## CryptoDB

### Carla Ràfols

#### Affiliation: Universitat Pompeu Fabra, Spain

#### Publications

**Year**

**Venue**

**Title**

2020

PKC

Updateable Inner Product Argument with Logarithmic Verifier and Applications
📺
Abstract

We propose an improvement for the inner product argument of Bootle et al. (EUROCRYPT’16). The new argument replaces the unstructured common reference string (the commitment key) by a structured one. We give two instantiations of this argument, for two different distributions of the CRS. In the designated verifier setting, this structure can be used to reduce verification from linear to logarithmic in the circuit size. The argument can be compiled to the publicly verifiable setting in asymmetric bilinear groups. The new common reference string can easily be updateable. The argument can be directly used to improve verification of Bulletproofs range proofs (IEEE SP’18). On the other hand, to use the improved argument to prove circuit satisfiability with logarithmic verification, we adapt recent techniques from Sonic (ACM CCS’19) to work with the new common reference string. The resulting argument is secure under standard assumptions (in the Random Oracle Model), in contrast with Sonic and recent works that improve its efficiency (Plonk, Marlin, AuroraLight), which, apart from the Random Oracle Model, need either the Algebraic Group Model or Knowledge Type assumptions.

2019

PKC

Shorter Quadratic QA-NIZK Proofs
Abstract

Despite recent advances in the area of pairing-friendly Non-Interactive Zero-Knowledge proofs, there have not been many efficiency improvements in constructing arguments of satisfiability of quadratic (and larger degree) equations since the publication of the Groth-Sahai proof system (JoC’12). In this work, we address the problem of aggregating such proofs using techniques derived from the interactive setting and recent constructions of SNARKs. For certain types of quadratic equations, this problem was investigated before by González et al. (ASIACRYPT’15). Compared to their result, we reduce the proof size by approximately 50% and the common reference string from quadratic to linear, at the price of using less standard computational assumptions. A theoretical motivation for our work is to investigate how efficient NIZK proofs based on falsifiable assumptions can be. On the practical side, quadratic equations appear naturally in several cryptographic schemes like shuffle and range arguments.

2019

ASIACRYPT

Structure-Preserving and Re-randomizable RCCA-Secure Public Key Encryption and Its Applications
Abstract

Re-randomizable RCCA-secure public key encryption (Rand-RCCA PKE) schemes reconcile the property of re-randomizability of the ciphertexts with the need of security against chosen-ciphertexts attacks. In this paper we give a new construction of a Rand-RCCA PKE scheme that is perfectly re-randomizable. Our construction is structure-preserving, can be instantiated over Type-3 pairing groups, and achieves better computation and communication efficiency than the state of the art perfectly re-randomizable schemes (e.g., Prabhakaran and Rosulek, CRYPTO’07). Next, we revive the Rand-RCCA notion showing new applications where our Rand-RCCA PKE scheme plays a fundamental part: (1) We show how to turn our scheme into a publicly-verifiable Rand-RCCA scheme; (2) We construct a malleable NIZK with a (variant of) simulation soundness that allows for re-randomizability; (3) We propose a new UC-secure Verifiable Mix-Net protocol that is secure in the common reference string model. Thanks to the structure-preserving property, all these applications are efficient. Notably, our Mix-Net protocol is the most efficient universally verifiable Mix-Net (without random oracle) where the CRS is an uniformly random string of size independent of the number of senders. The property is of the essence when such protocols are used in large scale.

2019

ASIACRYPT

Shorter Pairing-Based Arguments Under Standard Assumptions
Abstract

This paper constructs efficient non-interactive arguments for correct evaluation of arithmetic and boolean circuits with proof size O(d) group elements, where d is the multiplicative depth of the circuit, under falsifiable assumptions. This is achieved by combining techniques from SNARKs and QA-NIZK arguments of membership in linear spaces. The first construction is very efficient (the proof size is $$\approx 4d$$ group elements and the verification cost is $$\approx 4d$$ pairings and $$O(n+n'+d)$$ exponentiations, where n is the size of the input and $$n'$$ of the output) but one type of attack can only be ruled out assuming the knowledge soundness of QA-NIZK arguments of membership in linear spaces. We give an alternative construction which replaces this assumption with a decisional assumption in bilinear groups at the cost of approximately doubling the proof size. The construction for boolean circuits can be made zero-knowledge with Groth-Sahai proofs, resulting in a NIZK argument for circuit satisfiability based on falsifiable assumptions in bilinear groups of proof size $$O(n+d)$$.Our main technical tool is what we call an “argument of knowledge transfer”. Given a commitment $$C_1$$ and an opening x, such an argument allows to prove that some other commitment $$C_2$$ opens to f(x), for some function f, even if $$C_2$$ is not extractable. We construct very short, constant-size, pairing-based arguments of knowledge transfer with constant-time verification for any linear function and also for Hadamard products. These allow to transfer the knowledge of the input to lower levels of the circuit.

2014

PKC

2007

EPRINT

CCA2-Secure Threshold Broadcast Encryption with Shorter Ciphertexts
Abstract

In a threshold broadcast encryption scheme, a sender chooses (ad-hoc) a set of $n$ receivers and a threshold $t$, and then encrypts a message by using the public keys of all the receivers, in such a way that the original plaintext can be recovered only if at least $t$ receivers cooperate. Previously proposed threshold broadcast encryption schemes have ciphertexts whose length is $\O(n)$.
In this paper, we propose new schemes, for both PKI and identity-based scenarios, where the ciphertexts' length is $\O(n-t)$. The construction uses secret sharing techniques and the Canetti-Halevi-Katz transformation to achieve chosen-ciphertext security. The security of our schemes is formally proved under the Decisional Bilinear Diffie-Hellman (DBDH) Assumption.

2006

EPRINT

Certificate-Based Encryption Without Random Oracles
Abstract

We present a certificate-based encryption scheme which is fully secure in the standard model. Our
scheme is based on the identity-based encryption scheme of Waters \cite{W05}. Although some
generic constructions from IBE to CBE has been previously proposed, they use the Random Oracle
heuristic or provide less practical schemes than ours. Finally, we point out that one of
the existing generic constructions going from IBE to CBE is flawed.

#### Program Committees

- PKC 2020
- Asiacrypt 2020
- Asiacrypt 2019
- PKC 2018
- Asiacrypt 2018
- Crypto 2015

#### Coauthors

- Vanesa Daza (3)
- Alex Escala (3)
- Antonio Faonio (1)
- Dario Fiore (1)
- Alonso González (4)
- Gottfried Herold (4)
- Javier Herranz (4)
- Julia Hesse (2)
- Alejandro Hevia (2)
- Dennis Hofheinz (2)
- Eike Kiltz (2)
- Fabien Laguillaumie (1)
- Benoît Libert (1)
- Paz Morillo (5)
- Zaira Pindado (1)
- Andy Rupp (2)
- Javier Silva (1)
- Jorge Luis Villar (4)
- Alexandros Zacharakis (1)