Abstract
We present a new method for transforming zero-knowledge protocols in the designated verifier setting into public-coin protocols, which can be made non-interactive and publicly verifiable. Our transformation applies to a large class of ZK protocols based on oblivious transfer. In particular, we show that it can be applied to recent, fast protocols based on vector oblivious linear evaluation (VOLE), with a technique we call VOLE-in-the-head, upgrading these protocols to support public verifiability. Our resulting ZK protocols have linear proof size, and are simpler, smaller and faster than related approaches based on MPC-in-the-head. To build VOLE-in-the-head while supporting both binary circuits and large finite fields, we develop several new technical tools. One of these is a new proof of security for the SoftSpokenOT protocol (Crypto 2022), which generalizes it to produce certain types of VOLE correlations over large fields. Secondly, we present a new ZK protocol that is tailored to take advantage of this form of VOLE, which leads to a publicly verifiable VOLE-in-the-head protocol with only 2x more communication than the best, designated-verifier VOLE-based protocols. We analyze the soundness of our approach when made non-interactive using the Fiat-Shamir transform, using round-by-round soundness. As an application of the resulting NIZK, we present FAEST, a post-quantum signature scheme based on AES. FAEST is the first AES-based signature scheme to be smaller than SPHINCS+, with signature sizes between 5.6 and 6.6kB at the 128-bit security level. Compared with the smallest version of SPHINCS+ (7.9kB), FAEST verification is slower, but the signing times are between 8x and 40x faster.
Original language | English |
---|---|
Title of host publication | Advances in Cryptology – CRYPTO 2023 - 43rd Annual International Cryptology Conference, CRYPTO 2023, Proceedings |
Editors | Helena Handschuh, Anna Lysyanskaya |
Publisher | Springer Science and Business Media Deutschland GmbH |
Pages | 581-615 |
Number of pages | 35 |
ISBN (Print) | 9783031385537 |
DOIs | |
State | Published - 2023 |
Externally published | Yes |
Event | Advances in Cryptology – CRYPTO 2023 - 43rd Annual International Cryptology Conference, CRYPTO 2023, Proceedings - Santa Barbara, United States Duration: 20 Aug 2023 → 24 Aug 2023 |
Publication series
Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|
Volume | 14085 LNCS |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Conference
Conference | Advances in Cryptology – CRYPTO 2023 - 43rd Annual International Cryptology Conference, CRYPTO 2023, Proceedings |
---|---|
Country/Territory | United States |
City | Santa Barbara |
Period | 20/08/23 → 24/08/23 |
Bibliographical note
Publisher Copyright:© 2023, International Association for Cryptologic Research.
Funding
Acknowledgments. The work of Michael Klooß was supported by KASTEL Security Research Labs and by Helsinki Institute for Information Technology HIIT. Carsten Baum, Lennart Braun, Cyprien Delpech de Saint Guilhem, Emmmanuela Orsini, Lawrence Roy and Peter Scholl have been supported by the Defense Advanced Research Projects Agency (DARPA) under Contract No. HR001120C0085. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of any of the funders. The U.S. Government is authorized to reproduce and distribute reprints for governmental purposes notwithstanding any copyright annotation therein. Lennart Braun has been further supported by the European Research Council (ERC) under the European Unions’s Horizon 2020 research and innovation programme under grant agreement No 803096 (SPEC). Cyprien Delpech de Saint Guilhem is a Junior FWO Postdoctoral Fellow under project 1266123N and was also supported by CyberSecurity Research Flanders with reference number VR20192203 Peter Scholl was also supported by the Aarhus University Research Foundation, and the Independent Research Fund Denmark under project number 0165-00107B (C3PO).
Funders | Funder number |
---|---|
CyberSecurity Research Flanders | VR20192203 |
European Unions’s Horizon 2020 research and innovation programme | 803096 |
KASTEL Security Research Labs | |
Defense Advanced Research Projects Agency | HR001120C0085 |
European Commission | |
Aarhus Universitets Forskningsfond | |
Fonds Wetenschappelijk Onderzoek | 1266123N |
Danmarks Frie Forskningsfond | 0165-00107B |
Helsinki Institute for Information Technology |