Non-interactive Zero-knowledge Research Articles

A Comprehensive Approach to User Delegation and Anonymity within Decentralized Identifiers for IoT.

Decentralized Identifiers have recently expanded into Internet of Things devices and are crucial in securing users' digital identities and data. However, Decentralized Identifiers face challenges in scenarios necessitating authority delegation and anonymity, such as when dealing with legal guardianship for minors, device loss or damage, and specific medical contexts involving patient information. This paper aims to strengthen data sovereignty within the Decentralized Identifier system by implementing a secure authority delegation and anonymity scheme. It suggests optimizing verifiable presentations by utilizing a sequential aggregate signature, a Non-Interactive Zero-Knowledge Proof, and a Merkle tree to prevent against linkage and Sybil attacks while facilitating delegation. This strategy mitigates security risks related to delegation and anonymity, efficiently reduces the computational and verification efforts for signatures, and reduces the size of verifiable presentations by about 1.2 to 2 times.

Temporal ECDSA: A timestamp and signature mask enabled ECDSA algorithm for IoT client node authentication

Internet of Things (IoT) networks are vulnerable to various security threats, especially in client authentication. The current authentication methods require significant resources and are vulnerable to specific attacks. The Non-Interactive Zero Knowledge Proof (NIZKP) concept suits IoT device authentication. Elliptic Curve Digital Signature (ECDSA) is a popular algorithm for IoT device authentication based on elliptic curve cryptography (ECC) and NIZKP. However, an intelligent attacker who captures the ECDSA signatures generated by the same random number can recover the private key. This paper proposes a timestamp based approach to prevent signature reuse and fake signature generation in the ECDSA algorithm. The signature proof is generated differently at each occurrence to prevent the generation of valid signatures from leaked private keys. The proposed approach eliminates the expensive modular inversion operations in signature generation and verification phases, enhancing execution efficiency. The analysis results indicate that the proposed Temporal ECDSA algorithm effectively prevents most attacks on client authentication in IoT networks. Various metrics, including computational complexity and security measures, were used to evaluate the effectiveness of the proposed approach, demonstrating that it outperforms most ECDSA variants.

Enhancing security in Fiat–Shamir transformation-based non-interactive zero-knowledge protocols for IoT authentication

