International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

On Extractability of the KZG Family of Polynomial Commitment Schemes

Authors:
Juraj Belohorec , Czech Academy of Sciences and Charles University
Pavel Dvořák , Charles University
Charlotte Hoffmann , Institute of Science and Technology Austria
Pavel Hubáček , Czech Academy of Sciences and Charles University
Kristýna Mašková , Czech Academy of Sciences and Charles University
Martin Pastyřík , Charles University
Download:
Search ePrint
Search Google
Conference: CRYPTO 2025
Abstract: We present a unifying framework for proving the knowledge soundness of KZG-like polynomial commitment schemes, encompassing both univariate and multivariate variants. By conceptualizing the proof technique of Lipmaa, Parisella, and Siim for the univariate KZG scheme (EUROCRYPT 2024), we present tools and falsifiable hardness assumptions that permit black-box extraction of the multivariate KZG scheme. Central to our approach is the notion of a canonical Proof-of-Knowledge of a Polynomial (PoKoP) of a polynomial commitment scheme, which cleanly captures the extractability notion required in constructions of practical zk-SNARKs. We further present an explicit polynomial decomposition lemma for multivariate polynomials, enabling a more direct analysis of interpolating extractors and bridging the gap between univariate and multivariate commitments. Our results provide the first standard-model proofs of extractability for the multivariate KZG scheme and many of its variants under falsifiable assumptions.
BibTeX
@inproceedings{crypto-2025-35649,
  title={On Extractability of the KZG Family of Polynomial Commitment Schemes},
  publisher={Springer-Verlag},
  author={Juraj Belohorec and Pavel Dvořák and Charlotte Hoffmann and Pavel Hubáček and Kristýna Mašková and Martin Pastyřík},
  year=2025
}