Lattice-Based Polynomial Commitments: Towards Asymptotic and Concrete Efficiency

IF 2.3 3区计算机科学 Q2 COMPUTER SCIENCE, THEORY & METHODS Journal of Cryptology Pub Date : 2024-07-10 DOI:10.1007/s00145-024-09511-8

Giacomo Fenzi, Hossein Moghaddas, Ngoc Khanh Nguyen

{"title":"Lattice-Based Polynomial Commitments: Towards Asymptotic and Concrete Efficiency","authors":"Giacomo Fenzi, Hossein Moghaddas, Ngoc Khanh Nguyen","doi":"10.1007/s00145-024-09511-8","DOIUrl":null,"url":null,"abstract":"Polynomial commitments schemes are a powerful tool that enables one party to commit to a polynomial p of degree d, and prove that the committed function evaluates to a certain value z at a specified point u, i.e. \\(p(u) = z\\), without revealing any additional information about the polynomial. Recently, polynomial commitments have been extensively used as a cryptographic building block to transform polynomial interactive oracle proofs (PIOPs) into efficient succinct arguments. In this paper, we propose a lattice-based polynomial commitment that achieves succinct proof size and verification time in the degree d of the polynomial. Extractability of our scheme holds in the random oracle model under a natural ring version of the BASIS assumption introduced by Wee and Wu (EUROCRYPT 2023). Unlike recent constructions of polynomial commitments by Albrecht et al. (CRYPTO 2022), and by Wee and Wu, we do not require any expensive preprocessing steps, which makes our scheme particularly attractive as an ingredient of a PIOP compiler for succinct arguments. We further instantiate our polynomial commitment, together with the Marlin PIOP (EUROCRYPT 2020), to obtain a publicly-verifiable trusted-setup succinct argument for Rank-1 Constraint System (R1CS). Performance-wise, we achieve \\(17\\)MB proof size for \\(2^{20}\\) constraints, which is \\(15\\)X smaller than currently the only publicly-verifiable lattice-based SNARK proposed by Albrecht et al.","PeriodicalId":54849,"journal":{"name":"Journal of Cryptology","volume":null,"pages":null},"PeriodicalIF":2.3000,"publicationDate":"2024-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Cryptology","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s00145-024-09511-8","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 0

Abstract

Polynomial commitments schemes are a powerful tool that enables one party to commit to a polynomial p of degree d, and prove that the committed function evaluates to a certain value z at a specified point u, i.e. \(p(u) = z\), without revealing any additional information about the polynomial. Recently, polynomial commitments have been extensively used as a cryptographic building block to transform polynomial interactive oracle proofs (PIOPs) into efficient succinct arguments. In this paper, we propose a lattice-based polynomial commitment that achieves succinct proof size and verification time in the degree d of the polynomial. Extractability of our scheme holds in the random oracle model under a natural ring version of the BASIS assumption introduced by Wee and Wu (EUROCRYPT 2023). Unlike recent constructions of polynomial commitments by Albrecht et al. (CRYPTO 2022), and by Wee and Wu, we do not require any expensive preprocessing steps, which makes our scheme particularly attractive as an ingredient of a PIOP compiler for succinct arguments. We further instantiate our polynomial commitment, together with the Marlin PIOP (EUROCRYPT 2020), to obtain a publicly-verifiable trusted-setup succinct argument for Rank-1 Constraint System (R1CS). Performance-wise, we achieve \(17\)MB proof size for \(2^{20}\) constraints, which is \(15\)X smaller than currently the only publicly-verifiable lattice-based SNARK proposed by Albrecht et al.

Abstract Image

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于网格的多项式承诺：实现渐进和具体效率

多项式承诺方案是一种强大的工具，它使一方能够承诺一个度数为d的多项式p，并证明承诺函数在指定点u上求值为某个值z，即\(p(u) = z\)，而无需透露多项式的任何其他信息。最近，多项式承诺被广泛用作一种加密构件，用于将多项式交互式甲骨文证明（PIOPs）转化为高效简洁的论证。在本文中，我们提出了一种基于网格的多项式承诺，它能在多项式的度数 d 内实现简洁的证明大小和验证时间。在 Wee 和 Wu（EUROCRYPT 2023）提出的 BASIS 假设的自然环版本下，我们方案的可提取性在随机甲骨文模型中成立。与 Albrecht 等人（CRYPTO 2022）以及 Wee 和 Wu 最近构建的多项式承诺不同，我们不需要任何昂贵的预处理步骤，这使得我们的方案作为简洁论证 PIOP 编译器的一个组成部分特别有吸引力。我们进一步将我们的多项式承诺与 Marlin PIOP（EUROCRYPT 2020）一起实例化，以获得一个公开可验证的可信设置简洁论证，用于 Rank-1 约束系统（R1CS）。从性能上看，我们实现了 \(2^{20}\) 个约束的 \(17\)MB 证明大小，这比目前由 Albrecht 等人提出的唯一可公开验证的基于网格的 SNARK 小了\(15\)X。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Journal of Cryptology 工程技术-工程：电子与电气

CiteScore

7.10

自引率

3.30%

发文量

审稿时长

18 months

期刊介绍： The Journal of Cryptology is a forum for original results in all areas of modern information security. Both cryptography and cryptanalysis are covered, including information theoretic and complexity theoretic perspectives as well as implementation, application, and standards issues. Coverage includes such topics as public key and conventional algorithms and their implementations, cryptanalytic attacks, pseudo-random sequences, computational number theory, cryptographic protocols, untraceability, privacy, authentication, key management and quantum cryptography. In addition to full-length technical, survey, and historical articles, the journal publishes short notes.

期刊最新文献

Randomness Recoverable Secret Sharing Schemes Memory-Efficient Attacks on Small LWE Keys Finding Collisions in a Quantum World: Quantum Black-Box Separation of Collision-Resistance and One-Wayness Symmetric and Dual PRFs from Standard Assumptions: A Generic Validation of a Prevailing Assumption The Price of Active Security in Cryptographic Protocols