Name
Abstract | ||
|---|---|---|
We propose a practical zero-knowledge proof system for proving knowledge of short solutions s, e to linear relations As + e = u (mod q) which gives the most efficient solution for two naturally-occurring classes of problems. The first is when A is very "tall" , which corresponds to a large number of LWE instances that use the same secret s. In this case, we show that the proof size is independent of the height of the matrix (and thus the length of the error vector e) and rather only linearly depends on the length of s. The second case is when A is of the form I circle times A', which corresponds to proving many LWE instances (with different secrets) that use the same samples A'. The length of this second proof is square root in the length of s, which corresponds to a square root of the length of all the secrets. Our constructions combine recent advances in "purely" lattice-based zero-knowledge proofs with the Reed-Solomon proximity testing ideas present in some generic zero-knowledge proof systems - with the main difference that the latter are applied directly to lattice instances without going through intermediate problems. |
Year | DOI | Venue |
|---|---|---|
2021 | 10.1007/978-3-030-88428-4_30 | COMPUTER SECURITY - ESORICS 2021, PT II |
Keywords | DocType | Volume |
Lattices, Zero-knowledge proofs, LWE, Amortization | Conference | 12973 |
ISSN | Citations | PageRank |
0302-9743 | 0 | 0.34 |
References | Authors | |
0 | 4 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Jonathan Bootle | 1 | 71 | 6.75 |
| Vadim Lyubashevsky | 2 | 1174 | 59.91 |
| Ngoc Khanh Nguyen | 3 | 0 | 0.68 |
| Gregor Seiler | 4 | 26 | 8.73 |