Succinct Functional Commitment for a Large Class of Arithmetic Circuits

Helger Lipmaa; Kateryna Pavlyk

Paper 2021/932

Succinct Functional Commitment for a Large Class of Arithmetic Circuits

Helger Lipmaa and Kateryna Pavlyk

Abstract

A succinct functional commitment (SFC) scheme for a circuit class $CC$ enables, for any circuit $C \in CC$ , the committer to first succinctly commit to a vector $\vec{α}$ , and later succinctly open the commitment to $C (\vec{α}, \vec{β})$ , where the verifier chooses $\vec{β}$ at the time of opening. Unfortunately, SFC commitment schemes are known only for severely limited function classes like the class of inner products. By making non-black-box use of SNARK-construction techniques, we propose an SFC scheme for the large class of semi-sparse polynomials. The new SFC scheme can be used to, say, efficiently (1) implement sparse polynomials, and (2) aggregate various interesting SFC (e.g., vector commitment and polynomial commitment) schemes. The new scheme is evaluation-binding under a new instantiation of the computational uber-assumption. We provide a thorough analysis of the new assumption.

Note: Full version of our Asiacrypt 2020 paper. It differs by having appendices, more standard AGM security proofs of certain theorems, and general readability improvements.

Metadata

Available format(s): PDF
Category: Cryptographic protocols
Publication info: Preprint. MINOR revision.
Keywords: aggregated functional commitment Déjà Q functional commitment SNARK uber-assumption vector commitment
Contact author(s): helger lipmaa @ gmail com
History: 2021-07-09: received
Short URL: https://ia.cr/2021/932
License: CC BY

BibTeX

@misc{cryptoeprint:2021/932,
      author = {Helger Lipmaa and Kateryna Pavlyk},
      title = {Succinct Functional Commitment for a Large Class of Arithmetic Circuits},
      howpublished = {Cryptology {ePrint} Archive, Paper 2021/932},
      year = {2021},
      url = {https://eprint.iacr.org/2021/932}
}