Paper 2022/1307
BLOOM: Bimodal Lattice One-Out-of-Many Proofs and Applications
Abstract
We give a construction of an efficient one-out-of-many proof system, in which a prover shows that he knows the pre-image for one element in a set, based on the hardness of lattice problems. The construction employs the recent zero-knowledge framework of Lyubashevsky et al. (Crypto 2022) together with an improved, over prior lattice-based one-out-of-many proofs, recursive procedure, and a novel rejection sampling proof that allows to use the efficient bimodal rejection sampling throughout the protocol. Using these new primitives and techniques, we give instantiations of the most compact lattice-based ring and group signatures schemes. The improvement in signature sizes over prior works ranges between $25\%$ and $2$X. Perhaps of even more significance, the size of the user public keys, which need to be stored somewhere publicly accessible in order for ring signatures to be meaningful, is reduced by factors ranging from $7$X to $15$X. In what could be of independent interest, we also provide noticeably improved proofs for integer relations which, together with one-out-of-many proofs are key components of confidential payment systems.
Metadata
- Available format(s)
-
PDF
- Category
- Public-key cryptography
- Publication info
- A major revision of an IACR publication in ASIACRYPT 2022
- Keywords
- lattices zero-knowledge one-out-of-many proofs ring signatures
- Contact author(s)
-
vad @ zurich ibm com
khanh nguyen @ epfl ch - History
- 2022-10-03: last of 2 revisions
- 2022-10-01: received
- See all versions
- Short URL
- https://ia.cr/2022/1307
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2022/1307,
author = {Vadim Lyubashevsky and Ngoc Khanh Nguyen},
title = {BLOOM: Bimodal Lattice One-Out-of-Many Proofs and Applications},
howpublished = {Cryptology ePrint Archive, Paper 2022/1307},
year = {2022},
note = {\url{https://eprint.iacr.org/2022/1307}},
url = {https://eprint.iacr.org/2022/1307}
}