With the rapid expansion of IoT devices and their applications, there is an increasing demand for efficient and secure authentication mechanisms to protect against unauthorized access. Traditional authentication mechanisms face limitations regarding computational speed, communication costs, and vulnerability to cyber-attacks. Zero-knowledge proof (ZKP) protocols have emerged as an effective solution for achieving secure and efficient authentication in such environments without revealing sensitive information. Among ZKP protocols, Σ\\documentclass[12pt]{minimal} \\usepackage{amsmath} \\usepackage{wasysym} \\usepackage{amsfonts} \\usepackage{amssymb} \\usepackage{amsbsy} \\usepackage{mathrsfs} \\usepackage{upgreek} \\setlength{\\oddsidemargin}{-69pt} \\begin{document}$$\\Sigma $$\\end{document}-protocols, a class of interactive ZKP protocols, have been employed for their efficiency and security. However, their interactive nature necessitates multiple rounds of communication, which can reduce efficiency and increase communication overhead for resource-constrained devices. Many works have aimed to eliminate the interaction of Σ\\documentclass[12pt]{minimal} \\usepackage{amsmath} \\usepackage{wasysym} \\usepackage{amsfonts} \\usepackage{amssymb} \\usepackage{amsbsy} \\usepackage{mathrsfs} \\usepackage{upgreek} \\setlength{\\oddsidemargin}{-69pt} \\begin{document}$$\\Sigma $$\\end{document}-protocols by utilizing a transformation called the Fiat–Shamir transformation (FST). However, there is still a concern regarding the soundness of the FST as it can sometimes convert a secure Σ\\documentclass[12pt]{minimal} \\usepackage{amsmath} \\usepackage{wasysym} \\usepackage{amsfonts} \\usepackage{amssymb} \\usepackage{amsbsy} \\usepackage{mathrsfs} \\usepackage{upgreek} \\setlength{\\oddsidemargin}{-69pt} \\begin{document}$$\\Sigma $$\\end{document}-protocol into an insecure non-interactive zero-knowledge (NIZK) authentication scheme. In this paper, we propose an approach for transforming Σ\\documentclass[12pt]{minimal} \\usepackage{amsmath} \\usepackage{wasysym} \\usepackage{amsfonts} \\usepackage{amssymb} \\usepackage{amsbsy} \\usepackage{mathrsfs} \\usepackage{upgreek} \\setlength{\\oddsidemargin}{-69pt} \\begin{document}$$\\Sigma $$\\end{document}-protocols into a NIZK protocol based on the FST, yielding significant enhancements in efficiency, communication overhead reduction, and elimination of interaction. Our proposed protocol enables the completion of the authentication process in a single request while also strengthening the soundness of Σ\\documentclass[12pt]{minimal} \\usepackage{amsmath} \\usepackage{wasysym} \\usepackage{amsfonts} \\usepackage{amssymb} \\usepackage{amsbsy} \\usepackage{mathrsfs} \\usepackage{upgreek} \\setlength{\\oddsidemargin}{-69pt} \\begin{document}$$\\Sigma $$\\end{document}-protocols in comparison with the traditional FST by requiring two authentication factors instead of one. To demonstrate our approach’s robustness, we conducted comprehensive informal and formal security analyses (using the Tamarin-Prover). Our protocol demonstrated completeness, soundness, zero-knowledge properties, and robustness against attacks, including eavesdropping, message modification, replay, and brute force attacks. Additionally, our performance analysis displayed a remarkable 50% improvement in computational cost compared to traditional Σ\\documentclass[12pt]{minimal} \\usepackage{amsmath} \\usepackage{wasysym} \\usepackage{amsfonts} \\usepackage{amssymb} \\usepackage{amsbsy} \\usepackage{mathrsfs} \\usepackage{upgreek} \\setlength{\\oddsidemargin}{-69pt} \\begin{document}$$\\Sigma $$\\end{document}-protocols, underscoring its efficiency for practical use.

Robust Subgroup Multisignature with One-Time Public Keys in Order

Robust subgroup multisignature allows any subgroup of signers from a global set to sign a given message on behalf of the whole group, and the individual signatures should be verified before the combination process, which resists poison signature attacks. An emerging application of robust subgroup multisignatures in blockchain is that a qualified subgroup of a global set of users has reached agreement. In the integrated blockchain and edge computing system, the edge server can naturally act as a combiner in multisignatures and help other end devices produce the final aggregate signature. In this paper, we propose a robust subgroup multisignature with one-time public keys in order that has two advantages for solving the signers ordering problem and one-time public key problem simultaneously. Our scheme is a nontrivial extension of Galindo et al.’s robust subgroup multisignature scheme and can be proven unforgeable, robust and chronological in random oracles. Our scheme can also be suitable for the consortium blockchain by adding a noninteractive zero-knowledge (NIZK) proof system for certifying the one-time public keys.

Simulatable verifiable random function from the LWE assumption

A verifiable random function (VRF) is a pseudorandom function F that can be publicly verified. A simulatable VRF (sVRF) is an important variant of a VRF, which additionally provides simulatability. Informally, the simulatability of a VRF depicts the ability to simulate a valid proof π that y=F(sk,x) for any input x and any output value y. A (simulatable) VRF can be used in the E-Cash, E-Lottery, blockchain and constructing the multi-theorem non-interactive zero-knowledge (NIZK) proof. However, up to now, the existing constructions of an sVRF either rely on non-standard assumptions (e.g., the Q-type ones), or are built in the random oracle model, or resort to time-consuming techniques like the Cook-Levin reduction.In this paper, we design the first sVRF from the LWE assumption in the standard model (free of a random oracle) without using a Cook-Levin reduction. In our construction of an sVRF, we take as building blocks a pseudorandom function, a trapdoor fully homomorphic commitment (FHC) scheme, and a NIZK proof system for a language specified by FHC. Our trapdoor FHC is the key technical tool, which helps the simplification of the underlying NIZK language, thus making possible an instantiation of a NIZK proof from LWE without a Cook-Levin reduction. Together with an LWE-based PRF, we obtain an sVRF scheme from LWE.

