Paper 2024/2026
Orbweaver: Succinct Linear Functional Commitments from Lattices
, Yale UniversityAbstract
We present Orbweaver, a plausibly post-quantum functional commitment for linear relations that achieves quasilinear prover time together with $O(\log n)$ proof size and polylogarithmic verifier time. Orbweaver enables evaluation of linear functions on committed vectors over cyclotomic rings and the integers. It is extractable, preprocessing, non-interactive, structure-preserving, and supports compact public proof aggregation. The security of our scheme is based on the $k$-$R$-ISIS assumption (and its knowledge counterpart), whereby we require a trusted setup to generate a universal structured reference string. We use Orbweaver to construct succinct univariate and multilinear polynomial commitments. Concretely, our scheme has smaller proofs than most other succinct post-quantum arguments for large statements. For binary vectors of length $2^{30}$ we achieve $302$KiB linear map evaluation proofs with evaluation binding, and $1$MiB proofs when extractability is required; for $32$-bit integers these sizes are $494$KiB and $1.6$MiB, respectively.
Metadata
- Available format(s)
-
PDF
- Category
- Public-key cryptography
- Publication info
- A major revision of an IACR publication in CRYPTO 2023
- DOI
- 10.1007/978-3-031-38545-2_4
- Keywords
- latticefunctional commitmentvector commitmentinner product argumentpolynomial commitmentpost-quantum
- Contact author(s)
-
benjamin fisch @ yale edu
zeyu liu @ yale edu
psi vesely @ yale edu - History
- 2024-12-15: approved
- 2024-12-14: received
- See all versions
- Short URL
- https://ia.cr/2024/2026
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/2026,
author = {Ben Fisch and Zeyu Liu and Psi Vesely},
title = {Orbweaver: Succinct Linear Functional Commitments from Lattices},
howpublished = {Cryptology {ePrint} Archive, Paper 2024/2026},
year = {2024},
doi = {10.1007/978-3-031-38545-2_4},
url = {https://eprint.iacr.org/2024/2026}
}
