A note on one popular non-interactive zero-knowledge proof system

At Eurocrypt'06, Groth et al. have proposed one non-interactive zero-knowledge (NIZK) proof system for plain-text being 0 or 1 [its revision published by J. ACM, 59(3), 1-35, 2012]. Based on the system, they presented the first perfect NIZK argument system for any NP lan-figuage and the first secure NIZK argument with univer-sal composability for any NP language in the presence of a dynamic/adaptive adversary. In this note, we remark that in the scheme the prover is not compelled to invoke any trapdoor key to generate witnesses. The mechanism is dramatically different from the previous works, such as Blum-Feldman-Micali proof system and Blum-Santis-Micali-Persiano proof system. We find if the trapdoor key is available to the prover then he can cheat the verifier to accept a false claim. The characteristic is essentially in-compatible with the general primitive of zero-knowledge proof, which does not require any extra trust. © 2020, Femto Technique Co., Ltd.