CryptoDB
Polynomial Commitments from Lattices: Post-Quantum Security, Fast Verification and Transparent Setup
| Authors: |
|
|---|---|
| Download: |
|
| Presentation: | Slides |
| Conference: | CRYPTO 2024 |
| Abstract: | Polynomial commitment scheme allows a prover to commit to a polynomial $f \in \ring[X]$ of degree $L$, and later prove that the committed function was correctly evaluated at a specified point $x$; in other words $f(x)=u$ for public $x,u \in \ring$. Most applications of polynomial commitments, e.g. succinct non-interactive arguments of knowledge (SNARKs), require that (i) both the commitment and evaluation proof are succinct (i.e., polylogarithmic in the degree $L$) - with the latter being efficiently verifiable, and (ii) no pre-processing step is allowed. Surprisingly, as far as plausibly quantum-safe polynomial commitments are concerned, the currently most efficient constructions only rely on weak cryptographic assumptions, such as security of hash functions. Indeed, despite making use of the underlying algebraic structure, prior lattice-based polynomial commitments still seem to be much behind the hash-based ones. Moreover, security of the aforementioned lattice constructions against quantum adversaries was never formally discussed. In this work, we bridge the gap and propose the first (asymptotically and concretely) efficient lattice-based polynomial commitment with transparent setup and post-quantum security. Our interactive variant relies on the standard (Module-)SIS problem, and can be made non-interactive in the random oracle model using Fiat-Shamir transformation. In addition, we equip the scheme with a knowledge soundness proof against quantum adversaries which can be of independent interest. In terms of concrete efficiency, for $L=2^{20}$ our scheme yields proofs of size $2$X smaller than the hash-based \textsf{FRI} commitment (Block et al., Asiacrypt 2023), and $60$X smaller than the very recent lattice-based construction by Albrecht et al. (Eprint 2023/1469). |
BibTeX
@inproceedings{crypto-2024-34194,
title={Polynomial Commitments from Lattices: Post-Quantum Security, Fast Verification and Transparent Setup},
publisher={Springer-Verlag},
doi={10.1007/978-3-031-68403-6_7},
author={Valerio Cini and Giulio Malavolta and Ngoc Khanh Nguyen and Hoeteck Wee},
year=2024
}