On the size of pairing-based non-interactive arguments
J Groth - Advances in Cryptology–EUROCRYPT 2016: 35th …, 2016 - Springer
Non-interactive arguments enable a prover to convince a verifier that a statement is true.
Recently there has been a lot of progress both in theory and practice on constructing highly …
Recently there has been a lot of progress both in theory and practice on constructing highly …
Quadratic span programs and succinct NIZKs without PCPs
We introduce a new characterization of the NP complexity class, called Quadratic Span
Programs (QSPs), which is a natural extension of span programs defined by Karchmer and …
Programs (QSPs), which is a natural extension of span programs defined by Karchmer and …
Snarky signatures: Minimal signatures of knowledge from simulation-extractable SNARKs
We construct a pairing based simulation-extractable SNARK (SE-SNARK) that consists of
only 3 group elements and has highly efficient verification. By formally linking SE-SNARKs to …
only 3 group elements and has highly efficient verification. By formally linking SE-SNARKs to …
Updatable and universal common reference strings with applications to zk-SNARKs
By design, existing (pre-processing) zk-SNARKs embed a secret trapdoor in a relation-
dependent common reference strings (CRS). The trapdoor is exploited by a (hypothetical) …
dependent common reference strings (CRS). The trapdoor is exploited by a (hypothetical) …
An algebraic framework for Diffie–Hellman assumptions
We put forward a new algebraic framework to generalize and analyze Diffie–Hellman like
decisional assumptions which allows us to argue about security and applications by …
decisional assumptions which allows us to argue about security and applications by …
Efficient non-interactive proof systems for bilinear groups
Non-interactive zero-knowledge proofs and non-interactive witness-indistinguishable proofs
have played a significant role in the theory of cryptography. However, lack of efficiency has …
have played a significant role in the theory of cryptography. However, lack of efficiency has …
Zero-knowledge using garbled circuits: how to prove non-algebraic statements efficiently
M Jawurek, F Kerschbaum, C Orlandi - Proceedings of the 2013 ACM …, 2013 - dl.acm.org
Zero-knowledge protocols are one of the fundamental concepts in modern cryptography and
have countless applications. However, after more than 30 years from their introduction, there …
have countless applications. However, after more than 30 years from their introduction, there …
Fully anonymous group signatures without random oracles
J Groth - Advances in Cryptology–ASIACRYPT 2007: 13th …, 2007 - Springer
We construct a new group signature scheme using bilinear groups. The group signature
scheme is practical, both keys and group signatures consist of a constant number of group …
scheme is practical, both keys and group signatures consist of a constant number of group …
Tightly secure signatures and public-key encryption
D Hofheinz, T Jager - Designs, Codes and Cryptography, 2016 - Springer
We construct the first public-key encryption (PKE) scheme whose chosen-ciphertext (ie, IND-
CCA) security can be proved under a standard assumption and does not degrade in either …
CCA) security can be proved under a standard assumption and does not degrade in either …
P-signatures and noninteractive anonymous credentials
M Belenkiy, M Chase, M Kohlweiss… - Theory of Cryptography …, 2008 - Springer
In this paper, we introduce P-signatures. A P-signature scheme consists of a signature
scheme, a commitment scheme, and (1) an interactive protocol for obtaining a signature on …
scheme, a commitment scheme, and (1) an interactive protocol for obtaining a signature on …