A framework for practical universally composable zero-knowledge protocols

Jan Camenisch, Stephan Krenn, Victor Shoup

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Zero-knowledge proofs of knowledge (ZK-PoK) for discrete logarithms and related problems are indispensable for practical cryptographic protocols. Recently, Camenisch, Kiayias, and Yung provided a specification language (the CKY-language) for such protocols which allows for a modular design and protocol analysis: for every zero-knowledge proof specified in this language, protocol designers are ensured that there exists an efficient protocol which indeed proves the specified statement. However, the protocols resulting from their compilation techniques only satisfy the classical notion of ZK-PoK, which is not retained are when they used as building blocks for higher-level applications or composed with other protocols. This problem can be tackled by moving to the Universal Composability (UC) framework, which guarantees retention of security when composing protocols in arbitrary ways. While there exist generic transformations from ∑-protocols to UC-secure protocols, these transformation are often too inefficient for practice. In this paper we introduce a specification language akin to the CKY-language and a compiler such that the resulting protocols are UC-secure and efficient. To this end, we propose an extension of the UC-framework addressing the issue that UC-secure zero-knowledge proofs are by definition proofs of knowledge, and state a special composition theorem which allows one to use the weaker - but more efficient and often sufficient - notion of proofs of membership in the UC-framework. We believe that our contributions enable the design of practically efficient protocols that are UC-secure and thus themselves can be used as building blocks.

Original languageEnglish (US)
Title of host publicationAdvances in Cryptology, ASIACRYPT 2011 - 17th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings
Pages449-467
Number of pages19
Volume7073 LNCS
DOIs
StatePublished - 2011
Event17th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2011 - Seoul, Korea, Republic of
Duration: Dec 4 2011Dec 8 2011

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7073 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other17th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2011
CountryKorea, Republic of
CitySeoul
Period12/4/1112/8/11

Fingerprint

Zero-knowledge
Universal Composability
Network protocols
Zero-knowledge Proof
Specification Languages
Specification languages
Building Blocks
Framework
Modular Design
Discrete Logarithm
Cryptographic Protocols
Compilation
Compiler
Sufficient

Keywords

  • Protocol Design
  • UC-Framework
  • Zero-Knowledge Proof

ASJC Scopus subject areas

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Camenisch, J., Krenn, S., & Shoup, V. (2011). A framework for practical universally composable zero-knowledge protocols. In Advances in Cryptology, ASIACRYPT 2011 - 17th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings (Vol. 7073 LNCS, pp. 449-467). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7073 LNCS). https://doi.org/10.1007/978-3-642-25385-0_24

A framework for practical universally composable zero-knowledge protocols. / Camenisch, Jan; Krenn, Stephan; Shoup, Victor.

Advances in Cryptology, ASIACRYPT 2011 - 17th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings. Vol. 7073 LNCS 2011. p. 449-467 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7073 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Camenisch, J, Krenn, S & Shoup, V 2011, A framework for practical universally composable zero-knowledge protocols. in Advances in Cryptology, ASIACRYPT 2011 - 17th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings. vol. 7073 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 7073 LNCS, pp. 449-467, 17th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2011, Seoul, Korea, Republic of, 12/4/11. https://doi.org/10.1007/978-3-642-25385-0_24
Camenisch J, Krenn S, Shoup V. A framework for practical universally composable zero-knowledge protocols. In Advances in Cryptology, ASIACRYPT 2011 - 17th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings. Vol. 7073 LNCS. 2011. p. 449-467. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-642-25385-0_24
Camenisch, Jan ; Krenn, Stephan ; Shoup, Victor. / A framework for practical universally composable zero-knowledge protocols. Advances in Cryptology, ASIACRYPT 2011 - 17th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings. Vol. 7073 LNCS 2011. pp. 449-467 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{f9cf8bd9b7904886ae46ee78afc772e4,
title = "A framework for practical universally composable zero-knowledge protocols",
abstract = "Zero-knowledge proofs of knowledge (ZK-PoK) for discrete logarithms and related problems are indispensable for practical cryptographic protocols. Recently, Camenisch, Kiayias, and Yung provided a specification language (the CKY-language) for such protocols which allows for a modular design and protocol analysis: for every zero-knowledge proof specified in this language, protocol designers are ensured that there exists an efficient protocol which indeed proves the specified statement. However, the protocols resulting from their compilation techniques only satisfy the classical notion of ZK-PoK, which is not retained are when they used as building blocks for higher-level applications or composed with other protocols. This problem can be tackled by moving to the Universal Composability (UC) framework, which guarantees retention of security when composing protocols in arbitrary ways. While there exist generic transformations from ∑-protocols to UC-secure protocols, these transformation are often too inefficient for practice. In this paper we introduce a specification language akin to the CKY-language and a compiler such that the resulting protocols are UC-secure and efficient. To this end, we propose an extension of the UC-framework addressing the issue that UC-secure zero-knowledge proofs are by definition proofs of knowledge, and state a special composition theorem which allows one to use the weaker - but more efficient and often sufficient - notion of proofs of membership in the UC-framework. We believe that our contributions enable the design of practically efficient protocols that are UC-secure and thus themselves can be used as building blocks.",
keywords = "Protocol Design, UC-Framework, Zero-Knowledge Proof",
author = "Jan Camenisch and Stephan Krenn and Victor Shoup",
year = "2011",
doi = "10.1007/978-3-642-25385-0_24",
language = "English (US)",
isbn = "9783642253843",
volume = "7073 LNCS",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "449--467",
booktitle = "Advances in Cryptology, ASIACRYPT 2011 - 17th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings",

