More Efficient Commitments from Structured Lattice Assumptions

We present a practical construction of an additively homomorphic commitment scheme based on structured lattice assumptions, together with a zero-knowledge proof of opening knowledge. Our scheme is a design improvement over the previous work of Benhamouda et al. in that it is not restricted to being statistically binding. While it is possible to instantiate our scheme to be statistically binding or statistically hiding, it is most efficient when both hiding and binding properties are only computational. This results in approximately a factor of 4 reduction in the size of the proof and a factor of 6 reduction in the size of the commitment over the aforementioned scheme.

[1]  Oded Regev,et al.  Lattice-Based Cryptography , 2006, CRYPTO.

[2]  Vadim Lyubashevsky,et al.  Fiat-Shamir with Aborts: Applications to Lattice and Factoring-Based Signatures , 2009, ASIACRYPT.

[3]  Erdem Alkim,et al.  Revisiting TESLA in the Quantum Random Oracle Model , 2017, PQCrypto.

[4]  Shi Bai,et al.  An Improved Compression Technique for Signatures Based on Learning with Errors , 2014, CT-RSA.

[5]  Eike Kiltz,et al.  A Concrete Treatment of Fiat-Shamir Signatures in the Quantum Random-Oracle Model , 2018, IACR Cryptol. ePrint Arch..

[6]  Jan Camenisch,et al.  Better Zero-Knowledge Proofs for Lattice Encryption and Their Application to Group Signatures , 2014, ASIACRYPT.

[7]  Fernando Virdia,et al.  Estimate all the {LWE, NTRU} schemes! , 2018, IACR Cryptol. ePrint Arch..

[8]  Damien Stehlé,et al.  CRYSTALS-Dilithium: A Lattice-Based Digital Signature Scheme , 2018, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[9]  Vadim Lyubashevsky,et al.  Lattice Signatures Without Trapdoors , 2012, IACR Cryptol. ePrint Arch..

[10]  Chris Peikert,et al.  On Ideal Lattices and Learning with Errors over Rings , 2010, JACM.

[11]  Keisuke Tanaka,et al.  Concurrently Secure Identification Schemes Based on the Worst-Case Hardness of Lattice Problems , 2008, ASIACRYPT.

[12]  Gregory Neven,et al.  Practical Quantum-Safe Voting from Lattices , 2017, IACR Cryptol. ePrint Arch..

[13]  W. Banaszczyk New bounds in some transference theorems in the geometry of numbers , 1993 .

[14]  Tim Güneysu,et al.  Practical Lattice-Based Cryptography: A Signature Scheme for Embedded Systems , 2012, CHES.

[15]  Chris Peikert,et al.  Efficient Collision-Resistant Hashing from Worst-Case Assumptions on Cyclic Lattices , 2006, TCC.

[16]  Mehdi Tibouchi,et al.  Tightly-Secure Signatures from Lossy Identification Schemes , 2012, EUROCRYPT.

[17]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2009, JACM.

[18]  Daniele Micciancio Generalized Compact Knapsacks, Cyclic Lattices, and Efficient One-Way Functions , 2007, computational complexity.

[19]  Miklós Ajtai,et al.  Generating hard instances of lattice problems (extended abstract) , 1996, STOC '96.

[20]  Vinod Vaikuntanathan,et al.  Multiparty Computation with Low Communication, Computation and Interaction via Threshold FHE , 2012, EUROCRYPT.

[21]  Manuel Blum,et al.  Coin flipping by telephone a protocol for solving impossible problems , 1983, SIGA.

[22]  Stephan Krenn,et al.  Efficient Zero-Knowledge Proofs for Commitments from Learning with Errors over Rings , 2015, ESORICS.

[23]  Vadim Lyubashevsky,et al.  Short, Invertible Elements in Partially Splitting Cyclotomic Rings and Applications to Lattice-Based Zero-Knowledge Proofs , 2018, EUROCRYPT.

[24]  Matthew K. Franklin,et al.  Multi-Autority Secret-Ballot Elections with Linear Work , 1996, EUROCRYPT.

[25]  Léo Ducas,et al.  Lattice Signatures and Bimodal Gaussians , 2013, IACR Cryptol. ePrint Arch..

[26]  Yvo Desmedt,et al.  Threshold Cryptosystems , 1989, CRYPTO.

[27]  Stephan Krenn,et al.  Commitments and Efficient Zero-Knowledge Proofs from Learning Parity with Noise , 2012, ASIACRYPT.

[28]  Miklós Ajtai,et al.  Generating Hard Instances of Lattice Problems , 1996, Electron. Colloquium Comput. Complex..

[29]  Daniele Micciancio,et al.  Generalized Compact Knapsacks Are Collision Resistant , 2006, ICALP.

[30]  Damien Stehlé,et al.  Worst-case to average-case reductions for module lattices , 2014, Designs, Codes and Cryptography.

[31]  Nicolas Gama,et al.  Predicting Lattice Reduction , 2008, EUROCRYPT.

[32]  Ivan Damgård,et al.  On the existence of statistically hiding bit commitment schemes and fail-stop signatures , 1994, Journal of Cryptology.

[33]  Ivan Damgård,et al.  On the Existence of Statistically Hiding Bit Commitment Schemes and Fail-Stop Signatures , 1993, CRYPTO.

[34]  Rui Xue,et al.  Zero Knowledge Proofs from Ring-LWE , 2013, CANS.