Non-interactive Distributional Indistinguishability (NIDI) and Non-malleable Commitments

Dakshita Khurana

doi:10.1007/978-3-030-77883-5_7

Non-interactive Distributional Indistinguishability (NIDI) and Non-malleable Commitments

Dakshita Khurana

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

We introduce non-interactive distributionally indistinguishable arguments (NIDI) to address a significant weakness of NIWI proofs: namely, the lack of meaningful secrecy when proving statements about NP languages with unique witnesses. NIDI arguments allow a prover P to send a single message to verifier V, from which V obtains a sample d from a (secret) distribution D, together with a proof of membership of d in an NP language L. The soundness guarantee is that if the sample d obtained by the verifier V is not in L, then V outputs ⊥. The privacy guarantee is that secrets about the distribution remain hidden: for every pair of (sufficiently) hard-to-distinguish distributions D₀ and D₁ with support in NP language L, a NIDI that outputs samples from D₀ with proofs of membership in L is indistinguishable from one that outputs samples from D₁ with proofs of membership in L. We build NIDI arguments for superpolynomially hard-to-distinguish distributions, assuming sub-exponential indistinguishability obfuscation and sub-exponentially secure (variants of) one-way functions.We demonstrate preliminary applications of NIDI and of our techniques to obtaining the first (relaxed) non-interactive constructions in the plain model, from well-founded assumptions, of: ∙ Commit-and-prove that provably hides the committed message∙ CCA-secure commitments against non-uniform adversaries. The commit phase of our commitment schemes consists of a single message from the committer to the receiver, followed by a randomized output by the receiver (that need not be returned to the committer).

Original language	English (US)
Title of host publication	Advances in Cryptology – EUROCRYPT 2021 - 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings
Editors	Anne Canteaut, François-Xavier Standaert
Publisher	Springer
Pages	186-215
Number of pages	30
ISBN (Print)	9783030778828
DOIs	https://doi.org/10.1007/978-3-030-77883-5_7
State	Published - 2021
Event	40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2021 - Zagreb, Croatia Duration: Oct 17 2021 → Oct 21 2021

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	12698 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2021
Country/Territory	Croatia
City	Zagreb
Period	10/17/21 → 10/21/21

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Online availability

10.1007/978-3-030-77883-5_7

Library availability

Discover UIUC Full Text

Cite this

Khurana, D. (2021). Non-interactive Distributional Indistinguishability (NIDI) and Non-malleable Commitments. In A. Canteaut, & F-X. Standaert (Eds.), Advances in Cryptology – EUROCRYPT 2021 - 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings (pp. 186-215). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12698 LNCS). Springer. https://doi.org/10.1007/978-3-030-77883-5_7

Non-interactive Distributional Indistinguishability (NIDI) and Non-malleable Commitments. / Khurana, Dakshita.
Advances in Cryptology – EUROCRYPT 2021 - 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. ed. / Anne Canteaut; François-Xavier Standaert. Springer, 2021. p. 186-215 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12698 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Khurana, D 2021, Non-interactive Distributional Indistinguishability (NIDI) and Non-malleable Commitments. in A Canteaut & F-X Standaert (eds), Advances in Cryptology – EUROCRYPT 2021 - 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 12698 LNCS, Springer, pp. 186-215, 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2021, Zagreb, Croatia, 10/17/21. https://doi.org/10.1007/978-3-030-77883-5_7

Khurana D. Non-interactive Distributional Indistinguishability (NIDI) and Non-malleable Commitments. In Canteaut A, Standaert F-X, editors, Advances in Cryptology – EUROCRYPT 2021 - 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. Springer. 2021. p. 186-215. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-77883-5_7

Khurana, Dakshita. / Non-interactive Distributional Indistinguishability (NIDI) and Non-malleable Commitments. Advances in Cryptology – EUROCRYPT 2021 - 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. editor / Anne Canteaut ; François-Xavier Standaert. Springer, 2021. pp. 186-215 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{0cefee98613f4ab58057ce8ceda0a44d,

title = "Non-interactive Distributional Indistinguishability (NIDI) and Non-malleable Commitments",

abstract = "We introduce non-interactive distributionally indistinguishable arguments (NIDI) to address a significant weakness of NIWI proofs: namely, the lack of meaningful secrecy when proving statements about NP languages with unique witnesses. NIDI arguments allow a prover P to send a single message to verifier V, from which V obtains a sample d from a (secret) distribution D, together with a proof of membership of d in an NP language L. The soundness guarantee is that if the sample d obtained by the verifier V is not in L, then V outputs ⊥. The privacy guarantee is that secrets about the distribution remain hidden: for every pair of (sufficiently) hard-to-distinguish distributions D0 and D1 with support in NP language L, a NIDI that outputs samples from D0 with proofs of membership in L is indistinguishable from one that outputs samples from D1 with proofs of membership in L. We build NIDI arguments for superpolynomially hard-to-distinguish distributions, assuming sub-exponential indistinguishability obfuscation and sub-exponentially secure (variants of) one-way functions.We demonstrate preliminary applications of NIDI and of our techniques to obtaining the first (relaxed) non-interactive constructions in the plain model, from well-founded assumptions, of: ∙ Commit-and-prove that provably hides the committed message∙ CCA-secure commitments against non-uniform adversaries. The commit phase of our commitment schemes consists of a single message from the committer to the receiver, followed by a randomized output by the receiver (that need not be returned to the committer).",

