**Practical Lattice-Based Zero-Knowledge Proofs for Integer Relations **

*Vadim Lyubashevsky and Ngoc Khanh Nguyen and Gregor Seiler*

**Abstract: **We present a novel lattice-based zero-knowledge proof system for showing that (arbitrary-sized) committed integers satisfy additive and multiplicative relationships. The proof sizes of our schemes are between two to three orders of magnitude smaller than in the lattice proof system of Libert et al. (CRYPTO 2018) for the same relations. Because the proof sizes of our protocols grow linearly in the integer length, our proofs will eventually be longer than those produced by quantum-safe succinct proof systems for general circuits (e.g. Ligero, Aurora, etc.). But for relations between reasonably-sized integers (e.g. $512$-bit), our proofs still result in the smallest zero-knowledge proof system based on a quantum-safe assumption. Of equal importance, the run-time of our proof system is at least an order of magnitude faster than any other quantum-safe scheme.

**Category / Keywords: **cryptographic protocols / lattice-based, zero-knowledge proofs

**Original Publication**** (with major differences): **ACM CCS 2020
**DOI: **10.1145/3372297.3417894

**Date: **received 27 Sep 2020

**Contact author: **vad at zurich ibm com, nkn@zurich ibm com, gseiler@inf ethz ch

**Available format(s): **PDF | BibTeX Citation

**Version: **20200930:074637 (All versions of this report)

**Short URL: **ia.cr/2020/1183

[ Cryptology ePrint archive ]