Paper 2017/856

Zero-Knowledge Arguments for Lattice-Based PRFs and Applications to E-Cash

Benoît Libert, San Ling, Khoa Nguyen, and Huaxiong Wang

Abstract

Beyond their security guarantees under well-studied assumptions, algebraic pseudo-random functions are motivated by their compatibility with efficient zero-knowledge proof systems, which is useful in a number of privacy applications like digital cash. We consider the problem of proving the correct evaluation of lattice-based PRFs based on the Learning-With-Rounding (LWR) problem introduced by Banerjee et al. (Eurocrypt'12). Namely, we are interested zero-knowledge arguments of knowledge of triples $(y,k,x)$ such that $y=F_k(x)$ is the correct evaluation of a PRF for a secret input $x$ and a committed key $k$. While analogous statements admit efficient zero-knowledge protocols in the discrete logarithm setting, they have never been addressed in lattices so far. We provide such arguments for the key homomorphic PRF of Boneh et al. (Crypto'13) and the generic PRF implied by the LWR-based pseudo-random generator. As an application of our ZK arguments, we design the first compact e-cash system based on lattice assumptions. By ``compact'', we mean that the complexity is at most logarithmic in the value of withdrawn wallets. Our system can be seen as a lattice-based analogue of the first compact e-cash construction due to Camenisch, Hohenberger and Lysyanskaya (Eurocrypt'05).

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
A major revision of an IACR publication in ASIACRYPT 2017
Keywords
Latticespseudo-random functionszero-knowledge argumentse-cash systemsanonymity
Contact author(s)
khoantt @ ntu edu sg
History
2017-09-09: received
Short URL
https://ia.cr/2017/856
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/856,
      author = {Benoît Libert and San Ling and Khoa Nguyen and Huaxiong Wang},
      title = {Zero-Knowledge Arguments for Lattice-Based {PRFs} and Applications to E-Cash},
      howpublished = {Cryptology {ePrint} Archive, Paper 2017/856},
      year = {2017},
      url = {https://eprint.iacr.org/2017/856}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.