author = "Dakshita Khurana",

note = "Funding Information: Work done in part during a visit to the Simons institute, Berkeley. This material is based upon work supported in part by DARPA under Contract No. HR001120C0024. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the United States Government or DARPA. Publisher Copyright: {\textcopyright} 2021, International Association for Cryptologic Research.; 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2021 ; Conference date: 17-10-2021 Through 21-10-2021",

year = "2021",

doi = "10.1007/978-3-030-77883-5_7",

language = "English (US)",

isbn = "9783030778828",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "186--215",

editor = "Anne Canteaut and Fran{\c c}ois-Xavier Standaert",

booktitle = "Advances in Cryptology – EUROCRYPT 2021 - 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings",

address = "Germany",

}

TY - GEN

T1 - Non-interactive Distributional Indistinguishability (NIDI) and Non-malleable Commitments

AU - Khurana, Dakshita

N1 - Funding Information: Work done in part during a visit to the Simons institute, Berkeley. This material is based upon work supported in part by DARPA under Contract No. HR001120C0024. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the United States Government or DARPA. Publisher Copyright: © 2021, International Association for Cryptologic Research.

PY - 2021

Y1 - 2021

N2 - We introduce non-interactive distributionally indistinguishable arguments (NIDI) to address a significant weakness of NIWI proofs: namely, the lack of meaningful secrecy when proving statements about NP languages with unique witnesses. NIDI arguments allow a prover P to send a single message to verifier V, from which V obtains a sample d from a (secret) distribution D, together with a proof of membership of d in an NP language L. The soundness guarantee is that if the sample d obtained by the verifier V is not in L, then V outputs ⊥. The privacy guarantee is that secrets about the distribution remain hidden: for every pair of (sufficiently) hard-to-distinguish distributions D0 and D1 with support in NP language L, a NIDI that outputs samples from D0 with proofs of membership in L is indistinguishable from one that outputs samples from D1 with proofs of membership in L. We build NIDI arguments for superpolynomially hard-to-distinguish distributions, assuming sub-exponential indistinguishability obfuscation and sub-exponentially secure (variants of) one-way functions.We demonstrate preliminary applications of NIDI and of our techniques to obtaining the first (relaxed) non-interactive constructions in the plain model, from well-founded assumptions, of: ∙ Commit-and-prove that provably hides the committed message∙ CCA-secure commitments against non-uniform adversaries. The commit phase of our commitment schemes consists of a single message from the committer to the receiver, followed by a randomized output by the receiver (that need not be returned to the committer).

AB - We introduce non-interactive distributionally indistinguishable arguments (NIDI) to address a significant weakness of NIWI proofs: namely, the lack of meaningful secrecy when proving statements about NP languages with unique witnesses. NIDI arguments allow a prover P to send a single message to verifier V, from which V obtains a sample d from a (secret) distribution D, together with a proof of membership of d in an NP language L. The soundness guarantee is that if the sample d obtained by the verifier V is not in L, then V outputs ⊥. The privacy guarantee is that secrets about the distribution remain hidden: for every pair of (sufficiently) hard-to-distinguish distributions D0 and D1 with support in NP language L, a NIDI that outputs samples from D0 with proofs of membership in L is indistinguishable from one that outputs samples from D1 with proofs of membership in L. We build NIDI arguments for superpolynomially hard-to-distinguish distributions, assuming sub-exponential indistinguishability obfuscation and sub-exponentially secure (variants of) one-way functions.We demonstrate preliminary applications of NIDI and of our techniques to obtaining the first (relaxed) non-interactive constructions in the plain model, from well-founded assumptions, of: ∙ Commit-and-prove that provably hides the committed message∙ CCA-secure commitments against non-uniform adversaries. The commit phase of our commitment schemes consists of a single message from the committer to the receiver, followed by a randomized output by the receiver (that need not be returned to the committer).

UR - http://www.scopus.com/inward/record.url?scp=85111464003&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85111464003&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-77883-5_7

DO - 10.1007/978-3-030-77883-5_7

M3 - Conference contribution

AN - SCOPUS:85111464003

SN - 9783030778828

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 186

EP - 215

BT - Advances in Cryptology – EUROCRYPT 2021 - 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings

A2 - Canteaut, Anne

A2 - Standaert, François-Xavier

PB - Springer

T2 - 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2021

Y2 - 17 October 2021 through 21 October 2021

ER -