Fully Homomorphic NIZK and NIWI Proofs.

In this work, we define and construct fully homomorphic non-interactive zero knowledge (FH-NIZK) and non-interactive witness-indistinguishable (FH-NIWI) proof systems. We focus on the NP complete language L, where, for a boolean circuit C and a bit b, the pair (C, b) is an element of L if there exists an input w such that C(w) = b. For this language, we call a non-interactive proof system fully homomorphic if, given instances (C-i, b(i)) is an element of L along with their proofs Pi(i), for i is an element of {1, ..., k}, and given any circuit D : {0, 1}(k) -> {0, 1}, one can efficiently compute a proof Pi for (C*, b) is an element of L, where C*(w((1)), ..., w((k))) = D(C-1(w((1))), ..., C-k(w((k)))) and D(b(1), ..., b(k)) = b. The key security property is unlinkability: the resulting proof Pi is indistinguishable from a fresh proof of the same statement. Our first result, under the Decision Linear Assumption (DLIN), is an FH-NIZK proof system for L in the common random string model. Our more surprising second result (under a new decisional assumption on groups with bilinear maps) is an FH-NIWI proof system that requires no setup.