QANIZK for adversary-dependent languages and their applications

Abstract

Quasi-Adaptive Non-Interactive Zero-Knowledge (QANIZK) proofs make possible efficient NIZK with short proofs by allowing the common reference string to depend on the language. The strongest notion of (computational) soundness for QANIZK is Unbounded Simulation-Soundness (USS). For USS, however, the language is completely beyond the adversary's control.In this paper, we introduce a stronger notion of USS for QANIZK, called USS for Adversary-Dependent Languages (USS-ADL), by allowing the adversary to adaptively develop the language. We present a generic construction of efficient USS-ADL-QANIZK for diverse vector spaces (DVS) over graded rings, of which linear subspaces over bilinear groups are specific instantiations.–Our generic construction provides the first USS-QANIZK for DVS over graded rings. This complements Abdalla et al.'s work (Eurocrypt'15) of QANIZK with one-time simulation-soundness.–As for applications, USS-ADL-QANIZK leads to modular constructions of digital signature and linearly homomorphic (structure-preserving) signature schemes with black-box security reductions.The instantiations cover the efficient USS-QANIZK for linear subspaces over bilinear groups proposed by Kiltz and Wee (Eurocrypt'15), a variant of the efficient structure-preserving signature proposed by Kiltz et al. (Crypto'15) and the efficient linearly homomorphic structure-preserving signature proposed by Kiltz and Wee (Eurocrypt'15). Our USS-ADL-QANIZK provides a new perspective on their constructions and security proofs in a unified way.