Non-interactive zero-knowledge functional proofs

In this paper, we consider to generalize NIZK by empowering a prover to share a witness in a fine-grained manner with verifiers. Roughly, the prover is able to authorize a verifier to obtain extra information of witness, i.e., besides verifying the truth of the statement, the verifier can additional...

Full description

Bibliographic Details
Main Authors: Zeng, Gongxian, Lai, Junzuo, Huang, Zhengan, Zhang, Linru, Wang, Xiangning, Lam, Kwok-Yan, Wang, Huaxiong, Weng, Jian
Other Authors: International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT 2023)
Format: Conference Paper
Language:English
Published: 2023
Subjects:
Online Access:https://hdl.handle.net/10356/172708
Description
Summary:In this paper, we consider to generalize NIZK by empowering a prover to share a witness in a fine-grained manner with verifiers. Roughly, the prover is able to authorize a verifier to obtain extra information of witness, i.e., besides verifying the truth of the statement, the verifier can additionally obtain certain function of the witness from the accepting proof using a secret functional key provided by the prover. To fulfill these requirements, we introduce a new primitive called non-interactive zero-knowledge functional proofs (fNIZKs), and formalize its security notions. We provide a generic construction of fNIZK for any relation , which enables the prover to share any function of the witness with a verifier. For a widely-used relation about set membership proof (implying range proof), we construct a concrete and efficient fNIZK, through new building blocks (set membership encryption and dual inner-product encryption), which might be of independent interest.