Enhancing OAuth With Blockchain Technologies for Data Portability

To satisfy the requirement of data portability, current service providers (or resource servers) usually provide OAuth-based schemes for third party applications (or clients) to access user data with the users consent. To shoulder the costs of maintaining relationships with potential third party applications, a service provider may adopt delegate the task of authentication and authorization to an authorization server. However, current OAuth specification does not specify the interactions between an authorization server and a resource server. To address this limitation, this study proposes the MyDataChain framework to enhance the existing OAuth specification with blockchain technology. The proposed framework utilizes smart contracts to establish the standard interface to support the processes of authorization requesting, granting, and revocation. As blockchain technologies can ensure data integrity, the framework can use the data stored in the blockchain to resolve disputes among different parities. Moreover, as the proposed framework uses the Non-Interactive Zero-Knowledge (NIZK) scheme, the proposed framework can achieve its purpose without storing any personal identifiable or traceable data in the blockchain.

Trusted-auditing chain: A security blockchain prototype used in agriculture traceability

Traceability systems have changed the way food safety is managed and data is stored. Blockchain tracking services now provide customers with an infrastructure that allows them to easily access data online. However, there are limitations to these new capabilities, such as a lack of transparency and the existence of privacy and security challenges. Additionally, as the need for more agile, private, and traceability secure data solutions continues to grow exponentially, rethinking the current structure of blockchain agricultural traceability is mission-critical for a country. By leveraging and building upon blockchain's unique attributes, including tamper-evident, security hash crypto-data, and distributed ledger, we have proposed a prototype that allows traceability data to be reliably stored via blockchain while simultaneously being secured, with completeness auditing to enhance credibility. The result, the trusted auditing chain (TA chain), is a flexible solution that assures data security and solves challenges such as scalability and privacy-preserving. The TA chain works through Schnorr-style non-interactive Zero-knowledge proof to support security automatical choose privacy augmented. In addition, The TA chain can audit more than 1000 transactions within 1ms, and its error stabilizes below the 250 μs, which proves a security and fair traceability system to assure that data is distributed and reliably, and provably audited.

Zswap: zk-SNARK Based Non-Interactive Multi-Asset Swaps

Privacy-oriented cryptocurrencies, like Zcash or Monero, provide fair transaction anonymity and confidentiality, but lack important features compared to fully public systems, like Ethereum. Specifically, supporting assets of multiple types and providing a mechanism to atomically exchange them, which is critical for e.g. decentralized finance (DeFi), is challenging in the private setting. By combining insights and security properties from Zcash and SwapCT (PETS 21, an atomic swap system for Monero), we present a simple zk-SNARKs based transaction scheme, called Zswap, which is carefully malleable to allow the merging of transactions, while preserving anonymity. Our protocol enables multiple assets and atomic exchanges by making use of sparse homomorphic commitments with aggregated open randomness, together with Zcash friendly simulation-extractable non-interactive zero-knowledge (NIZK) proofs. This results in a provably secure privacypreserving transaction protocol, with efficient swaps, and overall performance close to that of existing deployed private cryptocurrencies. It is similar to Zcash Sapling and benefits from existing code-bases and implementation expertise.

Improvements on Non-Interactive Zero-Knowledge Proof Systems Related to Quadratic Residuosity Languages

Non-interactive zero-knowledge (NIZK) proof systems are very useful for statement verification without interaction in cryptography; they entail just one message, called the proof, that convinces the verifier of the truth of the statement without leaking any extra information. Many NIZK proof systems are related to quadratic residuosity languages and follow three main steps. First, the prover and the verifier sample a common reference string (CRS) in some particular form. Second, the prover proves that n is a Blum integer (BL,n=p1t1·p2t2, where p1 and p2 are different primes both congruent to 3 modulo 4, and t1 and t2 are odd). Third, various statements (e.g., NQRn,ORn,ANDn,T(k,t), and 3SAT) can be proven by the prover based on the properties of BL. In this study, we improve the NIZK proof system for n∈BL based on the special distribution of the square roots modulo n and embed this proof in the third step. Moreover, we show that the CRS can be sampled more efficiently using the improved process.

