NIZKNon Interactive Zero Knowledge
NIZKNon-Interactive Zero Knowledge
References in periodicals archive ?
[15] Yehuda Lindell, "An Efficient Transform from Sigma Protocols to NIZK with a CRS and Non-Programmable Random Oracle," TCC 2015: Theory of Cryptography, pp.
[16] Ciampi M., Persiano G., Siniscalchi L., Visconti I, "A Transform for NIZK Almost as Efficient and General as the Fiat-Shamir Transform Without Programmable Random Oracles," Theory of Cryptography.
The Groth-Sahai proofs [13] are the only practical NIZK. To obtain efficient KDM-CCA secure PKE, we have to employ an efficient PKE scheme with KDM-CPA security and the Groth-Sahai proofs if we follow the CCS approach [11].
However, the only efficient KDM[[F.sup.d.sub.poly]]-CPA secure PKE [10] is incompatible with the Groth-Sahai NIZK proofs [13]; thus the CCS approach must adopt a general inefficient NIZK.
In addition, since there are two constructions are presented in [9], the more efficient construction based on Waters signature is used to measure the signature size, and the underlying Groth-Sahai NIZK system is instantiated under DLIN Assumption.
(b) The NIZK argument system constructed by Groth et al.
Once a string "FALSE- 1" is output, TPA can issue a NIZK proof [[pi].sub.2] to show the incorrectness of the data storage.
In the subset protocol of [30], Sang utilized a nonmalleable NonInteractive Zero-Knowledge (NIZK) argument, which is based on the Boneh-Goh-Nissim (BGN) cryptosystem to protect it against malicious attacks.