Pointproofs: Aggregating Proofs for Multiple Vector Commitments

Vector commitments enable a user to commit to a sequence of values and provably reveal one or many values at specific posi- tions at a later time. In this work, we construct Pointproofs? a new vector commitment scheme that supports non-interactive aggregation of proofs across multiple commitments. Our construction enables any third party to aggregate a collection of proofs with respect to different, independently computed commitments into a single proof represented by an elliptic curve point of 48-bytes. In addition, our scheme is hiding: a commitment and proofs for some values reveal no information about the remaining values. We build Pointproofs and demonstrate how to apply them to blockchain smart contracts. In our example application, Pointproofs reduce bandwidth overheads for propagating a block of transactions by at least 60% compared to prior state- of-art vector commitments. Pointproofs are also efficient: on a single-thread, it takes 0.08 seconds to generate a proof for 8 values with respect to one commitment, 0.25 seconds to aggregate 4000 such proofs across multiple commitments into one proof, and 23 seconds (0.7 ms per value proven) to verify the aggregated proof.

[1]  Dan Boneh,et al.  A Survey of Two Verifiable Delay Functions , 2018, IACR Cryptol. ePrint Arch..

[2]  Benedikt Bünz,et al.  Proofs for Inner Pairing Products and Applications , 2021, ASIACRYPT.

[3]  Moti Yung,et al.  Concise Mercurial Vector Commitments and Independent Zero-Knowledge Sets with Short Proofs , 2010, TCC.

[4]  Jung Hee Cheon,et al.  Security Analysis of the Strong Diffie-Hellman Problem , 2006, EUROCRYPT.

[5]  Sharon Goldberg,et al.  Sequential Aggregate Signatures with Lazy Verification from Trapdoor Permutations - (Extended Abstract) , 2012, ASIACRYPT.

[6]  Dan Boneh,et al.  Batching Techniques for Accumulators with Applications to IOPs and Stateless Blockchains , 2019, IACR Cryptol. ePrint Arch..

[7]  Nicholas Pippenger,et al.  On the Evaluation of Powers and Monomials , 1980, SIAM J. Comput..

[8]  Ariel Gabizon,et al.  PLONK: Permutations over Lagrange-bases for Oecumenical Noninteractive arguments of Knowledge , 2019, IACR Cryptol. ePrint Arch..

[9]  Dan Boneh,et al.  Efficient polynomial commitment schemes for multiple points and polynomials , 2020, IACR Cryptol. ePrint Arch..

[10]  Amnon Ta-Shma,et al.  Auditable, anonymous electronic cash , 1999 .

[11]  Steve Thakur,et al.  Batching non-membership proofs with bilinear accumulators , 2019, IACR Cryptol. ePrint Arch..

[12]  Hoeteck Wee,et al.  Pixel: Multi-signatures for Consensus , 2019, IACR Cryptol. ePrint Arch..

[13]  Silvio Micali,et al.  Algorand: Scaling Byzantine Agreements for Cryptocurrencies , 2017, IACR Cryptol. ePrint Arch..

[14]  Dan Boneh,et al.  Compact Multi-Signatures for Smaller Blockchains , 2018, IACR Cryptol. ePrint Arch..

[15]  Dario Fiore,et al.  Vector Commitment Techniques and Applications to Verifiable Decentralized Storage , 2020, IACR Cryptol. ePrint Arch..

[16]  Elaine Shi,et al.  Thunderella: Blockchains with Optimistic Instant Confirmation , 2018, IACR Cryptol. ePrint Arch..

[17]  Leonid Reyzin,et al.  Improving Authenticated Dynamic Dictionaries, with Applications to Cryptocurrencies , 2017, Financial Cryptography.

[18]  Markulf Kohlweiss,et al.  Sonic: Zero-Knowledge SNARKs from Linear-Size Universal and Updatable Structured Reference Strings , 2019, IACR Cryptol. ePrint Arch..

[19]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[20]  Ittai Abraham,et al.  Aggregatable Subvector Commitments for Stateless Cryptocurrencies , 2020, IACR Cryptol. ePrint Arch..

[21]  Ian Goldberg,et al.  Constant-Size Commitments to Polynomials and Their Applications , 2010, ASIACRYPT.

[22]  Ralph C. Merkle,et al.  A Digital Signature Based on a Conventional Encryption Function , 1987, CRYPTO.

[23]  Matthew Green,et al.  Synchronized aggregate signatures: new definitions, constructions and applications , 2010, CCS '10.

[24]  Charalampos Papamanthou,et al.  Edrax: A Cryptocurrency with Stateless Transaction Validation , 2018, IACR Cryptol. ePrint Arch..

[25]  Eike Kiltz,et al.  The Algebraic Group Model and its Applications , 2018, IACR Cryptol. ePrint Arch..

[26]  Ian Miers,et al.  Scalable Multi-party Computation for zk-SNARK Parameters in the Random Beacon Model , 2017, IACR Cryptol. ePrint Arch..

[27]  Aggelos Kiayias,et al.  Ouroboros Praos: An adaptively-secure, semi-synchronous proof-of-stake protocol , 2017, IACR Cryptol. ePrint Arch..

[28]  Sharon Goldberg,et al.  Sequential aggregate signatures with lazy verification from trapdoor permutations , 2014, Inf. Comput..

[29]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[30]  Giulio Malavolta,et al.  Subvector Commitments with Application to Succinct Arguments , 2019, CRYPTO.

[31]  N. S. Barnett,et al.  Private communication , 1969 .

[32]  Elaine Shi,et al.  Snow White: Robustly Reconfigurable Consensus and Applications to Provably Secure Proof of Stake , 2019, Financial Cryptography.

[33]  Vitalik Buterin A NEXT GENERATION SMART CONTRACT & DECENTRALIZED APPLICATION PLATFORM , 2015 .

[34]  Dario Fiore,et al.  Vector Commitments and Their Applications , 2013, Public Key Cryptography.

[35]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.

[36]  Moti Yung,et al.  Functional Commitment Schemes: From Polynomial Commitments to Pairing-Based Accumulators from Simple Assumptions , 2016, ICALP.

[37]  Brent Waters,et al.  Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys , 2005, CRYPTO.

[38]  Aggelos Kiayias,et al.  Ouroboros Praos: An Adaptively-Secure, Semi-synchronous Proof-of-Stake Blockchain , 2018, EUROCRYPT.

[39]  David A. Wagner,et al.  A Generalized Birthday Problem , 2002, CRYPTO.

[40]  Claudio Soriente,et al.  An Accumulator Based on Bilinear Maps and Efficient Revocation for Anonymous Credentials , 2009, IACR Cryptol. ePrint Arch..