Multiverse of HawkNess: A Universally-Composable MPC-Based Hawk Variant

The evolution of smart contracts in recent years inspired a crucial question: do smart contract evaluation protocols provide the required level of privacy when executing contracts on the blockchain? The Hawk (IEEE S&P ’16) paper introduces a way to solve the problem of privacy in smart contracts by evaluating the contracts off-chain, albeit with the trust assumption of a manager. To avoid the partially trusted manager altogether, a novel approach named zkHawk (IEEE BRAINS ’21) explains how we can evaluate the contracts privately off-chain using a multi-party computation (MPC) protocol instead of trusting said manager. This paper dives deeper into the detailed construction of a variant of the zkHawk protocol titled V-zkHawk using formal proofs to construct the said protocol and model its security in the universal composability (UC) framework (FOCS ’01). The V-zkHawk protocol discussed here does not support immediate closure, i.e., all the parties (n) have to send a message to inform the blockchain that the contract has been executed with corruption allowed for up to t parties, where t<n. In the most quintessential sense, the V-zkHawk is a variant because the outcome of the protocol is similar (i.e., execution of smart contract via an MPC function evaluation) to zkHawk, but we modify key aspects of the protocol, essentially creating a small trade-off (removing immediate closure) to provide UC (stronger) security. The V-zkHawk protocol leverages joint Schnorr signature schemes, encryption schemes, Non-Interactive Zero-Knowledge Proofs (NIZKs), and commitment schemes with Common Reference String (CRS) assumptions, MPC function evaluations, and assumes the existence of asynchronous, authenticated broadcast channels. We achieve malicious security in a dishonest majority setting in the UC framework.

1-Round Distributed Key Generation With Efficient Reconstruction Using Decentralized CP-ABE

Distributed key generation (DKG) is widely used in multi-party computation and decentralized applications. DKG has two phases, namely sharing and reconstruction. Most of the prior DKG protocols need at least 2 rounds for the sharing phase, in case some party raises a dispute. The existing 1-round DKG protocol [Fouque <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> , PKC’01], built based on a publicly verifiable secret sharing (PVSS) scheme, assumes a static adversary model and its reconstruction phase requires <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$O(n^{2})$ </tex-math></inline-formula> communication complexity. Motivated by the observation that a ciphertext-policy attribute-based encryption (CP-ABE) scheme hides secret sharing (SS) in ciphertext, we utilize decentralized CP-ABE to achieve the first adaptively secure 1-round DKG protocol. Firstly, a CP-ABE scheme enables the ciphertexts in DKG to be externally decrypted, making our protocol superior to the PVSS-based DKG protocol in reconstruction. The communication and computation complexities are both lowered to <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$O(n)$ </tex-math></inline-formula> thanks to the constant-sized decryption key and the proposed batch decryption. The use of CP-ABE also makes our DKG protocol storage-friendly, i.e., the parties store no ciphertext after the sharing phase. Secondly, we add non-interactive zero-knowledge (NIZK) proofs to make the CP-ABE ciphertext publicly verifiable by leveraging the sigma protocol and the Fiat-Shamir heuristic. Thirdly, we demonstrate our protocol’s feasibility by presenting a proof-of-concept implementation over Ethereum, which is used as a public channel and a trustworthy computation platform. The implementation is a non-trivial task due to Ethereum’s incompatibility with the bilinear mapping group.

Linkable Ring Signature Scheme Using Biometric Cryptosystem and NIZK and Its Application

Biometric encryption, especially based on fingerprint, plays an important role in privacy protection and identity authentication. In this paper, we construct a privacy-preserving linkable ring signature scheme. In our scheme, we utilize a fuzzy symmetric encryption scheme called symmetric keyring encryption (SKE) to hide the secret key and use non-interactive zero-knowledge (NIZK) protocol to ensure that we do not leak any information about the message. Unlike the blind signature, we use NIZK protocol to cancel the interaction between the signer (the prover) and the verifier. The security proof shows that our scheme is secure under the random oracle model. Finally, we implement it on a personal computer and analyze the performance of the constructed scheme in practical terms. Based on the constructed scheme and demo, we give an anonymous cryptocurrency transaction model as well as mobile demonstration.

