## CryptoDB

### Paper: Practical Product Proofs for Lattice Commitments

Authors: Thomas Attema , TNO and CWI Vadim Lyubashevsky , IBM Research - Zurich Gregor Seiler , IBM Research - Zurich and ETH Zurich DOI: http://dx.doi.org/10.1007/978-3-030-56880-1_17 (login may be required) Search ePrint Search Google CRYPTO 2020 We construct a practical lattice-based zero-knowledge argument for proving multiplicative relations between committed values. The underlying commitment scheme that we use is the currently most efficient one of Baum et al. (SCN 2018), and the size of our multiplicative proof is only slightly larger than of the one for just proving knowledge of the committed values. We additionally improve on the results of Lyubashevsky and Seiler (Eurocrypt 2018) to show that the above-mentioned techniques can work over rings $Z_q[X]/(X^d+1)$ where $X^d+1$ splits into low-degree factors, which is a property necessary for many applications. In particular, we use Fourier analysis to show that the NTT coefficients of random small-norm challenges are not concentrated on any particular value.
##### BibTeX
@inproceedings{crypto-2020-30475,
title={Practical Product Proofs for Lattice Commitments},
publisher={Springer-Verlag},
doi={http://dx.doi.org/10.1007/978-3-030-56880-1_17},
author={Thomas Attema and Vadim Lyubashevsky and Gregor Seiler},
year=2020
}