Paper 2024/1293

Greyhound: Fast Polynomial Commitments from Lattices

Ngoc Khanh Nguyen, King's College London
Gregor Seiler, IBM Research - Zurich
Abstract

In this paper, we propose Greyhound, the first concretely efficient polynomial commitment scheme from standard lattice assumptions. At the core of our construction lies a simple three-round protocol for proving evaluations for polynomials of bounded degree $N$ with verifier time complexity $O(\sqrt{N})$. By composing it with the LaBRADOR proof system (CRYPTO 2023), we obtain a succinct proof of polynomial evaluation (i.e. polylogarithmic in $N$) that admits a sublinear verifier runtime. To highlight practicality of Greyhound, we provide implementation details including concrete sizes and runtimes. Notably, for large polynomials of degree at most $N=2^{30}$, the scheme produces evaluation proofs of size $53$KB, which is more than $10^4$ times smaller than the recent lattice-based framework, called SLAP (EUROCRYPT 2024), and around three orders of magnitude smaller than Ligero (CCS 2017) and Brakedown (CRYPTO 2023).

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
A minor revision of an IACR publication in CRYPTO 2024
DOI
10.1007/978-3-031-68403-6_8
Keywords
latticespolynomial commitment schemeSNARKimplementationNTTAVX-512
Contact author(s)
ngoc_khanh nguyen @ kcl ac uk
grs @ zurich ibm com
History
2024-08-20: approved
2024-08-18: received
See all versions
Short URL
https://ia.cr/2024/1293
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/1293,
      author = {Ngoc Khanh Nguyen and Gregor Seiler},
      title = {Greyhound: Fast Polynomial Commitments from Lattices},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1293},
      year = {2024},
      doi = {10.1007/978-3-031-68403-6_8},
      url = {https://eprint.iacr.org/2024/1293}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.