Date Added: Jan 2012
Malleability for cryptography is not necessarily an opportunity for attack, but in many cases a potentially useful feature that can be exploited. In this paper, the authors examine notions of malleability for Non-Interactive Zero-Knowledge (NIZK) proofs. They start by defining a malleable proof system, and then consider ways to meaningfully control the malleability of the proof system, as in many settings they would like to guarantee that only certain types of transformations can be performed. They also define notions for the cases in which they do not necessarily want a user to know that a proof has been obtained by applying a particular transformation; these are analogous to function/circuit privacy for encryption.