A Computationally Sound, Symbolic Abstraction for Malleable Zero-knowledge Proofs

Zero-knowledge (ZK) proofs have become a central building block for a variety of modern security protocols. Modern ZK constructions, such as the Groth-Sahai proof system, offer novel types of cryptographic flexibility: a participant is able to re-randomize existing ZK proofs, e.g., to achieve unlinkability in anonymity protocols; she can hide public parts of a ZK proof statement to meet her privacy requirements; and she can logically compose ZK proofs in order to construct new proof statements. ZK proof systems that permit these transformations are called malleable. However, since these transformations are accessible to an adversary as well, analyzing the security of these protocols requires one to cope with a much more comprehensive adversary – a challenge that automated protocol analysis thus far has not been capable of dealing with. In this work, we present a computationally sound, symbolic abstraction of malleable ZK proofs that is accessible to existing tools for automated verification of security protocols. In particular, we develop an equational theory that captures the semantics of malleable ZK proofs. We prove the computational soundness of our abstraction with respect to trace