Using Fully Homomorphic Hybrid Encryption to Minimize Non-interative Zero-Knowledge Proofs

Craig Gentry, Jens Groth, Yuval Ishai, Chris Peikert, Amit Sahai, Adam Smith

Research output: Contribution to journalArticle

26 Citations (Scopus)

Abstract

A non-interactive zero-knowledge (NIZK) proof can be used to demonstrate the truth of a statement without revealing anything else. It has been shown under standard cryptographic assumptions that NIZK proofs of membership exist for all languages in NP. While there is evidence that such proofs cannot be much shorter than the corresponding membership witnesses, all known NIZK proofs for NP languages are considerably longer than the witnesses. Soon after Gentry’s construction of fully homomorphic encryption, several groups independently contemplated the use of hybrid encryption to optimize the size of NIZK proofs and discussed this idea within the cryptographic community. This article formally explores this idea of using fully homomorphic hybrid encryption to optimize NIZK proofs and other related cryptographic primitives. We investigate the question of minimizing the communication overhead of NIZK proofs for NP and show that if fully homomorphic encryption exists then it is possible to get proofs that are roughly of the same size as the witnesses. Our technique consists in constructing a fully homomorphic hybrid encryption scheme with ciphertext size $$|m|+{\mathrm {poly}}(k)$$|m|+poly(k), where $$m$$m is the plaintext and $$k$$k is the security parameter. Encrypting the witness for an NP-statement allows us to evaluate the NP-relation in a communication-efficient manner. We apply this technique to both standard non-interactive zero-knowledge proofs and to universally composable non-interactive zero-knowledge proofs. The technique can also be applied outside the realm of non-interactive zero-knowledge proofs, for instance to get witness-size interactive zero-knowledge proofs in the plain model without any setup or to minimize the communication in secure computation protocols.

Original languageEnglish (US)
Pages (from-to)820-843
Number of pages24
JournalJournal of Cryptology
Volume28
Issue number4
DOIs
StatePublished - Oct 30 2015

Fingerprint

Zero-knowledge Proof
Homomorphic
Encryption
Cryptography
Minimise
Communication
Homomorphic Encryption
Optimise
Interactive Proofs
Secure Computation

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Science Applications
  • Applied Mathematics

Cite this

Gentry, Craig ; Groth, Jens ; Ishai, Yuval ; Peikert, Chris ; Sahai, Amit ; Smith, Adam. / Using Fully Homomorphic Hybrid Encryption to Minimize Non-interative Zero-Knowledge Proofs. In: Journal of Cryptology. 2015 ; Vol. 28, No. 4. pp. 820-843.
@article{ad5193b66f2f4a54be64e60c73c57a38,
title = "Using Fully Homomorphic Hybrid Encryption to Minimize Non-interative Zero-Knowledge Proofs",
abstract = "A non-interactive zero-knowledge (NIZK) proof can be used to demonstrate the truth of a statement without revealing anything else. It has been shown under standard cryptographic assumptions that NIZK proofs of membership exist for all languages in NP. While there is evidence that such proofs cannot be much shorter than the corresponding membership witnesses, all known NIZK proofs for NP languages are considerably longer than the witnesses. Soon after Gentry’s construction of fully homomorphic encryption, several groups independently contemplated the use of hybrid encryption to optimize the size of NIZK proofs and discussed this idea within the cryptographic community. This article formally explores this idea of using fully homomorphic hybrid encryption to optimize NIZK proofs and other related cryptographic primitives. We investigate the question of minimizing the communication overhead of NIZK proofs for NP and show that if fully homomorphic encryption exists then it is possible to get proofs that are roughly of the same size as the witnesses. Our technique consists in constructing a fully homomorphic hybrid encryption scheme with ciphertext size $$|m|+{\mathrm {poly}}(k)$$|m|+poly(k), where $$m$$m is the plaintext and $$k$$k is the security parameter. Encrypting the witness for an NP-statement allows us to evaluate the NP-relation in a communication-efficient manner. We apply this technique to both standard non-interactive zero-knowledge proofs and to universally composable non-interactive zero-knowledge proofs. The technique can also be applied outside the realm of non-interactive zero-knowledge proofs, for instance to get witness-size interactive zero-knowledge proofs in the plain model without any setup or to minimize the communication in secure computation protocols.",
author = "Craig Gentry and Jens Groth and Yuval Ishai and Chris Peikert and Amit Sahai and Adam Smith",
year = "2015",
month = "10",
day = "30",
doi = "10.1007/s00145-014-9184-y",
language = "English (US)",
volume = "28",
pages = "820--843",
journal = "Journal of Cryptology",
issn = "0933-2790",
publisher = "Springer New York",
number = "4",

