Shorter lattice-based zero-knowledge proofs via one-time commitments. (English) Zbl 1479.94232
Garay, Juan A. (ed.), Public-key cryptography – PKC 2021. 24th IACR international conference on practice and theory of public key cryptography, virtual event, May 10–13, 2021. Proceedings. Part I. Cham: Springer. Lect. Notes Comput. Sci. 12710, 215-241 (2021).
Summary: There has been a lot of recent progress in constructing efficient zero-knowledge proofs for showing knowledge of an \(\vec{\mathfrak{s}}\) with small coefficients satisfying \(\mathfrak{A}\vec{\mathfrak{s}}=\vec{\mathfrak{t}} \). For typical parameters, the proof sizes have gone down from several megabytes to a bit under 50KB [M. F. Esgin et al., “Practical exact proofs from lattices: new techniques to exploit fully-splitting rings”, Lect. Notes Comput. Sci. 12492, 259–288 (2020; doi:10.1007/978-3-030-64834-3_9)]. These are now within an order of magnitude of the sizes of lattice-based signatures, which themselves constitute proof systems which demonstrate knowledge of something weaker than the aforementioned equation. One can therefore see that this line of research is approaching optimality. In this paper, we modify a key component of these proofs, as well as apply several other tweaks, to achieve a further reduction of around \(30\%\) in the proof output size. We also show that this savings propagates itself when these proofs are used in a general framework to construct more complex protocols.
For the entire collection see [Zbl 1476.94003].
For the entire collection see [Zbl 1476.94003].
MSC:
| 94A60 | Cryptography |
References:
| [1] | Alkim, E.; Ducas, L.; Pöppelmann, T.; Schwabe, P., Post-quantum key exchange - a new hope, IACR Cryptol. ePrint Arch., 2015, 1092 (2015) |
| [2] | Albrecht, MR; Göpfert, F.; Virdia, F.; Wunderer, T.; Takagi, T.; Peyrin, T., Revisiting the expected cost of solving uSVP and applications to LWE, Advances in Cryptology - ASIACRYPT 2017, 297-322 (2017), Cham: Springer, Cham · Zbl 1420.94034 · doi:10.1007/978-3-319-70694-8_11 |
| [3] | Albrecht, MR; Coron, J-S; Nielsen, JB, On dual lattice attacks against small-secret LWE and parameter choices in HElib and SEAL, Advances in Cryptology - EUROCRYPT 2017, 103-129 (2017), Cham: Springer, Cham · Zbl 1415.94402 · doi:10.1007/978-3-319-56614-6_4 |
| [4] | Attema, T.; Lyubashevsky, V.; Seiler, G.; Micciancio, D.; Ristenpart, T., Practical product proofs for lattice commitments, Advances in Cryptology - CRYPTO 2020, 470-499 (2020), Cham: Springer, Cham · Zbl 1504.94096 · doi:10.1007/978-3-030-56880-1_17 |
| [5] | Alperin-Sheriff, J.; Peikert, C.; Fischlin, M.; Buchmann, J.; Manulis, M., Circular and KDM security for identity-based encryption, Public Key Cryptography - PKC 2012, 334-352 (2012), Heidelberg: Springer, Heidelberg · Zbl 1294.94030 · doi:10.1007/978-3-642-30057-8_20 |
| [6] | Albrecht, M.R., Player, R., Scott, S.: On the concrete hardness of learning with errors. Cryptology ePrint Archive, Report 2015/046 (2015). https://eprint.iacr.org/2015/046 · Zbl 1352.94023 |
| [7] | Banaszczyk, W., New bounds in some transference theorems in the geometry of numbers, Math. Ann., 296, 1, 625-635 (1993) · Zbl 0786.11035 · doi:10.1007/BF01445125 |
| [8] | Brakerski, Z.; Döttling, N.; Canteaut, A.; Ishai, Y., Hardness of LWE on general entropic distributions, Advances in Cryptology - EUROCRYPT 2020, 551-575 (2020), Cham: Springer, Cham · Zbl 1492.94068 · doi:10.1007/978-3-030-45724-2_19 |
