Paper 2023/1350

On the Security of KZG Commitment for VSS

Atsuki Momose, University of Illinois at Urbana-Champaign
Sourav Das, University of Illinois at Urbana-Champaign
Ling Ren, University of Illinois at Urbana-Champaign
Abstract

The constant-sized polynomial commitment scheme by Kate, Zaverucha, and Goldberg (Asiscrypt 2010), also known as the KZG commitment, is an essential component in designing bandwidth-efficient verifiable secret-sharing (VSS) protocols. We point out, however, that the KZG commitment is missing two important properties that are crucial for VSS protocols. First, the KZG commitment has not been proven to be degree binding in the standard adversary model without idealized group assumptions. In other words, the committed polynomial is not guaranteed to have the claimed degree, which is supposed to be the reconstruction threshold of VSS. Without this property, shareholders in VSS may end up reconstructing different secrets depending on which shares are used. Second, the KZG commitment does not support polynomials with different degrees at once with a single setup. If the reconstruction threshold of the underlying VSS protocol changes, the protocol must redo the setup, which involves an expensive multi-party computation known as the powers of tau setup. In this work, we augment the KZG commitment to address both of these limitations. Our scheme is degree-binding in the standard model under the strong Diffie-Hellman (SDH) assumption. It supports any degree $0 < d \le m$ under a powers-of-tau common reference string with $m+1$ group elements generated by a one-time setup.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. ACM CCS 2023
DOI
10.1145/3576915.3623127
Keywords
VSS; KZG commitment
Contact author(s)
atsuki momose @ gmail com
souravd2 @ illinois edu
renling @ illinois edu
History
2023-09-11: approved
2023-09-10: received
See all versions
Short URL
https://ia.cr/2023/1350
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2023/1350,
      author = {Atsuki Momose and Sourav Das and Ling Ren},
      title = {On the Security of {KZG} Commitment for {VSS}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1350},
      year = {2023},
      doi = {10.1145/3576915.3623127},
      url = {https://eprint.iacr.org/2023/1350}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.