Zero Knowledge Proofs from Ring-LWE

Zero-Knowledge proof is a very basic and important primitive, which allows a prover to prove some statement without revealing anything else. Very recently, Jain et al. proposed very efficient zero-knowledge proofs to prove any polynomial relations on bits, based on the Learning Parity with Noise (LPN) problem (Asiacrypt'12). In this work, we extend analogous constructions whose security is based on the Ring Learning with Errors (RLWE) problem by adapting the techniques presented by Ling et al. (PKC'13). Specifically, we show a simple zero-knowledge proof of knowledge (Σ-protocol) for committed values, and prove any polynomial relations in the underlying ring. I.e. proving committed ring elements m, m 1,...,m t satisfying m = f(m 1,...,m t ) for any polynomial f. Comparing to other existing Σ-protocols, the extracted witness (error vector) has length only small constant times than the one possessed by the prover. When representing ring element as elements in i¾? q , our protocol has amortized communication complexity $\tilde{O}(\lambda\cdot|f|)$ with exponentially small soundness in security parameter λ, where |f| is the size of the circuit in i¾? q computing f.

[1]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[2]  Douglas R. Stinson,et al.  Advances in Cryptology — CRYPTO’ 93 , 2001, Lecture Notes in Computer Science.

[3]  Nigel P. Smart,et al.  Advances in Cryptology - EUROCRYPT 2008, 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Istanbul, Turkey, April 13-17, 2008. Proceedings , 2008, EUROCRYPT.

[4]  Vadim Lyubashevsky,et al.  Lattice Signatures Without Trapdoors , 2012, IACR Cryptol. ePrint Arch..

[5]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[6]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.

[7]  Damien Stehlé,et al.  Worst-case to average-case reductions for module lattices , 2014, Designs, Codes and Cryptography.

[8]  Sidi Mohamed El Yousfi Alaoui,et al.  A Zero-Knowledge Identification Scheme Based on the q-ary Syndrome Decoding Problem , 2010, Selected Areas in Cryptography.

[9]  Vinod Vaikuntanathan,et al.  Multiparty Computation with Low Communication, Computation and Interaction via Threshold FHE , 2012, EUROCRYPT.

[10]  Ivan Damgård,et al.  Short Non-Interactive Cryptographic Proofs , 2015, Journal of Cryptology.

[11]  Josef Pieprzyk,et al.  Advances in Cryptology - ASIACRYPT 2008, 14th International Conference on the Theory and Application of Cryptology and Information Security, Melbourne, Australia, December 7-11, 2008. Proceedings , 2008, ASIACRYPT.

[12]  Ivan Damgård,et al.  On the Amortized Complexity of Zero-Knowledge Protocols , 2009, CRYPTO.

[13]  Henri Gilbert,et al.  Advances in Cryptology - EUROCRYPT 2010, 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Monaco / French Riviera, May 30 - June 3, 2010. Proceedings , 2010, EUROCRYPT.

[14]  Joe Kilian,et al.  An Efficient Noninteractive Zero-Knowledge Proof System for NP with General Assumptions , 1998, Journal of Cryptology.

[15]  Stephan Krenn,et al.  Commitments and Efficient Zero-Knowledge Proofs from Hard Learning Problems , 2012, IACR Cryptol. ePrint Arch..

[16]  Hugo Krawczyk,et al.  Advances in Cryptology - CRYPTO '98 , 1998 .

[17]  Ivan Damgård,et al.  Zero-Knowledge Proofs for Finite Field Arithmetic; or: Can Zero-Knowledge be for Free? , 1998, CRYPTO.

[18]  Ivan Damgård,et al.  On the Amortized Complexity of Zero Knowledge Protocols for Multiplicative Relations , 2012, ICITS.

[19]  Ronald Cramer,et al.  Public Key Cryptography - PKC 2008, 11th International Workshop on Practice and Theory in Public-Key Cryptography, Barcelona, Spain, March 9-12, 2008. Proceedings , 2008, Public Key Cryptography.

[20]  Omer Reingold,et al.  Statistically-hiding commitment from any one-way function , 2007, STOC '07.

[21]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[22]  Shai Halevi Advances in Cryptology - CRYPTO 2009, 29th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 16-20, 2009. Proceedings , 2009, CRYPTO.

[23]  Kenneth G. Paterson,et al.  Security of Symmetric Encryption in the Presence of Ciphertext Fragmentation , 2012, IACR Cryptol. ePrint Arch..

[24]  Pierre-Louis Cayrel,et al.  Improved Zero-Knowledge Identification with Lattices , 2010, ProvSec.

[25]  Keisuke Tanaka,et al.  Concurrently Secure Identification Schemes Based on the Worst-Case Hardness of Lattice Problems , 2008, ASIACRYPT.

[26]  Yvo Desmedt,et al.  Advances in Cryptology — CRYPTO ’94 , 2001, Lecture Notes in Computer Science.

[27]  Stephan Krenn,et al.  Commitments and Efficient Zero-Knowledge Proofs from Learning Parity with Noise , 2012, ASIACRYPT.

[28]  Shlomo Shamai,et al.  Information Theoretic Security , 2009, Found. Trends Commun. Inf. Theory.

[29]  Vadim Lyubashevsky,et al.  Lattice-Based Identification Schemes Secure Under Active Attacks , 2008, Public Key Cryptography.

[30]  Adi Shamir,et al.  Zero Knowledge Proofs of Knowledge in Two Rounds , 1989, CRYPTO.

[31]  Phong Q. Nguyen,et al.  Advances in Cryptology – EUROCRYPT 2013 , 2013, Lecture Notes in Computer Science.

[32]  Damien Stehlé,et al.  Improved Zero-Knowledge Proofs of Knowledge for the ISIS Problem, and Applications , 2013, Public Key Cryptography.

[33]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[34]  Ivan Damgård,et al.  Honest Verifier vs Dishonest Verifier in Public Coin Zero-Knowledge Proofs , 1995, CRYPTO.

[35]  Daniele Micciancio,et al.  Statistical Zero-Knowledge Proofs with Efficient Provers: Lattice Problems and More , 2003, CRYPTO.

[36]  Chris Peikert,et al.  On Ideal Lattices and Learning with Errors over Rings , 2010, EUROCRYPT.

[37]  Chris Peikert,et al.  A Toolkit for Ring-LWE Cryptography , 2013, IACR Cryptol. ePrint Arch..

[38]  Rafail Ostrovsky,et al.  Zero-knowledge from secure multiparty computation , 2007, STOC '07.

[39]  Dan Boneh,et al.  Advances in Cryptology - CRYPTO 2003 , 2003, Lecture Notes in Computer Science.

[40]  Jacques Stern,et al.  A New Identification Scheme Based on Syndrome Decoding , 1993, CRYPTO.

[41]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.