## ACE Seminar: Fully Homomorphic NIZK Proofs

**Speaker:** Apoorvaa Deshpande

**Date/Time:** 30-Aug-2018, 16:00 UTC

**Venue:** Robert 4.21

### Details

## Abstract

In this work, we define the notion of a fully homomorphic non-interactive zero knowledge (NIZK) proof system, and construct such a proof system based on different assumptions. More concretely, we focus on the NP complete language L, where a pair (C, b) ? L if and only if C is a boolean circuit and there exists an input w such that C(w) = b. For this language, we build a fully homomorphic NIZK proof system such that given instances (Ci,bi) ? L along with their NIZK proofs ?i, for i ? {1,...,k}, and given any circuit D : {0,1}k ? {0,1}, one can efficiently compute a NIZK proof for (C,b) ? L, where C(w(1),...,w(k)) = D(C1(w(1)),...,Ck(w(k))) and D(b1,...,bk) = b. The new security property is unlinkability: the resulting proof ? is indistinguishable from a fresh proof of the same statement. Further, we consider the “commit-and-compute” setting. Here, we are given a set of commitments and corresponding proofs that committed values on input to circuits C1 , . . . , Ck result in outputs b1 , . . . , bk. An FH-NIZK proof system in the “commit-and-compute" setting allows us to compute proof of statements that can be inferred from the statements that have already been proven about the committed values. Joint work with: Prabhanjan Ananth, Yael Kalai and Anna Lysyanskaya. (This talk will assume some background in cryptography)