How to prove knowledge of small secrets

Carsten Baum, Ivan Damgård, Kasper Green Larsen, Michael Nielsen

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

23 Scopus citations

Abstract

We propose a new zero-knowledge protocol applicable to additively homomorphic functions that map integer vectors to an Abelian group. The protocol demonstrates knowledge of a short preimage and achieves amortised efficiency comparable to the approach of Cramer and Damgård from Crypto 2010, but gives a much tighter bound on what we can extract from a dishonest prover. Towards achieving this result, we develop an analysis for bins-and-balls games that might be of independent interest. We also provide a general analysis of rewinding of a cut-and-choose protocol as well as a method to use Lyubachevsky’s rejection sampling technique efficiently in an interactive protocol when many proofs are given simultaneously. Our new protocol yields improved proofs of plaintext knowledge for (Ring-)LWE-based cryptosystems, where such general techniques were not known before. Moreover, they can be extended to prove preimages of homomorphic hash functions as well.

Original languageEnglish
Title of host publicationAdvances in Cryptology - 36th Annual International Cryptology Conference, CRYPTO 2016, Proceedings
EditorsMatthew Robshaw, Jonathan Katz
PublisherSpringer Verlag
Pages478-498
Number of pages21
ISBN (Print)9783662530146
DOIs
StatePublished - 2016
Externally publishedYes
Event36th Annual International Cryptology Conference, CRYPTO 2016 - Santa Barbara, United States
Duration: 14 Aug 201618 Aug 2016

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9816
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference36th Annual International Cryptology Conference, CRYPTO 2016
Country/TerritoryUnited States
CitySanta Barbara
Period14/08/1618/08/16

Bibliographical note

Publisher Copyright:
© International Association for Cryptologic Research 2016.

Funding

K.G. Larsen—Supported by the Center for Massive Data Algorithmics, a Center of the Danish National Research Foundation, grant DNRF84, a Villum Young Investigator Grant and an AUFF Starting Grant. C. Baum, I. Damgård and M. Nielsen—Supported by The Danish National Research Foundation and The National Science Foundation of China (under the grant 61061130540) for the Sino-Danish Center for the Theory of Interactive Computation, within which part of this work was performed; by the CFEM research center (supported by the Danish Strategic Research Council) within which part of this work was performed; and by the Advanced ERC grant MPCPRO.

FundersFunder number
AUFF
Advanced ERC
CFEM
Sino-Danish Center for the Theory of Interactive Computation
Strategiske Forskningsråd
Horizon 2020 Framework Programme669255
Danmarks GrundforskningsfondDNRF84
National Natural Science Foundation of China61061130540

    Keywords

    • Homomorphic hashing
    • Integer commitments
    • Lattice-based encryption
    • Proofs of plaintext knowledge

    Fingerprint

    Dive into the research topics of 'How to prove knowledge of small secrets'. Together they form a unique fingerprint.

    Cite this