A Multi-Microgrid Thermal Game Model Based on Quantum Blockchain

The electricity transactions of microgrids face several problems: the high platform management cost, the low security, and the untimely consumption of scattered electricity. To solve these problems, this paper presents a multi-microgrid thermal game model based on quantum blockchain. Specifically, a dynamic model was established for the noncooperative game between aggregators, microgrids, and large users to maximize the benefit of each party, and to realize the timely consumption of scattered electricity. Next, a transaction platform was constructed based on the two-round password based authenticated key exchange (PAKE) protocol, which eliminates non-interactive zero-knowledge (NIZK), aiming to substantially enhance the post-quantum security of transactions. Then, the quantum signature using two-particle entangled Bell states was adopted to safeguard the quantum communication of electricity transactions, and authenticate the nodes. Example analysis shows that our model can realize the timely consumption of scattered electricity and thermal energy, improve the security of transaction data and users, and achieve Pareto optimality. The research provides theoretical support and decision-making basis for electricity transactions in the post-quantum age.

A Self-Tallying Electronic Voting Based on Blockchain

Abstract Electronic voting (e-voting) has been studied for many years. Recently, researchers find that blockchain can provide an alternative secure platform for e-voting systems, because of its properties of tamper resistance and transparency. However, existing blockchain-based schemes either require central authorities to tally ballots or can only handle a limited number of voters. This paper tries to propose a self-tallying e-voting system, i.e. the public can verify the validity of all ballots and tally the ballots without a centralized authority. To achieve this goal, we solve two challenges, namely how to cancel out all random numbers used for ballots and to prove the validity of ballots using a non-interactive zero knowledge proof. Our scheme is proved to be secure and shown to be practical by experiments.

Privacy preserving authentication system based on non-interactive zero knowledge proof suitable for Internet of Things

Privacy preserving authentication system based on non-interactive zero knowledge proof suitable for Internet of Things

An efficient anonymous authentication and key agreement scheme with privacy-preserving for smart cities

Internet of Things devices are responsible for collecting and transmitting data in smart cities, assisting smart cities to release greater potential. As Internet of Things devices are increasingly connected to smart cities, security and privacy have gradually become important issues. Recently, research works on mitigating security challenges of Internet of Things devices in smart cities mainly focused on authentication. However, in most of the existing authentication protocols, the trustworthiness evaluation of Internet of Things devices in smart cities is ignored. Considering the trustworthiness evaluation of Internet of Things devices is an important constituent of data source authentication, in this article, a cloud-aided trustworthiness evaluation mechanism is first designed to improve the credibility of the Internet of Things devices in smart cities. Furthermore, aiming at the problem that the user’s privacy is easy to leak in the process of authentication, an anonymous authentication and key agreement scheme based on non-interactive zero knowledge argument is proposed. The proposed scheme can ensure the privacy preservation and data security of Internet of Things devices in smart cities. The security analysis demonstrates that the proposed scheme is secure under q-SDH problem. The experimental simulation indicates that the performance of the proposal is greatly improved compared with other similar schemes.

A new construction of leakage-resilient CCA secure IBE scheme

Leakage of private information has become a threat to the security of cryptography systems. It has become a common security requirement that a cryptography scheme should withstand various leakage attacks. The non-interactive zero-knowledge (NIZK) argument system, one-time lossy filter (OT-LF) and one-time signature were widely used to create the generic constructions of leakage-resilient identity-based encryption (IBE) scheme with chosen-ciphertext attack (CCA) security. However, the computational efficiency of the corresponding generic construction is low because the underlying cryptographic tool is low. Thus, to solve the above problem, a new cryptographic primitive, called identity-based hash proof system with two encapsulated-key (T-IB-HPS), is proposed. The new generic constructions of leakage resilient IBE scheme with CCA security is created from the T-IB-HPS and message authentication code (MAC), and the security of the above proposed scheme is proved from the security of the underlying cryptographic tool. To further show the practicability, an instantiation of T-IB-HPS is constructed, and the formal security proof of the above instantiation is shown based on the decisional bilinear Diffie-Hellman (DBDH) assumption. Compared with the previous generic constructions of leakage resilient IBE scheme with CCA security, since the underlying cryptographic tools with low computational efficiency are not used, our generic construction has high computational efficiency.

