Security Properties. WKA is closely related to Non-Interactive Zero- Knowledge (NIZK) Proof System. The key difference is the outcome of NIZK is only a binary verification result while WKA’s outcome is a key upon suc- cess. Hence the security properties of WKA are also very similar to those of NIZK. Furthermore, we require WKA to be secure against MITM attack. (See 1. Security of witness key agreement scheme Appendix B of [34] for a trivial WKA generic construction that is insecure under MITM attack.) WKA Construction Roadmap. We base our WKA construction on the effi- cient construction of zk-SNARK from Non-Interactive Linear Proof (NILP) [24] for Quadratic Arithmetic Programs (QAP) [19] given by ▇▇▇▇▇ [24] and we uti- lize Linear-Only Encryption (LE) [6] to compile such NILP to a WKA scheme. Linear Interactive Proofs (LIP) [6] is an extension of interactive proofs [23] in which each prover’s message is an affine combination of the previous messages sent by the verifier. ▇▇▇▇▇ renamed the input-oblivious two-message LIPs into NILP [24] to clar- ify the connection between LIP and NIZK. ▇▇▇▇ considers only adversaries using affine prover strategies, i.e. a strategy which can be described by a tuple (Π, π0) where Π Fk×y represents a linear function and π0 Fk represents an affine shift. Then, on input a query vector σ Fy , the response vector π Fk is constructed by evaluating the affine relation π = Πσ + π0.
Appears in 2 contracts
Sources: Research Publication, Not Applicable