNCS, 17–31. May / June 1998. Springer, Heidelberg.
https://doi.org/10.1007/BFb0054114.
Greg Zaverucha, Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, Jonathan Katz, Xiao Wang, Vladmir Kolesnikov, and Daniel Kales.
Picnic.
Technical Report, National Institute of Standards and Technology, 2020.
@article{CiC-1-1-3,
author = "Takahashi, Akira and Zaverucha, Greg",
journal = "{IACR} {C}ommunications in {C}ryptology",
publisher = "{I}nternational {A}ssociation for {C}ryptologic {R}esearch",
title = "Verifiable Encryption from {MPC}-in-the-Head",
volume = "1",
number = "1",
date = "2024-04-09",
year = "2024",
issn = "3006-5496",
doi = "10.62056/a3wa3zl7s"
}
TY - JOUR
AU - Takahashi, Akira
AU - Zaverucha, Greg
PY - 2024
TI - Verifiable Encryption from MPC-in-the-Head
JF - IACR Communications in Cryptology
JA - CIC
VL - 1
IS - 1
DO - 10.62056/a3wa3zl7s
UR - https://doi.org/10.62056/a3wa3zl7s
AB - <p> Verifiable encryption (VE) is a protocol where one can provide assurance that an encrypted plaintext satisfies certain properties, or relations. It is an important building block in cryptography with many useful applications, such as key escrow, group signatures, optimistic fair exchange, and others. However, the majority of previous VE schemes are restricted to instantiation with specific public-key encryption schemes or relations. In this work, we propose a novel framework that realizes VE protocols using zero-knowledge proof systems based on the MPC-in-the-head paradigm (Ishai et al. STOC 2007). Our generic compiler can turn a large class of zero-knowledge proofs into secure VE protocols for any secure public-key encryption scheme with the undeniability property, a notion that essentially guarantees binding of encryption when used as a commitment scheme. Our framework is versatile: because the circuit proven by the MPC-in-the-head prover is decoupled from a complex encryption function, the work of the prover is focused on proving the encrypted data satisfies the relation, not the proof of plaintext knowledge. Hence, our approach allows for instantiation with various combinations of properties about the encrypted data and encryption functions. We then consider concrete applications, to demonstrate the efficiency of our framework, by first giving a new approach and implementation to verifiably encrypt discrete logarithms in any prime order group more efficiently than was previously known. Then we give the first practical verifiable encryption scheme for AES keys with post-quantum security, along with an implementation and benchmarks. </p>
ER -
Akira Takahashi and Greg Zaverucha, Verifiable Encryption from MPC-in-the-Head. IACR Communications in Cryptology, vol. 1, no. 1, Apr 09, 2024, doi: 10.62056/a3wa3zl7s.