Abstract
A witness map deterministically maps a witness w of some NP statement x into computationally sound proof that x is true, with respect to a public common reference string (CRS). In other words, it is a deterministic, non-interactive, computationally sound proof system in the CRS model. A unique witness map (UWM) ensures that for any fixed statement x, the witness map should output the same unique proof for x, no matter what witness w it is applied to. More generally a compact witness map (CWM) can only output one of at most \(2^\alpha \) proofs for any given statement x, where \(\alpha \) is some compactness parameter. Such compact/unique witness maps were proposed recently by Chakraborty, Prabhakaran and Wichs (PKC ’20) as a tool for building tamper-resilient signatures, who showed how to construct UWMs from indistinguishability obfuscation (iO). In this work, we study CWMs and UWMs as primitives of independent interest and present a number of interesting connections to various notions in cryptography.
-
First, we show that UWMs lie somewhere between witness PRFs (Zhandry; TCC ’16) and iO – they imply the former and are implied by the latter. In particular, we show that a relaxation of UWMs to the “designated verifier (dv-UWM)” setting is equivalent to witness PRFs. Moreover, we consider two flavors of such dv-UWMs, which correspond to two flavors of witness PRFs previously considered in the literature, and show that they are all in fact equivalent to each other in terms of feasibility.
-
Next, we consider CWMs that are extremely compact, with \(\alpha = O(\log \kappa )\), where \(\kappa \) is the security parameter. We show that such CWMs imply pseudo-UWMs where the witness map is allowed to be pseudo-deterministic – i.e., for every true statement x, there is a unique proof such that, on any witness w, the witness map outputs this proof with \(1-1/p(\lambda )\) probability, for a polynomial p that we can set arbitrarily large.
-
Lastly, we consider CWMs that are mildly compact, with \(\alpha = p(\lambda )\) for some a-priori fixed polynomial p, independent of the length of the statement x or witness w. Such CWMs are implied by succinct non-interactive arguments (SNARGs). We show that such CWMs imply NIZKs, and therefore lie somewhere between NIZKs and SNARGs.
S. Chakraborty—Work done while the author was at ETH Zurich.
M. Prabhakaran—Supported by the IITB Trust Lab.
D. Wichs—Research supported by NSF grant CNS-1750795, CNS-2055510, the Alfred P. Sloan Research Fellowship.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Informally, a \(\lambda \)-BLR-wPRF \(F_K(\cdot )\) guarantees pseudorandomness of the output of the PRF when evaluated on uniformly random inputs, even when the adversary can leak up to \(\lambda \) bits on K. [9] showed how to construct such BLR-wPRF from any OWF.
- 2.
Informally, a \(\lambda \)-entropic leakage-resilient PRF \(F_K(\cdot )\) guarantees pseudorandomness of the output of the PRF when evaluated on uniformly random inputs, even when the adversary can get \(\lambda \)-entropic leakage on K. Roughly this means that the PRF key K still has \(k - \lambda \) bits of average min-entropy, even conditioned on the leakage from K. [9] showed how to construct such entropic LR-wPRF from any OWF.
- 3.
Note that, the language \(L_R:= \{ x \mid \exists w, (x,w)\in R \}\).
References
Beigel, R.: On the relativized power of additional accepting paths. In: Proceedings: Fourth Annual Structure in Complexity Theory Conference, University of Oregon, Eugene, Oregon, USA, 19–22 June 1989, pp. 216–224. IEEE Computer Society (1989)
Beigel, R., Buhrman, H., Fortnow, L.: NP might not be as easy as detecting unique solutions. In: Scott Vitter, J. (ed.) Proceedings of the Thirtieth Annual ACM Symposium on the Theory of Computing, Dallas, Texas, USA, 23–26 May 1998, pp. 203–208. ACM (1998)
Boyle, E., Segev, G., Wichs, D.: Fully leakage-resilient signatures. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 89–108. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20465-4_7
Chakraborty, S., Prabhakaran, M., Wichs, D.: Witness maps and applications. In: Kiayias, A., Kohlweiss, M., Wallden, P., Zikas, V. (eds.) PKC 2020. Part I, volume 12110 of LNCS, pp. 220–246. Springer, Heidelberg (2020). https://doi.org/10.1007/978-3-030-45374-9_8
Dodis, Y., Haralambiev, K., López-Alt, A., Wichs, D.: Cryptography against continuous memory attacks. In: 51st FOCS, pp. 511–520. IEEE Computer Society Press (2010)
Gat, E., Goldwasser, S.: Probabilistic search algorithms with unique answers and their cryptographic applications. Electron. Colloquium Comput. Complex TR11, 136 (2011)
Goldreich, O., Levin, L.A.: A hard-core predicate for all one-way functions. In: 21st ACM STOC, pp. 25–32. ACM Press (1989)
Goldwasser, S., Grossman, O., Holden, D.: Pseudo-deterministic proofs. In: Karlin, A.R. (ed.) ITCS 2018, volume 94 of LIPIcs, pp. 1–18. Schloss Dagstuhl - Leibniz-Zentrum für Informatik (2018)
Hazay, C., López-Alt, A., Wee, H., Wichs, D.: Leakage-resilient cryptography from minimal assumptions. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 160–176. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_10
Kitagawa, F., Matsuda, T., Yamakawa, T.: NIZK from SNARG. In: Pass, R., Pietrzak, K. (eds.) TCC 2020. Part I, volume 12550 of LNCS, pp. 567–595. Springer, Heidelberg (2020). https://doi.org/10.1007/978-3-030-64375-1_20
Lin, H., Pass, R., Seth, K., Telang, S.: Indistinguishability obfuscation with non-trivial efficiency. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016. Part II, volume 9615 of LNCS, pp. 447–462. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49387-8_17
Liu, Y., Pass, R.: On one-way functions and Kolmogorov complexity. In: 61st FOCS, pp. 1243–1254. IEEE Computer Society Press (2020)
Rackoff, C.: Relativized questions involving probabilistic algorithms. J. ACM 29(1), 261–268 (1982)
Sahai, A., Waters, B.: How to use indistinguishability obfuscation: deniable encryption, and more. In: Shmoys, D.B. (ed.) 46th ACM STOC, pp. 475–484. ACM Press (2014)
Valiant, L.G.: Relative complexity of checking and evaluating. Inf. Process. Lett. 5(1), 20–23 (1976)
Valiant, L.G., Vazirani, V.V.: NP is as easy as detecting unique solutions. Theor. Comput. Sci. 47(3), 85–93 (1986)
Zhandry, M.: How to avoid obfuscation using witness PRFs. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016-A. Part II, volume 9563 of LNCS, pp. 421–448. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49099-0_16
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 International Association for Cryptologic Research
About this paper
Cite this paper
Chakraborty, S., Prabhakaran, M., Wichs, D. (2023). A Map of Witness Maps: New Definitions and Connections. In: Boldyreva, A., Kolesnikov, V. (eds) Public-Key Cryptography – PKC 2023. PKC 2023. Lecture Notes in Computer Science, vol 13941. Springer, Cham. https://doi.org/10.1007/978-3-031-31371-4_22
Download citation
DOI: https://doi.org/10.1007/978-3-031-31371-4_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-31370-7
Online ISBN: 978-3-031-31371-4
eBook Packages: Computer ScienceComputer Science (R0)