(2026-05) From NIZK Arguments to ZAPs, Generically
2026-05-06
Dwork and Naor (FOCS 2000) showed a generic transformation to construct a ZAP (a two-round public-coin witness-indistinguishable proof) from any non-interactive zero-knowledge (NIZK) proof with statistical soundness in the common random string model. In recent years, a number of works have shown how to construct NIZK arguments in the common random string model from a broad range of assumptions including decisional Diffie-Hellman (DDH), learning with errors (LWE), or combinations of multiple assumptions. While a number of previous works have developed specialized tools to build ZAPs using these same assumptions (through a non-trivial adaptation of the underlying NIZK), a natural question is whether we can generically obtain a ZAP from these NIZK arguments à la Dwork-Naor.
In this work, we introduce the notion of a sometimes-constricting generator and show how to use it to generically upgrade any computational (resp., statistical) NIZK argument in the common random string model into a computational (resp., statistical) ZAP argument. We then show how to build sometimes-constricting generators from either the DDH assumption (over pairing-free groups) or the LWE assumption. Our transformation immediately allows us to recover constructions of ZAPs from assumptions like DDH or LWE, as well as enables new constructions from different combinations of cryptographic assumptions with properties that were not previously attainable. More broadly, our compiler provides a general mechanism to convert any future NIZK construction in the common random string model into a ZAP.