Paper 2024/2038

Adaptive Special Soundness: Improved Knowledge Extraction by Adaptive Useful Challenge Sampling

Thomas Attema, Centrum Wiskunde & Informatica, Netherlands Organisation for Applied Scientific Research
Michael Klooß, ETH Zurich
Russell W. F. Lai, Aalto University
Pavlo Yatsyna, Charles University
Abstract

Proving knowledge soundness of an interactive proof from scratch is often a challenging task. This has motivated the evelopment of various special soundness frameworks which, in a nutshell, separate knowledge extractors into two parts: (1) an extractor to produce a set of accepting transcripts conforming to some structure; (2) a witness recovery algorithm to recover a witness from a set of transcripts with said structure. These frameworks take care of (1), so it suffices for a protocol designer to specify (2) which is often simple(r). Recently, works by Bünz–Fisch (TCC’23) and Aardal et al. (CRYPTO’24) provide new frameworks, called almost special soundness and predicate special soundness, respectively. To handle insufficiencies of special soundness, they deviate from its spirit and augment it in different ways. The necessity for their changes is that special soundness does not allow the challenges for useful sets of transcripts to depend on the transcripts themselves, but only on the challenges in the transcripts. As a consequence, (generalised) special soundness cannot express extraction strategies which reduce a computational problem to finding “inconsistent” accepting transcripts, for example in PCP/IOP-based or lattice-based proof systems, and thus provide (very) sub-optimal extractors. In this work, we introduce adaptive special soundness which captures extraction strategies exploiting inconsistencies between transcripts, e.g. transcripts containing different openings of the same commitment. Unlike (generalised) special soundness (Attema, Fehr, and Resch (TCC’23)), which specifies a target transcript structure, our framework allows specifying an extraction strategy which guides the extractor to sample challenges adaptively based on the history of prior transcripts. We extend the recent (almost optional) extractor of Attema, Fehr, Klooß and Resch (EPRINT 2023/1945) to our notion, and argue that it encompasses almost special soundness and predicate special soundness in many cases of interest. As a challenging application, we modularise and generalise the lattice Bulletproofs analysis by Bünz–Fisch (TCC’23) using the adaptive special soundness framework. Moreover, we extend their analysis to the ring setting for a slightly wider selection of rings than rational integers.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
Knowledge SoundnessSpecial SoundnessSoundness SlackLattice-based Bulletproofs
Contact author(s)
thomas attema @ tno nl
klooss @ mail informatik kit edu
russell lai @ aalto fi
p yatsyna @ mff cuni cz
History
2024-12-18: approved
2024-12-17: received
See all versions
Short URL
https://ia.cr/2024/2038
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/2038,
      author = {Thomas Attema and Michael Klooß and Russell W. F. Lai and Pavlo Yatsyna},
      title = {Adaptive Special Soundness: Improved Knowledge Extraction by Adaptive Useful Challenge Sampling},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/2038},
      year = {2024},
      url = {https://eprint.iacr.org/2024/2038}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.