mso-ansi-language:EN-US">At the forefront of cryptographic techniques that enable secure digital applications are public-
mso-ansi-language:EN-US">key encryption (PKE) schemes and zero-knowledge (ZK) proofs. A PKE allows two parties without a shared secret to communicate securely, while ZK proofs validate statements without revealing anything beyond their validity.
mso-ansi-language:EN-US">Malleability, in cryptographic terms, refers to the possibility of efficiently modifying and transforming, in a predictable way, an encrypted message or a proof; it is a desirable feature that finds applications in many settings, such as privacy-preserving outsourced storage and computation. On the other hand, non-malleability is defined as the property that prevents such predictable modifications that, in a general-purpose cryptosystem, may lead to vulnerabilities and undesired attacks.
mso-ansi-language:EN-US">This thesis aims to explore the nuanced interplay and the relationship between malleability and non-malleability. With a combination of theoretical analysis and practical case studies, it provides insights into the boundaries and connections between these two properties and how they can coexist in secure and efficient protocols.
mso-ansi-language:EN-US">In particular, we show that a wide class of ZK proof systems (zkSNARKs) has strong non-malleable properties even if derived from malleable cryptographic primitives, like homomorphic polynomial commitments: our results apply to popular proof systems, such as Plonk and Marlin, and the KZG commitment scheme.
mso-ansi-language:EN-US">We provide a framework for analyzing the non-malleability of modular zkSNARKS, with a special emphasis on optimized schemes and flexible architectures, such as those based on the paradigm of Virtual Machines.
mso-ansi-language:EN-US">Also, we propose efficient and secure protocols based on a class of malleable PKEs, the Re-randomizable RCCA (Rand-RCCA) PKEs, with applications to electronic voting and anonymous e-mail, among others.
mso-ansi-language:EN-US">Last but not least, we initiate the study of tight security in the Rand-RCCA setting, thus giving insight into how tight the security of these schemes translates to the trust that we have with respect to standard cryptographic assumptions.
