International Association for Cryptologic Research

International Association
for Cryptologic Research


Towards Accountability in CRS Generation

Prabhanjan Ananth , UCSB
Gilad Asharov , Bar-Ilan University
Hila Dahari , Weizmann Institute
Vipul Goyal , CMU and NTT Research
DOI: 10.1007/978-3-030-77883-5_10 (login may be required)
Search ePrint
Search Google
Presentation: Slides
Conference: EUROCRYPT 2021
Abstract: It is well known that several cryptographic primitives cannot be achieved without a common reference string (CRS). Those include, for instance, non-interactive zero-knowledge for NP, or malicious secure computation in fewer than four rounds. The security of those primitives heavily rely upon on the assumption that the trusted authority, who generates the CRS, does not misuse the randomness used in the CRS generation. However, we argue that there is no such thing as an unconditionally trusted authority and every authority must be held accountable for any trust to be well-founded. Indeed, a malicious authority can, for instance, recover private inputs of honest parties given transcripts of the protocols executed with respect to the CRS it has generated. While eliminating trust in the trusted authority may not be entirely feasible, can we at least move towards achieving some notion of accountability? We propose a new notion in which, if the CRS authority releases the private inputs of protocol executions to others, we can then provide a publicly-verifiable proof that certifies that the authority misbehaved. We study the feasibility of this notion in the context of non-interactive zero knowledge and two-round secure two-party computation.
Video from EUROCRYPT 2021
  title={Towards Accountability in CRS Generation},
  author={Prabhanjan Ananth and Gilad Asharov and Hila Dahari and Vipul Goyal},