A secure end-to-end verifiable e-voting system using blockchain and cloud server

We propose a cryptographic technique for an authenticated, end-to-end verifiable and secret ballot election. Currently, almost all verifiable e-voting systems require trusted authorities to perform the tallying process except for the DRE-i and DRE-ip systems. We have shown a weakness of the DRE-ip system and proposed a solution. We propose a secure and verifiable voter registration and authentication mechanism. The proposed scheme prevents ballot stuffing attack. We have modified the DRE-ip system so that no adversary can create and post a valid ballot on the public bulletin board without detection. We propose a method for publishing the final tally without revealing the tally from individual Direct-Recording Electronic (DRE) machines using secure multi-party computation and non-interactive zero-knowledge (NIZK) proof. We propose two methods to store these ballots using blockchain and cloud server. To the best of our knowledge, it is the first end-to-end verifiable DRE based e-voting system using blockchain. We provide security proofs to prove the security properties of the proposed scheme. We prove that the efficient NIZK proof proposed by Lin et al. in APSIPA ASC 2019 is not correct since it does not satisfy the witness indistinguishability property of a zero-knowledge proof. We introduce an improved NIZK proof that boosts the efficiency of the system. The experimental data obtained from our tests show the protocol’s potential for real-world deployment.

Revisiting NIZK-Based Technique for Chosen-Ciphertext Security: Security Analysis and Corrected Proofs

Non-interactive zero-knowledge (NIZK) proofs for chosen-ciphertext security are generally considered to give an impractical construction. An interesting recent work by Seo, Abdalla, Lee, and Park (Information Sciences, July 2019) proposed an efficient semi-generic conversion method for achieving chosen-ciphertext security based on NIZK proofs in the random oracle model. The recent work by Seo et al. demonstrated that the semi-generic conversion method transforms a one-way (OW)-secure key encapsulation mechanism (KEM) into a chosen-ciphertext secure KEM while preserving tight security reduction. This paper shows that the security analysis of the semi-generic conversion method has a flaw, which comes from the OW security condition of the underlying KEM. Without changing the conversion method, this paper presents a revised security proof under the changed conditions that (1) the underlying KEM must be chosen-plaintext secure in terms of indistinguishability and (2) an NIZK proof derived from the underlying KEM via the Fiat–Shamir transform must have the properties of zero-knowledge and simulation soundness. This work extended the security proof strategy to the case of identity-based KEM (IBKEM) and also revise the security proof for IBKEM of previous method by Seo et al. Finally, this work gives a corrected security proof by applying the new proofs to several existing (IB)KEMs.

CEEP-FL: A comprehensive approach for communication efficiency and enhanced privacy in federated learning

Federated Learning (FL) is an emerging technique for collaboratively training machine learning models on distributed data under privacy constraints. However, recent studies have shown that FL significantly consumes plenty of communication resources during the global model update. In addition, participants’ private data can also be compromised by exploiting the shared parameters when uploading the local gradient updates to the central cloud server, which hinders FL to be implemented widely. To address these challenges, in this paper, we propose a novel comprehensive FL approach, namely, Communication Efficient and Enhanced Privacy (CEEP-FL). In particular, the proposed approach simultaneously aims to; (1) minimize the communication cost, (2) protect data from being compromised, and (3) maximize the global learning accuracy. To minimize the communication cost, we first apply a novel filtering mechanism on each local gradient update and upload only the important gradients. Then, we apply Non-Interactive Zero-Knowledge Proofs based Homomorphic-Cryptosystem (NIZKP-HC) in order to protect those local gradient updates while maintaining robustness in the network. Finally, we use Distributed Selective Stochastic Gradient Descent (DSSGD) optimization to minimize the computational cost and maximize the global learning accuracy. The experimental results on commonly used FL datasets demonstrate that CEEP-FL distinctively outperforms the existing approaches.