Paper 2024/1654

$\Sigma$-Check: Compressed $\Sigma$-protocol Theory from Sum-check

Shang Gao, The Hong Kong Polytechnic University
Chen Qian, The Hong Kong Polytechnic University
Tianyu Zheng, The Hong Kong Polytechnic University
Yu Guo, SECBIT Labs
Bin Xiao, The Hong Kong Polytechnic University
Abstract

The theory of compressed $\Sigma$-protocols [AC20, ACF21] provides a standardized framework for creating efficient $\Sigma$-protocols. This method involves two main phases: first, amortization, which combines multiple instances that satisfy a homomorphic relation into a single instance; and second, Bulletproofs compression [BBB+18], which minimizes communication overhead to a logarithmic scale during the verification of the combined instance. For high-degree polynomial (non-homomorphic) relations, a circuit-based linearization technique is used to transform each instance into a linear relation, resulting in a protocol with at least linear complexity. In this paper, we provide a direct method to extend the compressed $\Sigma$-protocol theory to polynomial relations, named $\Sigma$-Check. One major contribution of $\Sigma$-Check is to eliminate the linear cost associated with linearization in amortization. To achieve this, we employ a sum-check during this phase to ensure a logarithmic communication cost. To the best of our knowledge, $\Sigma$-Check is the first work to achieve a logarithmic amortization for polynomial relations. Nevertheless, without linearization, the amortized relation may not be linear, which hinders us from using Bulletproofs compression. To overcome this problem, we employ another sum-check during the compression phase to effectively manage high-degree relations. Additionally, we propose several variants of our techniques and adapt them for arithmetic circuit relations. We also demonstrate the practicality of our compressed $\Sigma$-protocol theory through applications such as binary proofs, range proofs, and partial knowledge proofs. Our basic protocols are initially based on the Discrete Logarithm (DL) assumption, and we have further extended these to incorporate the Strong-RSA assumption and the Generalized Discrete Logarithm Representation (GDLR) assumption. Our work expands the scope of compressed $\Sigma$-protocol theory and provides a robust foundation for real-world cryptographic applications.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
Sigma-ProtocolsCompressed Σ-protocol theorySum-check protocolsArithmetic circuit satisfiability
Contact author(s)
shanggao @ polyu edu hk
chenqian qian @ connect polyu hk
tian-yu zheng @ connect polyu hk
yu guo @ secbit io
b xiao @ polyu edu hk
History
2024-10-24: last of 3 revisions
2024-10-14: received
See all versions
Short URL
https://ia.cr/2024/1654
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/1654,
      author = {Shang Gao and Chen Qian and Tianyu Zheng and Yu Guo and Bin Xiao},
      title = {$\Sigma$-Check: Compressed $\Sigma$-protocol Theory from Sum-check},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1654},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1654}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.