On Extractability of the KZG Family of Polynomial Commitment Schemes

Juraj Belohorec; Pavel Dvořák; Charlotte Hoffmann; Pavel Hubáček; Kristýna Mašková; Martin Pastyřík

Paper 2025/514

On Extractability of the KZG Family of Polynomial Commitment Schemes

Juraj Belohorec

, Czech Academy of Sciences, Institute of Mathematics, Charles University

Pavel Dvořák

, Charles University

Charlotte Hoffmann

, Institute of Science and Technology Austria

Pavel Hubáček

, Czech Academy of Sciences, Institute of Mathematics, Charles University

Kristýna Mašková

, Czech Academy of Sciences, Institute of Mathematics, Charles University

Martin Pastyřík, Charles University

Abstract

We present a unifying framework for proving the knowledge-soundness of KZG-like polynomial commitment schemes, encompassing both univariate and multivariate variants. By conceptualizing the proof technique of Lipmaa, Parisella, and Siim for the univariate KZG scheme (EUROCRYPT 2024), we present tools and falsifiable hardness assumptions that permit black-box extraction of the multivariate KZG scheme. Central to our approach is the notion of a canonical Proof-of-Knowledge of a Polynomial (PoKoP) of a polynomial commitment scheme, which we use to capture the extractability notion required in constructions of practical zk-SNARKs. We further present an explicit polynomial decomposition lemma for multivariate polynomials, enabling a more direct analysis of interpolating extractors and bridging the gap between univariate and multivariate commitments. Our results provide the first standard-model proofs of extractability for the multivariate KZG scheme and many of its variants under falsifiable assumptions.

Metadata

Available format(s): PDF
Category: Cryptographic protocols
Publication info: Preprint.
Keywords: KZG polynomial commitment Extractability Proof of Knowledge of a Polynomial ARSDH GARSDH
Contact author(s): belohorec @ math cas cz
koblich @ iuuk mff cuni cz
charlotte hoffmann @ ista ac at
hubacek @ math cas cz
maskova @ math cas cz
History: 2025-03-21: approved; 2025-03-19: received; See all versions
Short URL: https://ia.cr/2025/514
License: CC BY

BibTeX

@misc{cryptoeprint:2025/514,
      author = {Juraj Belohorec and Pavel Dvořák and Charlotte Hoffmann and Pavel Hubáček and Kristýna Mašková and Martin Pastyřík},
      title = {On Extractability of the {KZG} Family of Polynomial Commitment Schemes},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/514},
      year = {2025},
      url = {https://eprint.iacr.org/2025/514}
}