| [9] | Bos, J.W. et al.: CRYSTALS - kyber: A cca-secure module-lattice-based KEM. In: 2018 IEEE European Symposium on Security and Privacy, EuroS&P, pp. 353-367 (2018) |
| [10] | Baum, C.; Damgård, I.; Lyubashevsky, V.; Oechsner, S.; Peikert, C.; Catalano, D.; De Prisco, R., More efficient commitments from structured lattice assumptions, Security and Cryptography for Networks, 368-385 (2018), Cham: Springer, Cham · Zbl 1517.94061 · doi:10.1007/978-3-319-98113-0_20 |
| [11] | Baum, C.; Lyubashevsky, V., Simple amortized proofs of shortness for linear relations over polynomial rings, IACR Cryptology ePrint Archive, 2017, 759 (2017) |
| [12] | Bootle, J.; Lyubashevsky, V.; Seiler, G.; Boldyreva, A.; Micciancio, D., Algebraic techniques for Short(er) exact lattice-based zero-knowledge proofs, Advances in Cryptology - CRYPTO 2019, 176-202 (2019), Cham: Springer, Cham · Zbl 1456.94054 · doi:10.1007/978-3-030-26948-7_7 |
| [13] | Baum, C.; Nof, A.; Kiayias, A.; Kohlweiss, M.; Wallden, P.; Zikas, V., Concretely-efficient zero-knowledge arguments for arithmetic circuits and their application to lattice-based cryptography, Public-Key Cryptography - PKC 2020, 495-526 (2020), Cham: Springer, Cham · Zbl 1502.94029 · doi:10.1007/978-3-030-45374-9_17 |
| [14] | Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally composable two-party and multi-party secure computation. In: STOC, pp. 494-503. ACM (2002) · Zbl 1192.94112 |
| [15] | Dachman-Soled, D.; Ducas, L.; Gong, H.; Rossi, M.; Micciancio, D.; Ristenpart, T., LWE with side information: attacks and concrete security estimation, Advances in Cryptology - CRYPTO 2020, 329-358 (2020), Cham: Springer, Cham · Zbl 1504.94128 · doi:10.1007/978-3-030-56880-1_12 |
| [16] | Ducas, L.; Durmus, A.; Lepoint, T.; Lyubashevsky, V.; Canetti, R.; Garay, JA, Lattice signatures and bimodal gaussians, Advances in Cryptology - CRYPTO 2013, 40-56 (2013), Heidelberg: Springer, Heidelberg · Zbl 1310.94141 · doi:10.1007/978-3-642-40041-4_3 |
| [17] | Dodis, Y.; Goldwasser, S.; Tauman Kalai, Y.; Peikert, C.; Vaikuntanathan, V.; Micciancio, D., Public-key encryption schemes with auxiliary inputs, Theory of Cryptography, 361-381 (2010), Heidelberg: Springer, Heidelberg · Zbl 1274.94062 · doi:10.1007/978-3-642-11799-2_22 |
| [18] | Ducas, L., Crystals-dilithium: a lattice-based digital signature scheme, IACR Trans. Cryptogr. Hardw. Embed. Syst., 2018, 1, 238-268 (2018) · doi:10.46586/tches.v2018.i1.238-268 |
| [19] | D’Anvers, J-P; Karmakar, A.; Sinha Roy, S.; Vercauteren, F.; Joux, A.; Nitaj, A.; Rachidi, T., Saber: module-LWR based key exchange, CPA-secure encryption and CCA-secure KEM, Progress in Cryptology - AFRICACRYPT 2018, 282-305 (2018), Cham: Springer, Cham · Zbl 1423.94065 · doi:10.1007/978-3-319-89339-6_16 |
| [20] | Escala, A.; Groth, J.; Krawczyk, H., Fine-tuning groth-sahai proofs, Public-Key Cryptography - PKC 2014, 630-649 (2014), Heidelberg: Springer, Heidelberg · Zbl 1335.94047 · doi:10.1007/978-3-642-54631-0_36 |
| [21] | Esgin, M.F., et al.: Practical post-quantum few-time verifiable random function with applications to algorand. Cryptology ePrint Archive, Report 2020/1222 (2020). https://eprint.iacr.org/2020/1222 |