}

Gentry, C, Groth, J, Ishai, Y, Peikert, C, Sahai, A & Smith, A 2015, 'Using Fully Homomorphic Hybrid Encryption to Minimize Non-interative Zero-Knowledge Proofs', Journal of Cryptology, vol. 28, no. 4, pp. 820-843. https://doi.org/10.1007/s00145-014-9184-y

Using Fully Homomorphic Hybrid Encryption to Minimize Non-interative Zero-Knowledge Proofs. / Gentry, Craig; Groth, Jens; Ishai, Yuval; Peikert, Chris; Sahai, Amit; Smith, Adam.

In: Journal of Cryptology, Vol. 28, No. 4, 30.10.2015, p. 820-843.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Using Fully Homomorphic Hybrid Encryption to Minimize Non-interative Zero-Knowledge Proofs

AU - Gentry, Craig

AU - Groth, Jens

AU - Ishai, Yuval

AU - Peikert, Chris

AU - Sahai, Amit

AU - Smith, Adam

PY - 2015/10/30

Y1 - 2015/10/30

N2 - A non-interactive zero-knowledge (NIZK) proof can be used to demonstrate the truth of a statement without revealing anything else. It has been shown under standard cryptographic assumptions that NIZK proofs of membership exist for all languages in NP. While there is evidence that such proofs cannot be much shorter than the corresponding membership witnesses, all known NIZK proofs for NP languages are considerably longer than the witnesses. Soon after Gentry’s construction of fully homomorphic encryption, several groups independently contemplated the use of hybrid encryption to optimize the size of NIZK proofs and discussed this idea within the cryptographic community. This article formally explores this idea of using fully homomorphic hybrid encryption to optimize NIZK proofs and other related cryptographic primitives. We investigate the question of minimizing the communication overhead of NIZK proofs for NP and show that if fully homomorphic encryption exists then it is possible to get proofs that are roughly of the same size as the witnesses. Our technique consists in constructing a fully homomorphic hybrid encryption scheme with ciphertext size $$|m|+{\mathrm {poly}}(k)$$|m|+poly(k), where $$m$$m is the plaintext and $$k$$k is the security parameter. Encrypting the witness for an NP-statement allows us to evaluate the NP-relation in a communication-efficient manner. We apply this technique to both standard non-interactive zero-knowledge proofs and to universally composable non-interactive zero-knowledge proofs. The technique can also be applied outside the realm of non-interactive zero-knowledge proofs, for instance to get witness-size interactive zero-knowledge proofs in the plain model without any setup or to minimize the communication in secure computation protocols.

AB - A non-interactive zero-knowledge (NIZK) proof can be used to demonstrate the truth of a statement without revealing anything else. It has been shown under standard cryptographic assumptions that NIZK proofs of membership exist for all languages in NP. While there is evidence that such proofs cannot be much shorter than the corresponding membership witnesses, all known NIZK proofs for NP languages are considerably longer than the witnesses. Soon after Gentry’s construction of fully homomorphic encryption, several groups independently contemplated the use of hybrid encryption to optimize the size of NIZK proofs and discussed this idea within the cryptographic community. This article formally explores this idea of using fully homomorphic hybrid encryption to optimize NIZK proofs and other related cryptographic primitives. We investigate the question of minimizing the communication overhead of NIZK proofs for NP and show that if fully homomorphic encryption exists then it is possible to get proofs that are roughly of the same size as the witnesses. Our technique consists in constructing a fully homomorphic hybrid encryption scheme with ciphertext size $$|m|+{\mathrm {poly}}(k)$$|m|+poly(k), where $$m$$m is the plaintext and $$k$$k is the security parameter. Encrypting the witness for an NP-statement allows us to evaluate the NP-relation in a communication-efficient manner. We apply this technique to both standard non-interactive zero-knowledge proofs and to universally composable non-interactive zero-knowledge proofs. The technique can also be applied outside the realm of non-interactive zero-knowledge proofs, for instance to get witness-size interactive zero-knowledge proofs in the plain model without any setup or to minimize the communication in secure computation protocols.

UR - http://www.scopus.com/inward/record.url?scp=84942552707&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84942552707&partnerID=8YFLogxK

U2 - 10.1007/s00145-014-9184-y

DO - 10.1007/s00145-014-9184-y

M3 - Article

AN - SCOPUS:84942552707

VL - 28

SP - 820

EP - 843

JO - Journal of Cryptology

JF - Journal of Cryptology

SN - 0933-2790

IS - 4

ER -