Vector Commitment Techniques and Applications to Verifiable Decentralized Storage

Vector commitments with subvector openings (SVC) [Lai-Malavolta, Boneh-Bunz-Fisch; CRYPTO’19] allow one to open a committed vector at a set of positions with an opening of size independent of both the vector’s length and the number of opened positions. We continue the study of SVC with two goals in mind: improving their efficiency and making them more suitable to decentralized settings. We address both problems by proposing a new notion for VC that we call incremental aggregation and that allows one to merge openings in a succinct way an unbounded number of times. This property leads to faster generation of openings via preprocessing and a method to generate openings in a distributed way. We then proceed to realize SVC with incremental aggregation. We provide two constructions in groups of unknown order. The first one, similarly to that of Boneh et al. (which supports only one-hop aggregation), has constant-size public parameters, commitments and openings. As an additional feature for this construction we propose efficient arguments of knowledge of subvector openings which immediately yields a keyless proof of storage with compact proofs. For our second construction, we propose an incremental aggregation method for the SVC of Lai-Malavolta; this has linear-size parameters but faster openings. Finally, we address a problem closely related to that of SVC: storing a file efficiently in completely decentralized networks. We introduce and construct verifiable decentralized storage (VDS), a cryptographic primitive that allows to check the integrity of a file stored by a network of nodes in a distributed and decentralized way. Our VDS constructions rely on our new vector commitment techniques.

[1]  Zhenfei Zhang,et al.  Pointproofs: Aggregating Proofs for Multiple Vector Commitments , 2020, IACR Cryptol. ePrint Arch..

[2]  Ralph C. Merkle,et al.  A Digital Signature Based on a Conventional Encryption Function , 1987, CRYPTO.

[3]  Helger Lipmaa,et al.  Secure Accumulators from Euclidean Rings without Trusted Setup , 2012, ACNS.

[4]  Reza Curtmola,et al.  Provable data possession at untrusted stores , 2007, CCS '07.

[5]  Dan Boneh,et al.  Batching Techniques for Accumulators with Applications to IOPs and Stateless Blockchains , 2019, IACR Cryptol. ePrint Arch..

[6]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[7]  Reza Curtmola,et al.  Remote data checking using provable data possession , 2011, TSEC.

[8]  Ian Goldberg,et al.  Constant-Size Commitments to Polynomials and Their Applications , 2010, ASIACRYPT.

[9]  Hovav Shacham,et al.  Sequential Aggregate Signatures from Trapdoor Permutations , 2004, EUROCRYPT.

[10]  Ivan Damgård,et al.  Generic Lower Bounds for Root Extraction and Signature Schemes in General Groups , 2002, EUROCRYPT.

[11]  Markulf Kohlweiss,et al.  Updatable and Universal Common Reference Strings with Applications to zk-SNARKs , 2018, IACR Cryptol. ePrint Arch..

[12]  Steven D. Galbraith,et al.  Trustless Groups of Unknown Order with Hyperelliptic Curves , 2020, IACR Cryptol. ePrint Arch..

[13]  Moti Yung,et al.  Blind, Auditable Membership Proofs , 2000, Financial Cryptography.

[14]  Ari Juels,et al.  Pors: proofs of retrievability for large files , 2007, CCS '07.

[15]  Sharon Goldberg,et al.  Sequential Aggregate Signatures with Lazy Verification from Trapdoor Permutations - (Extended Abstract) , 2012, ASIACRYPT.

[16]  Benjamin Wesolowski,et al.  Efficient Verifiable Delay Functions , 2019, Journal of Cryptology.

[17]  Silvio Micali,et al.  Computationally Private Information Retrieval with Polylogarithmic Communication , 1999, EUROCRYPT.

[18]  Eli Ben-Sasson,et al.  Interactive Oracle Proofs , 2016, TCC.

[19]  Ian Clarke,et al.  Freenet: A Distributed Anonymous Information Storage and Retrieval System , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[20]  Moti Yung,et al.  Functional Commitment Schemes: From Polynomial Commitments to Pairing-Based Accumulators from Simple Assumptions , 2016, ICALP.

[21]  Josh Benaloh,et al.  One-Way Accumulators: A Decentralized Alternative to Digital Sinatures (Extended Abstract) , 1994, EUROCRYPT.

[22]  Dan Boneh,et al.  Scaling Verifiable Computation Using Efficient Set Accumulators , 2019, IACR Cryptol. ePrint Arch..

[23]  Ittai Abraham,et al.  Aggregatable Subvector Commitments for Stateless Cryptocurrencies , 2020, IACR Cryptol. ePrint Arch..

[24]  Ronald Cramer,et al.  Signature schemes based on the strong RSA assumption , 2000, TSEC.

[25]  Dario Fiore,et al.  Vector Commitments and Their Applications , 2013, Public Key Cryptography.

[26]  Adi Shamir,et al.  On the generation of cryptographically strong pseudorandom sequences , 1981, TOCS.

[27]  Ben Fisch,et al.  PoReps: Proofs of Space on Useful Data , 2018, IACR Cryptol. ePrint Arch..

[28]  Moti Yung,et al.  Concise Mercurial Vector Commitments and Independent Zero-Knowledge Sets with Short Proofs , 2010, TCC.

[29]  Giulio Malavolta,et al.  Subvector Commitments with Application to Succinct Arguments , 2019, CRYPTO.

[30]  Ben Fisch,et al.  Tight Proofs of Space and Replication , 2019, IACR Cryptol. ePrint Arch..

[31]  Roberto Tamassia,et al.  Authenticated Data Structures , 2003, ESA.

[32]  Yevgeniy Vahlis,et al.  Verifiable Delegation of Computation over Large Datasets , 2011, IACR Cryptol. ePrint Arch..

[33]  Shai Halevi,et al.  Secure Hash-and-Sign Signatures Without the Random Oracle , 1999, EUROCRYPT.

[34]  Dan Boneh,et al.  A Survey of Two Verifiable Delay Functions , 2018, IACR Cryptol. ePrint Arch..

[35]  Jan Camenisch,et al.  Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials , 2002, CRYPTO.

[36]  Birgit Pfitzmann,et al.  Collision-Free Accumulators and Fail-Stop Signature Schemes Without Trees , 1997, EUROCRYPT.