Paper 2024/264

Extractable Witness Encryption for KZG Commitments and Efficient Laconic OT

Nils Fleischhacker, Ruhr University Bochum
Mathias Hall-Andersen, Aarhus University
Mark Simkin, Ethereum Foundation
Abstract

We present a concretely efficient and simple extractable witness encryption scheme for KZG polynomial commitments. It allows to encrypt a message towards a triple $(\mathsf{com}, \alpha, \beta)$, where $\mathsf{com}$ is a KZG commitment for some polynomial $f$. Anyone with an opening for the commitment attesting $f(\alpha) = \beta$ can decrypt, but without knowledge of a valid opening the message is computationally hidden. Our construction is simple and highly efficient. The ciphertext is only a single group element. Encryption and decryption both require a single pairing evaluation and a constant number of group operations. Using our witness encryption scheme, we construct a simple and highly efficient laconic OT protocol, which significantly outperforms the state of the art in most important metrics.

Note: This revision fixes a flaw in the proof of Claim 5.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
Extractable Witness EncryptionKZG CommitmentsLaconic OTAGM
Contact author(s)
mail @ nilsfleischhacker de
ma @ cs au dk
mark simkin @ ethereum org
History
2024-03-13: last of 2 revisions
2024-02-16: received
See all versions
Short URL
https://ia.cr/2024/264
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/264,
      author = {Nils Fleischhacker and Mathias Hall-Andersen and Mark Simkin},
      title = {Extractable Witness Encryption for {KZG} Commitments and Efficient Laconic {OT}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/264},
      year = {2024},
      url = {https://eprint.iacr.org/2024/264}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.