| [22] | Esgin, MF; Nguyen, NK; Seiler, G.; Moriai, S.; Wang, H., Practical exact proofs from lattices: new techniques to exploit fully-splitting rings, Advances in Cryptology - ASIACRYPT 2020, 259-288 (2020), Cham: Springer, Cham · Zbl 1511.94096 · doi:10.1007/978-3-030-64834-3_9 |
| [23] | Esgin, M.F., Zhao, R.K., Steinfeld, R., Liu, J.K., Liu, D.: Matrict: Efficient, scalable and post-quantum blockchain confidential transactions protocol. In: CCS, pp. 567-584. ACM (2019) |
| [24] | Goldwasser, S., Kalai, Y.T., Peikert, C., Vaikuntanathan, V.: Robustness of the learning with errors assumption. In: ICS, pp. 230-240. Tsinghua University Press (2010) |
| [25] | Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: a ring-based public key cryptosystem. In: ANTS, pp. 267-288 (1998) · Zbl 1067.94538 |
| [26] | Kiltz, E.; Lyubashevsky, V.; Schaffner, C.; Nielsen, JB; Rijmen, V., A concrete treatment of fiat-Shamir signatures in the quantum random-oracle model, Advances in Cryptology - EUROCRYPT 2018, 552-586 (2018), Cham: Springer, Cham · Zbl 1415.94448 · doi:10.1007/978-3-319-78372-7_18 |
| [27] | Lyubashevsky, V., Nguyen, N.K., Seiler, G.: Practical lattice-based zero-knowledge proofs for integer relations. In: IACR Cryptology ePrint Archive, 2020. ACM CCS (2020). http://eprint.iacr.org/2020/1183 |
| [28] | Lyubashevsky, V., Nguyen, N.K., Seiler, G.: Shorter lattice-based zero-knowledge proofs via one-time commitments. Cryptology ePrint Archive, Report 2020/1448 (2020). https://eprint.iacr.org/2020/1448 · Zbl 1479.94232 |
| [29] | Ling, S., Nguyen, K., Stehlé, D., Wang, H.: Improved zero-knowledge proofs of knowledge for the ISIS problem, and applications. In: PKC, pp. 107-124 (2013) · Zbl 1314.94087 |
| [30] | Langlois, A.; Stehlé, D., Worst-case to average-case reductions for module lattices, Des. Codes Crypt., 75, 3, 565-599 (2014) · Zbl 1361.94043 · doi:10.1007/s10623-014-9938-4 |
| [31] | Lyubashevsky, V.: Fiat-Shamir with aborts: Applications to lattice and factoring-based signatures. In: ASIACRYPT, pp. 598-616 (2009) · Zbl 1267.94125 |
| [32] | Lyubashevsky, V.: Lattice signatures without trapdoors. In: EUROCRYPT, pp. 738-755 (2012) · Zbl 1295.94111 |
| [33] | Micciancio, D.; Mol, P.; Rogaway, P., Pseudorandom knapsacks and the sample complexity of LWE search-to-decision reductions, Advances in Cryptology - CRYPTO 2011, 465-484 (2011), Heidelberg: Springer, Heidelberg · Zbl 1287.94085 · doi:10.1007/978-3-642-22792-9_26 |
| [34] | O’Neill, A.; Peikert, C.; Waters, B.; Rogaway, P., Bi-deniable public-key encryption, Advances in Cryptology - CRYPTO 2011, 525-542 (2011), Heidelberg: Springer, Heidelberg · Zbl 1290.94113 · doi:10.1007/978-3-642-22792-9_30 |
| [35] | Stern, J.: A new identification scheme based on syndrome decoding. In: CRYPTO, pp. 13-21 (1993) · Zbl 0876.94035 |
| [36] | Tao, Y.; Wang, X.; Zhang, R.; Ding, J.; Tillich, J-P, Short zero-knowledge proof of knowledge for lattice-based commitment, Post-Quantum Cryptography, 268-283 (2020), Cham: Springer, Cham · Zbl 1501.94057 · doi:10.1007/978-3-030-44223-1_15 |
| [37] | Yang, R.; Au, MH; Zhang, Z.; Xu, Q.; Yu, Z.; Whyte, W.; Boldyreva, A.; Micciancio, D., Efficient lattice-based zero-knowledge arguments with standard soundness: construction and applications, Advances in Cryptology - CRYPTO 2019, 147-175 (2019), Cham: Springer, Cham · Zbl 1456.94122 · doi:10.1007/978-3-030-26948-7_6 |
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.
