Table 1 The languages used in CNMZK

Oracle \(\mathcal {O}_{\pi } \):

\( {\begin {aligned} \mathcal {O}_{\pi }(\textsf {CRS}_{i}) = \left \{\begin {array}{ll} \pi _{i} & \text {if there exists unique}\ \pi _{i} \text {stored in oracle}\ \mathcal {O}_{\pi }\ \text {and} \\ & \textsf {PC}.\textsf {V}_{\textsf {cert}}(1^{n},\textsf {CRS}_{i},\pi _{i}) = 1 \\ \perp & \text {otherwise} \end {array}\right. \end {aligned}} \)

Circuit \( \mathcal {P}^{n,c_{3},\textsf {{PP}},\textsf {{K}},\rho _{\textsf {{CRSGen}}}}\):

\( {\begin {aligned} \mathcal {P}(d,\rho _{3}) \,=\, \left \{\begin {array}{ll} \kappa & \text {if}\ c_{3}\,=\,\textsf {Com}(d,\rho _{3}),\ \text {then set}\ \kappa \! :=\!\textsf {PC}.\textsf {CRSGen}(\textsf {PP},\textsf {K},d,\rho _{\textsf {{CRSGen}}})\\ \perp & \text {otherwise} \end {array}\right. \end {aligned}} \)

Equivalent Circuit \( \mathcal {Q}^{n,c_{3},\kappa } \):

\( \mathcal {Q}(d,\rho _{3}) = \left \{\begin {array}{ll} \kappa &\text {if}\ c_{3}=\textsf {Com}(d,\rho _{3})\\ \perp & \text {otherwise} \end {array}\right. \)

Language Λ₁:

We say (h,c₁,c₂,r)∈Λ₁, iff there exist \((M,\rho _{1},\mathcal {O}_{\pi },(j,s_{j}),\rho _{2})\) such that

– \(\rho _{1},\rho _{2},s_{j} \in \{0,1\}\text {} ^{n}, j \in [m], M, \mathcal {O}_{\pi } \in \{0, 1\}\text {} ^{n^{\log \log n}}\);

– c₁=Com(h(M),ρ₁);

– c₂=Com(h(q),ρ₂) where \( \textsf {q}=((M,\mathcal {O}_{\pi }),(j,s_{j}),r) \).

Language Λ₂:

We say (h,PP,c₂,c₃,r)∈Λ₂, iff there exist \((M,\mathcal {O}_{\pi },(j,s_{j}),d,\rho _{2},\rho _{3})\) such that

– \(d,s_{j},\rho _{2},\rho _{3} \in \{0, 1\}\text {} ^{n}, j \in [m], M, \mathcal {O}_{\pi } \in \{0, 1\}\text {} ^{n^{\log \log n}}\);

– c₂=Com(h(q),ρ₂) where \( \textsf {q}=((M,\mathcal {O}_{\pi }),(j,s_{j}),r) \);

– c₃=Com(d,ρ₃) where d=PC.PreGen(PP,q).

Language Λ₃:

We say \((\textsf {PP},c_{3},\hat {\mathcal {P}}_{\textsf {{CRSGen}}}) \!\in \! \Lambda \)₃, iff there exist

\(\left (\textsf {K},\mathcal {P}^{c_{3},\textsf {{PP}},\textsf {{K}},\rho _{\textsf {{CRSGen}}}},\rho _{\textsf {{Setup}}}, \rho _{\textsf {{CRSGen}}},\rho _{i\mathcal {O}}\right)\) such that

– \(\textsf {K},\rho _{\textsf {{Setup}}},\rho _{\textsf {{CRSGen}}},\rho _{i\mathcal {O}} \in \{0, 1\}\text {} ^{n}\);

– (PP,K)=PC.Setup(1ⁿ,D,ρ_Setup);

– \( \hat {\mathcal {P}}_{\textsf {{CRSGen}}}=i\mathcal {O}\left (\mathcal {P}^{c_{3},\textsf {{PP}},\textsf {{K}},\rho _{\textsf {{CRSGen}}}},\rho _{i\mathcal {O}}\right) \).

Language Λ₄:

We say \((\textsf {PP},\hat {\mathcal {P}}_{\textsf {{CRSGen}}},c_{5}) \in \Lambda \)₄, iff there exist (d,ρ₃,π) such that

– d,ρ₃,π∈{0,1}ⁿ;

– \( \kappa = \hat {\mathcal {P}}_{\textsf {{CRSGen}}}(d,\rho _{3}) \);

– c₅=Com((PP,κ),ρ₅);

– PC.V_cert(1ⁿ,(PP,κ),π)=1.