Efficient Non-interactive Proof Systems for Bilinear Groups

Noninteractive zero-knowledge proofs and noninteractive witness-indistinguishable proofs have played a significant role in the theory of cryptography. However, lack of efficiency has prevented them from being used in practice. One of the roots of this inefficiency is that noninteractive zero-knowledge proofs have been constructed for general NP-complete languages such as Circuit Satisfiability, causing an expensive blowup in the size of the statement when reducing it to a circuit. The contribution of this paper is a general methodology for constructing very simple and efficient noninteractive zero-knowledge proofs and noninteractive witness-indistinguishable proofs that work directly for a wide class of languages that are relevant in practice (namely, ones involving the satisfiability of equations over bilinear groups), without needing a reduction to Circuit Satisfiability. Groups with bilinear maps have enjoyed tremendous success in the field of cryptography in recent years and have been used to construct a plethora of protocols. This paper provides noninteractive witness-indistinguishable proofs and noninteractive zero-knowledge proofs that can be used in connection with these protocols. Our goal is to spread the use of noninteractive cryptographic proofs from mainly theoretical purposes to the large class of practical cryptographic protocols based on bilinear groups.