Efficient Lifting for Shorter Zero-Knowledge Proofs and Post-Quantum Signatures

Daniel Kales and Greg Zaverucha

Abstract

MPC-in-the-head based zero-knowledge proofs allow one to prove knowledge of a preimage for a circuit defined over a finite field F. In recent proofs the soundness depends on the size F, and small fields require more parallel repetitions, and therefore produce larger proofs. In this paper we develop and systematically apply lifting strategies to such proof protocols in order to increase soundness and reduce proof size. The strategies are (i) lifting parts of the protocol to extension fields of F, (ii) using reverse- multiplication friendly embeddings to pack elements of F into a larger field and (iii) to use an alternative circuit representation. Using a combination of these strategies at different points in the protocol, we design two new proof systems well suited to small circuits defined over small fields. As a case study we consider efficient constructions of post-quantum signatures, where a signature is a proof of knowledge of a one-way function preimage, and two commonly used one-way functions are defined over small fields (AES and LowMC). We find that carefully applying these lifting strategies gives shorter signatures than the state-of-the-art: our AES-based signatures are 1.3x shorter than Banquet (PKC 2021) and our LowMC-based signatures are almost 2x shorter than the NIST-candidate algorithm Picnic3. We implement our schemes and provide benchmarks. Finally, we also give other optimizations: some generally applicable to this class of proofs, and some specific to the circuits we focused on.

Available format(s)
Category
Public-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
Contact author(s)
gregz @ microsoft com
daniel kales @ iaik tugraz at
History
Short URL
https://ia.cr/2022/588

CC BY

BibTeX

@misc{cryptoeprint:2022/588,
author = {Daniel Kales and Greg Zaverucha},
title = {Efficient Lifting for Shorter Zero-Knowledge Proofs and Post-Quantum Signatures},
howpublished = {Cryptology ePrint Archive, Paper 2022/588},
year = {2022},
note = {\url{https://eprint.iacr.org/2022/588}},
url = {https://eprint.iacr.org/2022/588}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.