Conference paper Open Access

Algebraic Techniques for Short(er) Exact Lattice-Based Zero-Knowledge Proofs

Bootle, Jonathan; Lyubashevsky, Vadim; Seiler, Gregor

DCAT Export

<?xml version='1.0' encoding='utf-8'?>
<rdf:RDF xmlns:rdf="" xmlns:adms="" xmlns:dc="" xmlns:dct="" xmlns:dctype="" xmlns:dcat="" xmlns:duv="" xmlns:foaf="" xmlns:frapo="" xmlns:geo="" xmlns:gsp="" xmlns:locn="" xmlns:org="" xmlns:owl="" xmlns:prov="" xmlns:rdfs="" xmlns:schema="" xmlns:skos="" xmlns:vcard="" xmlns:wdrs="">
  <rdf:Description rdf:about="">
    <dct:identifier rdf:datatype=""></dct:identifier>
    <foaf:page rdf:resource=""/>
        <rdf:type rdf:resource=""/>
        <foaf:name>Bootle, Jonathan</foaf:name>
        <rdf:type rdf:resource=""/>
        <foaf:name>Lyubashevsky, Vadim</foaf:name>
        <rdf:type rdf:resource=""/>
        <foaf:name>Seiler, Gregor</foaf:name>
    <dct:title>Algebraic Techniques for Short(er) Exact Lattice-Based Zero-Knowledge Proofs</dct:title>
    <dct:issued rdf:datatype="">2019</dct:issued>
    <dcat:keyword>Zero-Knowledge Proofs,</dcat:keyword>
    <frapo:isFundedBy rdf:resource="info:eu-repo/grantAgreement/EC/H2020/779391/"/>
        <dct:identifier rdf:datatype="">10.13039/100010661</dct:identifier>
        <foaf:name>European Commission</foaf:name>
    <dct:issued rdf:datatype="">2019-08-28</dct:issued>
    <dct:language rdf:resource=""/>
    <owl:sameAs rdf:resource=""/>
        <skos:notation rdf:datatype=""></skos:notation>
    <owl:sameAs rdf:resource=""/>
    <dct:isPartOf rdf:resource=""/>
    <dct:description>&lt;p&gt;A key component of many lattice-based protocols is a zeroknowledge proof of knowledge of a vector ~s with small coe cients satisfying A~s = ~u mod q. While there exist fairly e cient proofs for a relaxed version of this equation which prove the knowledge of ~s0 and c satisfying A~s0 = ~uc where k~s0k&amp;nbsp;&amp;nbsp; k~sk and c is some small element in the ring over which the proof is performed, the proofs for the exact version of the equation are considerably less practical. The best such proof technique is an adaptation of Stern&amp;#39;s protocol (Crypto &amp;#39;93), for proving knowledge of nearby codewords, to larger moduli. The scheme is a&amp;nbsp; -protocol, each of whose iterations has soundness error 2=3, and thus requires over 200 repetitions to obtain soundness error of 2-&lt;sup&gt;128&lt;/sup&gt;, which is the main culprit behind the large size of the proofs produced. In this paper, we propose the&amp;nbsp; rst lattice-based proof system that signicantly outperforms Stern-type proofs for proving knowledge of a short ~s satisfying A~s = ~u mod q. Unlike Stern&amp;#39;s proof, which is combinatorial in nature, our proof is more algebraic and uses various relaxed zeroknowledge proofs as sub-routines. The main savings in our proof system comes from the fact that each round has soundness error of 1=n, where n is the number of columns of A. For typical applications, n is a few thousand, and therefore our proof needs to be repeated around 10 times to achieve a soundness error of 2-128. For concrete parameters, it produces proofs that are around an order of magnitude smaller than those produced using Stern&amp;#39;s approach.&lt;/p&gt;</dct:description>
    <dct:accessRights rdf:resource=""/>
      <dct:RightsStatement rdf:about="info:eu-repo/semantics/openAccess">
        <rdfs:label>Open Access</rdfs:label>
    <dct:license rdf:resource=""/>
        <dcat:accessURL rdf:resource=""/>
        <dcat:downloadURL rdf:resource=""/>
  <foaf:Project rdf:about="info:eu-repo/grantAgreement/EC/H2020/779391/">
    <dct:identifier rdf:datatype="">779391</dct:identifier>
    <dct:title>Future Proofing the Connected World: A Quantum-Resistant Trusted Platform Module</dct:title>
        <dct:identifier rdf:datatype="">10.13039/100010661</dct:identifier>
        <foaf:name>European Commission</foaf:name>
Views 111
Downloads 127
Data volume 61.9 MB
Unique views 107
Unique downloads 125


Cite as