CryptoDB
Nathan Geier
Publications
Year
Venue
Title
2024
CRYPTO
Amplification of Non-Interactive Zero Knowledge, Revisited
Abstract
In an (α,β)-weak non-interactive zero knowledge (NIZK), the soundness error is at most α and the zero-knowledge error is at most β. Goyal, Jain, and Sahai (CRYPTO 2019) stated that if α+β<1 for some constants α,β, then (α,β)-weak NIZK can be turned into fully-secure NIZK, assuming sub-exponentially-secure public-key encryption. Later, however, they have discovered a gap in their proof.
We revisit the problem of NIZK amplification:
– We amplify NIZK arguments assuming only polynomially-secure public-key encryption, for any constants α+β<1.
– We amplify NIZK proofs assuming only one-way functions, for any constants α+β<1.
– When the soundness error α is negligible to begin with, we can also amplify NIZK arguments assuming only one-way functions.
Our results take a different route than that of Goyal, Jain, and Sahai. They are based on the hidden-bits paradigm, and can be viewed as a reduction from NIZK amplification to the better understood problem of pseudorandomness amplification.
2022
TCC
A Tight Computational Indistinguishability Bound of Product Distributions
★
Abstract
Assume that distributions X_0,X_1 (respectively Y_0,Y_1) are d_X (respectively d_Y) indistinguishable for circuits of a given size. It is well known that the product distributions X_0Y_0,X_1Y_1 are d_X+d_Y indistinguishable for slightly smaller circuits. However, in probability theory where unbounded adversaries are considered through statistical distance, it is folklore knowledge that in fact X_0Y_0 and X_1Y_1 are d_x+d_y-d_x*d_y indistinguishable, and also that this bound is tight.
We formulate and prove the computational analog of this tight bound. Our proof is entirely different from the proof in the statistical case, which is non-constructive. As a corollary, we show that if X and Y are d indistinguishable, then k independent copies of X and k independent copies of Y are almost 1-(1-d)^k indistinguishable for smaller circuits, as against d*k using the looser bound. Our bounds are useful in settings where only weak (i.e. non-negligible) indistinguishability is guaranteed. We demonstrate this in the context of cryptography, showing that our bounds yield simple analysis for amplification of weak oblivious transfer protocols.
Coauthors
- Nir Bitansky (1)
- Nathan Geier (2)