International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: Verifiably-Extractable OWFs and Their Applications to Subversion Zero-Knowledge

Arne Tobias Ødegaard , Simula UiB, Bergen, Norway
Helger Lipmaa , Simula UiB, Bergen, Norway
Michal Zajac , Clearmatics, London, UK
Prastudy Fauzi , Simula UiB, Bergen, Norway
Janno Siim , University of Tartu, Tartu, Estonia
Search ePrint
Search Google
Conference: ASIACRYPT 2021
Abstract: An extractable one-way function (EOWF), introduced by Canetti and Dakdouk (ICALP 2008) and generalized by Bitansky et al. (SIAM Journal on Computing vol. 45), is an OWF that allows for efficient extraction of a preimage for the function. We study (generalized) EOWFs that have a public image verification algorithm. We call such OWFs verifiably-extractable and show that several previously known constructions satisfy this notion. We study how such OWFs relate to subversion zero-knowledge (Sub-ZK) NIZKs by using them to generically construct a Sub-ZK NIZK from a NIZK satisfying certain additional properties, and conversely show how to obtain them from any Sub-ZK NIZK. Prior to our work, the Sub-ZK property of NIZKs was achieved using concrete knowledge assumptions.
Video from ASIACRYPT 2021
  title={Verifiably-Extractable OWFs and Their Applications to Subversion Zero-Knowledge},
  author={Arne Tobias Ødegaard and Helger Lipmaa and Michal Zajac and Prastudy Fauzi and Janno Siim},