Sub-linear lattice-based zero-knowledge arguments for arithmetic circuits

Carsten Baum; Jonathan Bootle; Andrea Cerulli; Rafael del Pino; Jens Groth; Vadim Lyubashevsky

doi:10.1007/978-3-319-96881-0_23

Sub-linear lattice-based zero-knowledge arguments for arithmetic circuits

Carsten Baum
, Jonathan Bootle
, Andrea Cerulli
, Rafael del Pino
, Jens Groth
, Vadim Lyubashevsky

Department of Computer Science and Artificial Intelligence

University College London
IBM

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

58 Scopus citations

Abstract

We propose the first zero-knowledge argument with sub-linear communication complexity for arithmetic circuit satisfiability over a prime (formula presented) whose security is based on the hardness of the short integer solution (SIS) problem. For a circuit with (FORMULA PRESENTED) gates, the communication complexity of our protocol is (formula presented), where (formula presented) is the security parameter. A key component of our construction is a surprisingly simple zero-knowledge proof for pre-images of linear relations whose amortized communication complexity depends only logarithmically on the number of relations being proved. This latter protocol is a substantial improvement, both theoretically and in practice, over the previous results in this line of research of Damgård et al. (CRYPTO 2012), Baum et al. (CRYPTO 2016), Cramer et al. (EUROCRYPT 2017) and del Pino and Lyubashevsky (CRYPTO 2017), and we believe it to be of independent interest.

Original language	English
Title of host publication	Advances in Cryptology – CRYPTO 2018 - 38th Annual International Cryptology Conference, 2018, Proceedings
Editors	Alexandra Boldyreva, Hovav Shacham
Publisher	Springer Verlag
Pages	669-699
Number of pages	31
ISBN (Print)	9783319968803
DOIs	https://doi.org/10.1007/978-3-319-96881-0_23
State	Published - 2018
Event	38th Annual International Cryptology Conference, CRYPTO 2018 - Santa Barbara, United States Duration: 19 Aug 2018 → 23 Aug 2018

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	10992 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	38th Annual International Cryptology Conference, CRYPTO 2018
Country/Territory	United States
City	Santa Barbara
Period	19/08/18 → 23/08/18

Bibliographical note

Publisher Copyright:
© 2018, International Association for Cryptologic Research.

Funding

Jonathan Bootle, Andrea Cerulli and Jens Groth were supported by funding from the European Research Council under the European Union’s Seventh Framework Programme (FP/2007-2013)/ERC Grant Agreement n. 307937. Rafael del Pino and Vadim Lyubashevsky were supported in part by the SNSF ERC Transfer Starting Grant CRETP2-166734-FELICITY. Carsten Baum acknowledges support by the BIU Center for Research in Applied Cryptography and Cyber Security in conjunction with the Israel National Cyber Bureau in the Prime Ministers Office.

Funders	Funder number
SNSF ERC	CRETP2-166734-FELICITY
Seventh Framework Programme	307937
European Commission
Seventh Framework Programme	FP/2007-2013

Keywords

Arithmetic circuit
SIS assumption
Sigma-protocol
Zero-knowledge argument

Access to Document

10.1007/978-3-319-96881-0_23

Cite this

Baum, C., Bootle, J., Cerulli, A., del Pino, R., Groth, J., & Lyubashevsky, V. (2018). Sub-linear lattice-based zero-knowledge arguments for arithmetic circuits. In A. Boldyreva, & H. Shacham (Eds.), Advances in Cryptology – CRYPTO 2018 - 38th Annual International Cryptology Conference, 2018, Proceedings (pp. 669-699). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10992 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-96881-0_23

Baum, Carsten ; Bootle, Jonathan ; Cerulli, Andrea et al. / Sub-linear lattice-based zero-knowledge arguments for arithmetic circuits. Advances in Cryptology – CRYPTO 2018 - 38th Annual International Cryptology Conference, 2018, Proceedings. editor / Alexandra Boldyreva ; Hovav Shacham. Springer Verlag, 2018. pp. 669-699 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{08da3b28e21e42d89b269ff7a66396ab,

title = "Sub-linear lattice-based zero-knowledge arguments for arithmetic circuits",

abstract = "We propose the first zero-knowledge argument with sub-linear communication complexity for arithmetic circuit satisfiability over a prime (formula presented) whose security is based on the hardness of the short integer solution (SIS) problem. For a circuit with (FORMULA PRESENTED) gates, the communication complexity of our protocol is (formula presented), where (formula presented) is the security parameter. A key component of our construction is a surprisingly simple zero-knowledge proof for pre-images of linear relations whose amortized communication complexity depends only logarithmically on the number of relations being proved. This latter protocol is a substantial improvement, both theoretically and in practice, over the previous results in this line of research of Damg{\aa}rd et al. (CRYPTO 2012), Baum et al. (CRYPTO 2016), Cramer et al. (EUROCRYPT 2017) and del Pino and Lyubashevsky (CRYPTO 2017), and we believe it to be of independent interest.",

keywords = "Arithmetic circuit, SIS assumption, Sigma-protocol, Zero-knowledge argument",

