Aggregatable Subvector Commitments for Stateless Cryptocurrencies

An aggregatable subvector commitment (aSVC) scheme is a vector commitment (VC) scheme that can aggregate multiple proofs into a single, small subvector proof. In this paper, we formalize aSVCs and give a construction from constant-sized polynomial commitments. Our construction is unique in that it has linear-sized public parameters, it can compute all constant-sized proofs in quasilinear time, it updates proofs in constant time and it can aggregate multiple proofs into a constant-sized subvector proof. Furthermore, our concrete proof sizes are small due to our use of pairing-friendly groups. We use our aSVC to obtain a payments-only stateless cryptocurrency with very low communication and computation overheads. Specifically, our constant-sized, aggregatable proofs reduce each block’s proof overhead to a single group element, which is optimal. Furthermore, our subvector proofs speed up block verification and our smaller public parameters further reduce block size.

[1]  Adi Shamir,et al.  On the Generation of Cryptographically Strong Pseudo-Random Sequences , 1981, ICALP.

[2]  Alfred Menezes,et al.  Reducing elliptic curve logarithms to logarithms in a finite field , 1991, STOC '91.

[3]  Moti Yung,et al.  Functional Commitment Schemes: From Polynomial Commitments to Pairing-Based Accumulators from Simple Assumptions , 2016, ICALP.

[4]  Dan Boneh,et al.  Short Signatures Without Random Oracles and the SDH Assumption in Bilinear Groups , 2008, Journal of Cryptology.

[5]  Yevgeniy Vahlis,et al.  Verifiable Delegation of Computation over Large Datasets , 2011, IACR Cryptol. ePrint Arch..

[6]  Eli Ben-Sasson,et al.  Secure Sampling of Public Parameters for Succinct Zero Knowledge Proofs , 2015, 2015 IEEE Symposium on Security and Privacy.

[7]  Eli Ben-Sasson,et al.  Scalable Zero Knowledge Via Cycles of Elliptic Curves , 2014, Algorithmica.

[8]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[9]  Ian Goldberg,et al.  Constant-Size Commitments to Polynomials and Their Applications , 2010, ASIACRYPT.

[10]  Moti Yung,et al.  Concise Mercurial Vector Commitments and Independent Zero-Knowledge Sets with Short Proofs , 2010, TCC.

[11]  Philipp Jovanovic,et al.  OmniLedger: A Secure, Scale-Out, Decentralized Ledger via Sharding , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[12]  Dan Boneh,et al.  Batching Techniques for Accumulators with Applications to IOPs and Stateless Blockchains , 2019, IACR Cryptol. ePrint Arch..

[13]  Lan Nguyen,et al.  Accumulators from Bilinear Pairings and Applications , 2005, CT-RSA.

[14]  Lloyd N. Trefethen,et al.  Barycentric Lagrange Interpolation , 2004, SIAM Rev..

[15]  Eli Ben-Sasson,et al.  Scalable Zero Knowledge Via Cycles of Elliptic Curves , 2016, Algorithmica.

[16]  Antoine Joux,et al.  A One Round Protocol for Tripartite Diffie–Hellman , 2000, Journal of Cryptology.

[17]  Dario Fiore,et al.  Vector Commitments and Their Applications , 2013, Public Key Cryptography.

[18]  Zhenfei Zhang,et al.  Pointproofs: Aggregating Proofs for Multiple Vector Commitments , 2020, IACR Cryptol. ePrint Arch..

[19]  Amnon Ta-Shma,et al.  Auditable, anonymous electronic cash , 1999 .

[20]  Madars Virza,et al.  On deploying succinct zero-knowledge proofs , 2017 .

[21]  Markulf Kohlweiss,et al.  Optimally private access control , 2013, WPES.

[22]  Jan Camenisch,et al.  Composable and Modular Anonymous Credentials: Definitions and Practical Constructions , 2015, ASIACRYPT.

[23]  Mario Di Raimondo,et al.  Zero-Knowledge Sets With Short Proofs , 2008, IEEE Transactions on Information Theory.

[24]  Matthew Green,et al.  A multi-party protocol for constructing the public parameters of the Pinocchio zk-SNARK , 2018, IACR Cryptol. ePrint Arch..

[25]  Giulio Malavolta,et al.  Subvector Commitments with Application to Succinct Arguments , 2019, CRYPTO.

[26]  Ian Miers,et al.  Scalable Multi-party Computation for zk-SNARK Parameters in the Random Beacon Model , 2017, IACR Cryptol. ePrint Arch..

[27]  Vipul Goyal,et al.  Reducing Trust in the PKG in Identity Based Cryptosystems , 2007, CRYPTO.

[28]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[29]  Charalampos Papamanthou,et al.  Edrax: A Cryptocurrency with Stateless Transaction Validation , 2018, IACR Cryptol. ePrint Arch..

[30]  Eli Ben-Sasson,et al.  Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[31]  Ronald L. Rivest,et al.  Introduction to Algorithms, third edition , 2009 .

[32]  Benny Pinkas,et al.  Towards Scalable Threshold Cryptosystems , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[33]  Dario Fiore,et al.  Vector Commitment Techniques and Applications to Verifiable Decentralized Storage , 2020, IACR Cryptol. ePrint Arch..

[34]  Elaine Shi,et al.  Signatures of Correct Computation , 2013, TCC.

[35]  Joachim von zur Gathen,et al.  Modern Computer Algebra: Fast multiplication , 2013 .

[36]  Leonid Reyzin,et al.  Improving Authenticated Dynamic Dictionaries, with Applications to Cryptocurrencies , 2017, Financial Cryptography.

[37]  Joachim von zur Gathen,et al.  Modern Computer Algebra: Fast polynomial evaluation and interpolation , 2013 .

[38]  Joachim Zahnentferner,et al.  Chimeric Ledgers: Translating and Unifying UTXO-based and Account-based Cryptocurrencies , 2018, IACR Cryptol. ePrint Arch..

[39]  Thaddeus Dryja,et al.  Utreexo: A dynamic hash-based accumulator optimized for the Bitcoin UTXO set , 2019, IACR Cryptol. ePrint Arch..

[40]  Joseph Bonneau,et al.  Coda: Decentralized Cryptocurrency at Scale , 2020, IACR Cryptol. ePrint Arch..

[41]  Ninghui Li,et al.  Universal Accumulators with Efficient Nonmembership Proofs , 2007, ACNS.

[42]  Moti Yung,et al.  Blind, Auditable Membership Proofs , 2000, Financial Cryptography.