Perfect NIZK with Adaptive Soundness

The notion of non-interactive zero-knowledge (NIZK) is of fundamental importance in cryptography. Despite the vast attention the concept of NIZK has attracted since its introduction, one question has remained very resistant: Is it possible to construct NIZK schemes for any NP-language with statistical or even perfect ZK? Groth, Ostrovsky and Sahai recently positively answers to the question by presenting a couple of elegant constructions. However, their schemes pose a limitation on the length of the proof statement to achieve adaptive soundness against dishonest provers who may choose the target statement depending on the common reference string (CRS). In this work, we first present a very simple and efficient adaptively-sound perfect NIZK argument system for any NP-language. Besides being the first adaptively-sound statistical NIZK argument for all NP that does not pose any restriction on the statements to be proven, it enjoys a number of additional desirable properties: it allows to re-use the CRS, it can handle arithmetic circuits, and the CRS can be set-up very efficiently without the need for an honest party. We then show an application of our techniques in constructing efficient NIZK schemes for proving arithmetic relations among committed secrets, whereas previous methods required expensive generic NP-reductions. The security of the proposed schemes is based on a strong non-standard assumption, an extended version of the so-called Knowledge-of-Exponent Assumption (KEA) over bilinear groups. We give some justification for using such an assumption by showing that the commonly-used approach for proving NIZK arguments sound does not allow for adaptivelysound statistical NIZK arguments (unless NP ⊂ P/poly). Furthermore, we show that the assumption used in our construction holds with respect to generic adversaries that do not exploit the specific representation of the group elements. We also discuss how to avoid the non-standard assumption in a pre-processing model.