Practical Exact Proofs from Lattices: New Techniques to Exploit Fully-Splitting Rings

We propose a lattice-based zero-knowledge proof system for exactly proving knowledge of a ternary solution ~s ∈ {−1, 0, 1} to a linear equation A~s = ~u over Zq, which improves upon the protocol by Bootle, Lyubashevsky and Seiler (CRYPTO 2019) by producing proofs that are shorter by a factor of 7.5. At the core lies a technique that utilizes the module-homomorphic BDLOP commitment scheme (SCN 2018) over the fully splitting cyclotomic ring Zq[X]/(X + 1) to prove scalar products with the NTT vector of a secret polynomial.

[1]  Eli Ben-Sasson,et al.  Aurora: Transparent Succinct Arguments for R1CS , 2019, IACR Cryptol. ePrint Arch..

[2]  Damien Stehlé,et al.  CRYSTALS - Kyber: A CCA-Secure Module-Lattice-Based KEM , 2017, 2018 IEEE European Symposium on Security and Privacy (EuroS&P).

[3]  Vadim Lyubashevsky,et al.  Practical Product Proofs for Lattice Commitments , 2020, IACR Cryptol. ePrint Arch..

[4]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[5]  Damien Stehlé,et al.  Improved Zero-Knowledge Proofs of Knowledge for the ISIS Problem, and Applications , 2013, Public Key Cryptography.

[6]  Vadim Lyubashevsky,et al.  Short Discrete Log Proofs for FHE and Ring-LWE Ciphertexts , 2019, IACR Cryptol. ePrint Arch..

[7]  Yuval Ishai,et al.  Ligero: Lightweight Sublinear Arguments Without a Trusted Setup , 2017, Designs, Codes and Cryptography.

[8]  Martin R. Albrecht,et al.  On the concrete hardness of Learning with Errors , 2015, J. Math. Cryptol..

[9]  Vadim Lyubashevsky,et al.  NTTRU: Truly Fast NTRU Using NTT , 2019, IACR Cryptol. ePrint Arch..

[10]  Gregory Neven,et al.  One-Shot Verifiable Encryption from Lattices , 2017, EUROCRYPT.

[11]  Keisuke Tanaka,et al.  Concurrently Secure Identification Schemes Based on the Worst-Case Hardness of Lattice Problems , 2008, ASIACRYPT.

[12]  Daniele Micciancio Lattice-Based Cryptography , 2011, Encyclopedia of Cryptography and Security.

[13]  Dongxi Liu,et al.  Short Lattice-based One-out-of-Many Proofs and Applications to Ring Signatures , 2019, IACR Cryptol. ePrint Arch..

[14]  Gregory Neven,et al.  Practical Quantum-Safe Voting from Lattices , 2017, IACR Cryptol. ePrint Arch..

[15]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[16]  Vadim Lyubashevsky,et al.  Short, Invertible Elements in Partially Splitting Cyclotomic Rings and Applications to Lattice-Based Zero-Knowledge Proofs , 2018, EUROCRYPT.

[17]  Shi Bai,et al.  An Improved Compression Technique for Signatures Based on Learning with Errors , 2014, CT-RSA.

[18]  Chunhua Su,et al.  A New Identification Scheme based on Syndrome Decoding Problem with Provable Security against Quantum Adversaries , 2019, J. Univers. Comput. Sci..

[19]  Vadim Lyubashevsky,et al.  Lattice Signatures Without Trapdoors , 2012, IACR Cryptol. ePrint Arch..

[20]  Damien Stehlé,et al.  CRYSTALS-Dilithium: A Lattice-Based Digital Signature Scheme , 2018, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[21]  Chris Peikert,et al.  On Ideal Lattices and Learning with Errors over Rings , 2010, JACM.

[22]  W. Banaszczyk New bounds in some transference theorems in the geometry of numbers , 1993 .

[23]  Daniele Micciancio,et al.  Generalized Compact Knapsacks Are Collision Resistant , 2006, ICALP.

[24]  Dongxi Liu,et al.  MatRiCT: Efficient, Scalable and Post-Quantum Blockchain Confidential Transactions Protocol , 2019, CCS.

[25]  Ivan Damgård,et al.  More Efficient Commitments from Structured Lattice Assumptions , 2018, SCN.

[26]  Huaxiong Wang,et al.  Lattice-Based Zero-Knowledge Arguments for Integer Relations , 2018, CRYPTO.

[27]  Damien Stehlé,et al.  Worst-case to average-case reductions for module lattices , 2014, Designs, Codes and Cryptography.

[28]  Dongxi Liu,et al.  Lattice-based Zero-Knowledge Proofs: New Techniques for Shorter and Faster Constructions and Applications , 2019, IACR Cryptol. ePrint Arch..

[29]  Kasteelpark Arenberg,et al.  Sigma protocols for MQ, PKP and SIS, and fishy signature schemes , 2020 .

[30]  Eli Ben-Sasson,et al.  Scalable, transparent, and post-quantum secure computational integrity , 2018, IACR Cryptol. ePrint Arch..

[31]  Man Ho Au,et al.  Efficient Lattice-Based Zero-Knowledge Arguments with Standard Soundness: Construction and Applications , 2019, IACR Cryptol. ePrint Arch..

[32]  Chris Peikert,et al.  Efficient Collision-Resistant Hashing from Worst-Case Assumptions on Cyclic Lattices , 2006, TCC.

[33]  Jan Camenisch,et al.  Efficient Post-quantum SNARKs for RSIS and RLWE and Their Applications to Privacy , 2020, PQCrypto.

[34]  Huaxiong Wang,et al.  Zero-Knowledge Arguments for Lattice-Based PRFs and Applications to E-Cash , 2017, ASIACRYPT.

[35]  Vadim Lyubashevsky,et al.  Fiat-Shamir with Aborts: Applications to Lattice and Factoring-Based Signatures , 2009, ASIACRYPT.

[36]  Joe Kilian,et al.  A note on efficient zero-knowledge proofs and arguments (extended abstract) , 1992, STOC '92.

[37]  Vadim Lyubashevsky,et al.  Algebraic Techniques for Short(er) Exact Lattice-Based Zero-Knowledge Proofs , 2019, IACR Cryptol. ePrint Arch..

[38]  Vadim Lyubashevsky,et al.  Lattice-Based Group Signatures and Zero-Knowledge Proofs of Automorphism Stability , 2018, IACR Cryptol. ePrint Arch..

[39]  Yael Tauman Kalai,et al.  How to Leak a Secret: Theory and Applications of Ring Signatures , 2001, Essays in Memory of Shimon Even.