Publicly Verifiable Zero-Knowledge and Post-Quantum Signatures from VOLE-in-the-Head

Carsten Baum, Lennart Braun, Cyprien Delpech de Saint Guilhem, Michael Klooß, Emmanuela Orsini, Lawrence Roy, Peter Scholl

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

19 Scopus citations

Abstract

We present a new method for transforming zero-knowledge protocols in the designated verifier setting into public-coin protocols, which can be made non-interactive and publicly verifiable. Our transformation applies to a large class of ZK protocols based on oblivious transfer. In particular, we show that it can be applied to recent, fast protocols based on vector oblivious linear evaluation (VOLE), with a technique we call VOLE-in-the-head, upgrading these protocols to support public verifiability. Our resulting ZK protocols have linear proof size, and are simpler, smaller and faster than related approaches based on MPC-in-the-head. To build VOLE-in-the-head while supporting both binary circuits and large finite fields, we develop several new technical tools. One of these is a new proof of security for the SoftSpokenOT protocol (Crypto 2022), which generalizes it to produce certain types of VOLE correlations over large fields. Secondly, we present a new ZK protocol that is tailored to take advantage of this form of VOLE, which leads to a publicly verifiable VOLE-in-the-head protocol with only 2x more communication than the best, designated-verifier VOLE-based protocols. We analyze the soundness of our approach when made non-interactive using the Fiat-Shamir transform, using round-by-round soundness. As an application of the resulting NIZK, we present FAEST, a post-quantum signature scheme based on AES. FAEST is the first AES-based signature scheme to be smaller than SPHINCS+, with signature sizes between 5.6 and 6.6kB at the 128-bit security level. Compared with the smallest version of SPHINCS+ (7.9kB), FAEST verification is slower, but the signing times are between 8x and 40x faster.

Original languageEnglish
Title of host publicationAdvances in Cryptology – CRYPTO 2023 - 43rd Annual International Cryptology Conference, CRYPTO 2023, Proceedings
EditorsHelena Handschuh, Anna Lysyanskaya
PublisherSpringer Science and Business Media Deutschland GmbH
Pages581-615
Number of pages35
ISBN (Print)9783031385537
DOIs
StatePublished - 2023
Externally publishedYes
EventAdvances in Cryptology – CRYPTO 2023 - 43rd Annual International Cryptology Conference, CRYPTO 2023, Proceedings - Santa Barbara, United States
Duration: 20 Aug 202324 Aug 2023

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume14085 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

ConferenceAdvances in Cryptology – CRYPTO 2023 - 43rd Annual International Cryptology Conference, CRYPTO 2023, Proceedings
Country/TerritoryUnited States
CitySanta Barbara
Period20/08/2324/08/23

Bibliographical note

Publisher Copyright:
© 2023, International Association for Cryptologic Research.

Funding

Acknowledgments. The work of Michael Klooß was supported by KASTEL Security Research Labs and by Helsinki Institute for Information Technology HIIT. Carsten Baum, Lennart Braun, Cyprien Delpech de Saint Guilhem, Emmmanuela Orsini, Lawrence Roy and Peter Scholl have been supported by the Defense Advanced Research Projects Agency (DARPA) under Contract No. HR001120C0085. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of any of the funders. The U.S. Government is authorized to reproduce and distribute reprints for governmental purposes notwithstanding any copyright annotation therein. Lennart Braun has been further supported by the European Research Council (ERC) under the European Unions’s Horizon 2020 research and innovation programme under grant agreement No 803096 (SPEC). Cyprien Delpech de Saint Guilhem is a Junior FWO Postdoctoral Fellow under project 1266123N and was also supported by CyberSecurity Research Flanders with reference number VR20192203 Peter Scholl was also supported by the Aarhus University Research Foundation, and the Independent Research Fund Denmark under project number 0165-00107B (C3PO).

FundersFunder number
CyberSecurity Research FlandersVR20192203
European Unions’s Horizon 2020 research and innovation programme803096
KASTEL Security Research Labs
Defense Advanced Research Projects AgencyHR001120C0085
European Commission
Aarhus Universitets Forskningsfond
Fonds Wetenschappelijk Onderzoek1266123N
Danmarks Frie Forskningsfond0165-00107B
Helsinki Institute for Information Technology

    Fingerprint

    Dive into the research topics of 'Publicly Verifiable Zero-Knowledge and Post-Quantum Signatures from VOLE-in-the-Head'. Together they form a unique fingerprint.

    Cite this