Paper 2024/306
Concretely Efficient Lattice-based Polynomial Commitment from Standard Assumptions
, Seoul National University, Seoul National University, Seoul National UniversityAbstract
Polynomial commitment is a crucial cryptographic primitive in constructing zkSNARKs. Most practical constructions to date are either vulnerable against quantum adversaries or lack homomorphic properties, which are essential for recursive proof composition and proof batching. Recently, lattice-based constructions have drawn attention for their potential to achieve all the desirable properties, though they often suffer from concrete inefficiency or rely on newly introduced assumptions requiring further cryptanalysis. In this paper, we propose a novel construction of a polynomial commitment scheme based on standard lattice-based assumptions. Our scheme achieves a square-root proof size and verification complexity, ensuring concrete efficiency in proof size, proof generation, and verification. Additionally, it features a transparent setup and publicly verifiability. When compared with Brakedown (CRYPTO 2023), a recent code-based construction, our scheme offers comparable performance across all metrics. Furthermore, its proof size is approximately 4.1 times smaller than SLAP (EUROCRYPT 2024), a recent lattice-based construction.
Metadata
- Available format(s)
-
PDF
- Category
- Cryptographic protocols
- Publication info
- A minor revision of an IACR publication in CRYPTO 2024
- Keywords
- Polynomial CommitmentLatticeZero-Knowledge
- Contact author(s)
-
intak hwang @ snu ac kr
jinyeong seo @ snu ac kr
y song @ snu ac kr - History
- 2024-06-01: revised
- 2024-02-23: received
- See all versions
- Short URL
- https://ia.cr/2024/306
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/306,
author = {Intak Hwang and Jinyeong Seo and Yongsoo Song},
title = {Concretely Efficient Lattice-based Polynomial Commitment from Standard Assumptions},
howpublished = {Cryptology {ePrint} Archive, Paper 2024/306},
year = {2024},
url = {https://eprint.iacr.org/2024/306}
}