author = "Carsten Baum and Jonathan Bootle and Andrea Cerulli and \{del Pino\}, Rafael and Jens Groth and Vadim Lyubashevsky",

note = "Publisher Copyright: {\textcopyright} 2018, International Association for Cryptologic Research.; 38th Annual International Cryptology Conference, CRYPTO 2018 ; Conference date: 19-08-2018 Through 23-08-2018",

year = "2018",

doi = "10.1007/978-3-319-96881-0\_23",

language = "אנגלית",

isbn = "9783319968803",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "669--699",

editor = "Alexandra Boldyreva and Hovav Shacham",

booktitle = "Advances in Cryptology – CRYPTO 2018 - 38th Annual International Cryptology Conference, 2018, Proceedings",

address = "גרמניה",

}

Baum, C, Bootle, J, Cerulli, A, del Pino, R, Groth, J & Lyubashevsky, V 2018, Sub-linear lattice-based zero-knowledge arguments for arithmetic circuits. in A Boldyreva & H Shacham (eds), Advances in Cryptology – CRYPTO 2018 - 38th Annual International Cryptology Conference, 2018, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10992 LNCS, Springer Verlag, pp. 669-699, 38th Annual International Cryptology Conference, CRYPTO 2018, Santa Barbara, United States, 19/08/18. https://doi.org/10.1007/978-3-319-96881-0_23

Sub-linear lattice-based zero-knowledge arguments for arithmetic circuits. / Baum, Carsten; Bootle, Jonathan; Cerulli, Andrea et al.
Advances in Cryptology – CRYPTO 2018 - 38th Annual International Cryptology Conference, 2018, Proceedings. ed. / Alexandra Boldyreva; Hovav Shacham. Springer Verlag, 2018. p. 669-699 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10992 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Sub-linear lattice-based zero-knowledge arguments for arithmetic circuits

AU - Baum, Carsten

AU - Bootle, Jonathan

AU - Cerulli, Andrea

AU - del Pino, Rafael

AU - Groth, Jens

AU - Lyubashevsky, Vadim

PY - 2018

Y1 - 2018

N2 - We propose the first zero-knowledge argument with sub-linear communication complexity for arithmetic circuit satisfiability over a prime (formula presented) whose security is based on the hardness of the short integer solution (SIS) problem. For a circuit with (FORMULA PRESENTED) gates, the communication complexity of our protocol is (formula presented), where (formula presented) is the security parameter. A key component of our construction is a surprisingly simple zero-knowledge proof for pre-images of linear relations whose amortized communication complexity depends only logarithmically on the number of relations being proved. This latter protocol is a substantial improvement, both theoretically and in practice, over the previous results in this line of research of Damgård et al. (CRYPTO 2012), Baum et al. (CRYPTO 2016), Cramer et al. (EUROCRYPT 2017) and del Pino and Lyubashevsky (CRYPTO 2017), and we believe it to be of independent interest.

AB - We propose the first zero-knowledge argument with sub-linear communication complexity for arithmetic circuit satisfiability over a prime (formula presented) whose security is based on the hardness of the short integer solution (SIS) problem. For a circuit with (FORMULA PRESENTED) gates, the communication complexity of our protocol is (formula presented), where (formula presented) is the security parameter. A key component of our construction is a surprisingly simple zero-knowledge proof for pre-images of linear relations whose amortized communication complexity depends only logarithmically on the number of relations being proved. This latter protocol is a substantial improvement, both theoretically and in practice, over the previous results in this line of research of Damgård et al. (CRYPTO 2012), Baum et al. (CRYPTO 2016), Cramer et al. (EUROCRYPT 2017) and del Pino and Lyubashevsky (CRYPTO 2017), and we believe it to be of independent interest.

KW - Arithmetic circuit

KW - SIS assumption

KW - Sigma-protocol

KW - Zero-knowledge argument

UR - https://www.scopus.com/pages/publications/85052365174

U2 - 10.1007/978-3-319-96881-0_23

DO - 10.1007/978-3-319-96881-0_23

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:85052365174

SN - 9783319968803

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 669

EP - 699

BT - Advances in Cryptology – CRYPTO 2018 - 38th Annual International Cryptology Conference, 2018, Proceedings

A2 - Boldyreva, Alexandra

A2 - Shacham, Hovav

PB - Springer Verlag

T2 - 38th Annual International Cryptology Conference, CRYPTO 2018

Y2 - 19 August 2018 through 23 August 2018

ER -

Baum C, Bootle J, Cerulli A, del Pino R, Groth J, Lyubashevsky V. Sub-linear lattice-based zero-knowledge arguments for arithmetic circuits. In Boldyreva A, Shacham H, editors, Advances in Cryptology – CRYPTO 2018 - 38th Annual International Cryptology Conference, 2018, Proceedings. Springer Verlag. 2018. p. 669-699. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-96881-0_23

Sub-linear lattice-based zero-knowledge arguments for arithmetic circuits

Abstract

Publication series

Conference

Bibliographical note

Funding

Keywords

Access to Document

Other files and links

Fingerprint

Cite this