We prove a tight lower bound on the number of group operations required for batch verification by any generic-group accumulator that stores a less-than-trivial amount of information. Specifically, we show that Ω(t· (λ/ log λ)) group operations are required for the batch verification of any subset of t≥ 1 elements, where λ∈ N is the security parameter, thus ruling out non-trivial batch verification in the standard non-interactive manner. Our lower bound applies already to the most basic form of accumulators (i.e., static accumulators that support membership proofs), and holds both for known-order (and even multilinear) groups and for unknown-order groups, where it matches the asymptotic performance of the known bilinear and RSA accumulators, respectively. In addition, it complements the techniques underlying the generic-group accumulators of Boneh, Bünz and Fisch (CRYPTO ’19) and Thakur (ePrint ’19) by justifying their application of the Fiat-Shamir heuristic for transforming their interactive batch-verification protocols into non-interactive procedures. Moreover, motivated by a fundamental challenge introduced by Aggarwal and Maurer (EUROCRYPT ’09), we propose an extension of the generic-group model that enables us to capture a bounded amount of arbitrary non-generic information (e.g., least-significant bits or Jacobi symbols that are hard to compute generically but are easy to compute non-generically). We prove our lower bound within this extended model, which may be of independent interest for strengthening the implications of impossibility results in idealized models.
|Title of host publication
|Theory of Cryptography - 18th International Conference, TCC 2020, Proceedings
|Rafael Pass, Krzysztof Pietrzak
|Springer Science and Business Media Deutschland GmbH
|Number of pages
|Published - 2020
|18th International Conference on Theory of Cryptography, TCCC 2020 - Durham, United States
Duration: 16 Nov 2020 → 19 Nov 2020
|Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
|18th International Conference on Theory of Cryptography, TCCC 2020
|16/11/20 → 19/11/20
Bibliographical notePublisher Copyright:
© International Association for Cryptologic Research 2020.