Paper 2020/517

Practical Product Proofs for Lattice Commitments

Thomas Attema, Vadim Lyubashevsky, and Gregor Seiler

Abstract

We construct a practical lattice-based zero-knowledge argument for proving multiplicative relations between committed values. The underlying commitment scheme that we use is the currently most efficient one of Baum et al. (SCN 2018), and the size of our multiplicative proof ($9$KB) is only slightly larger than the $7$KB required for just proving knowledge of the committed values. We additionally expand on the work of Lyubashevsky and Seiler (Eurocrypt 2018) by showing that the above-mentioned result can also apply when working over rings $\mathbb{Z}_q[X]/(X^d+1)$ where $X^d+1$ splits into low-degree factors, which is a desirable property for many applications (e.g. range proofs, multiplications over $\mathbb{Z}_q$) that take advantage of packing multiple integers into the NTT coefficients of the committed polynomial.

Note: Full version of the Crypto paper

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published by the IACR in CRYPTO 2020
Keywords
lattice-basedzero-knowledgecommitments
Contact author(s)
gseiler @ inf ethz ch
History
2020-06-25: last of 4 revisions
2020-05-05: received
See all versions
Short URL
https://ia.cr/2020/517
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2020/517,
      author = {Thomas Attema and Vadim Lyubashevsky and Gregor Seiler},
      title = {Practical Product Proofs for Lattice Commitments},
      howpublished = {Cryptology {ePrint} Archive, Paper 2020/517},
      year = {2020},
      url = {https://eprint.iacr.org/2020/517}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.