}

TY - GEN

T1 - A framework for practical universally composable zero-knowledge protocols

AU - Camenisch, Jan

AU - Krenn, Stephan

AU - Shoup, Victor

PY - 2011

Y1 - 2011

N2 - Zero-knowledge proofs of knowledge (ZK-PoK) for discrete logarithms and related problems are indispensable for practical cryptographic protocols. Recently, Camenisch, Kiayias, and Yung provided a specification language (the CKY-language) for such protocols which allows for a modular design and protocol analysis: for every zero-knowledge proof specified in this language, protocol designers are ensured that there exists an efficient protocol which indeed proves the specified statement. However, the protocols resulting from their compilation techniques only satisfy the classical notion of ZK-PoK, which is not retained are when they used as building blocks for higher-level applications or composed with other protocols. This problem can be tackled by moving to the Universal Composability (UC) framework, which guarantees retention of security when composing protocols in arbitrary ways. While there exist generic transformations from ∑-protocols to UC-secure protocols, these transformation are often too inefficient for practice. In this paper we introduce a specification language akin to the CKY-language and a compiler such that the resulting protocols are UC-secure and efficient. To this end, we propose an extension of the UC-framework addressing the issue that UC-secure zero-knowledge proofs are by definition proofs of knowledge, and state a special composition theorem which allows one to use the weaker - but more efficient and often sufficient - notion of proofs of membership in the UC-framework. We believe that our contributions enable the design of practically efficient protocols that are UC-secure and thus themselves can be used as building blocks.

AB - Zero-knowledge proofs of knowledge (ZK-PoK) for discrete logarithms and related problems are indispensable for practical cryptographic protocols. Recently, Camenisch, Kiayias, and Yung provided a specification language (the CKY-language) for such protocols which allows for a modular design and protocol analysis: for every zero-knowledge proof specified in this language, protocol designers are ensured that there exists an efficient protocol which indeed proves the specified statement. However, the protocols resulting from their compilation techniques only satisfy the classical notion of ZK-PoK, which is not retained are when they used as building blocks for higher-level applications or composed with other protocols. This problem can be tackled by moving to the Universal Composability (UC) framework, which guarantees retention of security when composing protocols in arbitrary ways. While there exist generic transformations from ∑-protocols to UC-secure protocols, these transformation are often too inefficient for practice. In this paper we introduce a specification language akin to the CKY-language and a compiler such that the resulting protocols are UC-secure and efficient. To this end, we propose an extension of the UC-framework addressing the issue that UC-secure zero-knowledge proofs are by definition proofs of knowledge, and state a special composition theorem which allows one to use the weaker - but more efficient and often sufficient - notion of proofs of membership in the UC-framework. We believe that our contributions enable the design of practically efficient protocols that are UC-secure and thus themselves can be used as building blocks.

KW - Protocol Design

KW - UC-Framework

KW - Zero-Knowledge Proof

UR - http://www.scopus.com/inward/record.url?scp=82955184601&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=82955184601&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-25385-0_24

DO - 10.1007/978-3-642-25385-0_24

M3 - Conference contribution

SN - 9783642253843

VL - 7073 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 449

EP - 467

BT - Advances in Cryptology, ASIACRYPT 2011 - 17th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings

ER -