Public-coin zero-knowledge arguments with (almost) minimal time and space overheads

Alexander R. Block; Justin Holmgren; Alon Rosen; Ron D. Rothblum; Pratik Soni

doi:10.1007/978-3-030-64378-2_7

Public-coin zero-knowledge arguments with (almost) minimal time and space overheads

Alexander R. Block, Justin Holmgren, Alon Rosen, Ron D. Rothblum, Pratik Soni

Computer Science

Technion - Israel Institute of Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Zero-knowledge protocols enable the truth of a mathematical statement to be certified by a verifier without revealing any other information. Such protocols are a cornerstone of modern cryptography and recently are becoming more and more practical. However, a major bottleneck in deployment is the efficiency of the prover and, in particular, the space-efficiency of the protocol. For every NP relation that can be verified in time T and space S, we construct a public-coin zero-knowledge argument in which the prover runs in time T· polylog (T) and space S· polylog (T). Our proofs have length polylog (T) and the verifier runs in time T· polylog (T) (and space polylog (T)). Our scheme is in the random oracle model and relies on the hardness of discrete log in prime-order groups. Our main technical contribution is a new space efficient polynomial commitment scheme for multi-linear polynomials. Recall that in such a scheme, a sender commits to a given multi-linear polynomial P: Fⁿ→ F so that later on it can prove to a receiver statements of the form “ P(x) = y ”. In our scheme, which builds on commitments schemes of Bootle et al. (Eurocrypt 2016) and Bünz et al. (S&P 2018), we assume that the sender is given multi-pass streaming access to the evaluations of P on the Boolean hypercube and we show how to implement both the sender and receiver in roughly time 2ⁿ and space n and with communication complexity roughly n.

Original language	English
Title of host publication	Theory of Cryptography - 18th International Conference, TCC 2020, Proceedings
Editors	Rafael Pass, Krzysztof Pietrzak
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	168-197
Number of pages	30
ISBN (Print)	9783030643775
DOIs	https://doi.org/10.1007/978-3-030-64378-2_7
State	Published - 2020
Event	18th International Conference on Theory of Cryptography, TCCC 2020 - Durham, United States Duration: 16 Nov 2020 → 19 Nov 2020

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	12551 LNCS

Conference

Conference	18th International Conference on Theory of Cryptography, TCCC 2020
Country/Territory	United States
City	Durham
Period	16/11/20 → 19/11/20

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-030-64378-2_7

Cite this

Block, A. R., Holmgren, J., Rosen, A., Rothblum, R. D., & Soni, P. (2020). Public-coin zero-knowledge arguments with (almost) minimal time and space overheads. In R. Pass, & K. Pietrzak (Eds.), Theory of Cryptography - 18th International Conference, TCC 2020, Proceedings (pp. 168-197). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12551 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-64378-2_7

Block, Alexander R. ; Holmgren, Justin ; Rosen, Alon et al. / Public-coin zero-knowledge arguments with (almost) minimal time and space overheads. Theory of Cryptography - 18th International Conference, TCC 2020, Proceedings. editor / Rafael Pass ; Krzysztof Pietrzak. Springer Science and Business Media Deutschland GmbH, 2020. pp. 168-197 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{a738f29bfe644bb7b94b69f93b5c09d6,

title = "Public-coin zero-knowledge arguments with (almost) minimal time and space overheads",

abstract = "Zero-knowledge protocols enable the truth of a mathematical statement to be certified by a verifier without revealing any other information. Such protocols are a cornerstone of modern cryptography and recently are becoming more and more practical. However, a major bottleneck in deployment is the efficiency of the prover and, in particular, the space-efficiency of the protocol. For every NP relation that can be verified in time T and space S, we construct a public-coin zero-knowledge argument in which the prover runs in time T· polylog (T) and space S· polylog (T). Our proofs have length polylog (T) and the verifier runs in time T· polylog (T) (and space polylog (T)). Our scheme is in the random oracle model and relies on the hardness of discrete log in prime-order groups. Our main technical contribution is a new space efficient polynomial commitment scheme for multi-linear polynomials. Recall that in such a scheme, a sender commits to a given multi-linear polynomial P: Fn→ F so that later on it can prove to a receiver statements of the form “ P(x) = y ”. In our scheme, which builds on commitments schemes of Bootle et al. (Eurocrypt 2016) and B{\"u}nz et al. (S\&P 2018), we assume that the sender is given multi-pass streaming access to the evaluations of P on the Boolean hypercube and we show how to implement both the sender and receiver in roughly time 2n and space n and with communication complexity roughly n.",

author = "Block, \{Alexander R.\} and Justin Holmgren and Alon Rosen and Rothblum, \{Ron D.\} and Pratik Soni",

note = "Publisher Copyright: {\textcopyright} International Association for Cryptologic Research 2020.; 18th International Conference on Theory of Cryptography, TCCC 2020 ; Conference date: 16-11-2020 Through 19-11-2020",

year = "2020",

doi = "10.1007/978-3-030-64378-2\_7",

language = "الإنجليزيّة",

isbn = "9783030643775",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "168--197",

editor = "Rafael Pass and Krzysztof Pietrzak",

booktitle = "Theory of Cryptography - 18th International Conference, TCC 2020, Proceedings",

address = "ألمانيا",

}

Block, AR, Holmgren, J, Rosen, A, Rothblum, RD & Soni, P 2020, Public-coin zero-knowledge arguments with (almost) minimal time and space overheads. in R Pass & K Pietrzak (eds), Theory of Cryptography - 18th International Conference, TCC 2020, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 12551 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 168-197, 18th International Conference on Theory of Cryptography, TCCC 2020, Durham, United States, 16/11/20. https://doi.org/10.1007/978-3-030-64378-2_7

Public-coin zero-knowledge arguments with (almost) minimal time and space overheads. / Block, Alexander R.; Holmgren, Justin; Rosen, Alon et al.
Theory of Cryptography - 18th International Conference, TCC 2020, Proceedings. ed. / Rafael Pass; Krzysztof Pietrzak. Springer Science and Business Media Deutschland GmbH, 2020. p. 168-197 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12551 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Public-coin zero-knowledge arguments with (almost) minimal time and space overheads

AU - Block, Alexander R.

AU - Holmgren, Justin

AU - Rosen, Alon

AU - Rothblum, Ron D.

AU - Soni, Pratik

PY - 2020

Y1 - 2020

N2 - Zero-knowledge protocols enable the truth of a mathematical statement to be certified by a verifier without revealing any other information. Such protocols are a cornerstone of modern cryptography and recently are becoming more and more practical. However, a major bottleneck in deployment is the efficiency of the prover and, in particular, the space-efficiency of the protocol. For every NP relation that can be verified in time T and space S, we construct a public-coin zero-knowledge argument in which the prover runs in time T· polylog (T) and space S· polylog (T). Our proofs have length polylog (T) and the verifier runs in time T· polylog (T) (and space polylog (T)). Our scheme is in the random oracle model and relies on the hardness of discrete log in prime-order groups. Our main technical contribution is a new space efficient polynomial commitment scheme for multi-linear polynomials. Recall that in such a scheme, a sender commits to a given multi-linear polynomial P: Fn→ F so that later on it can prove to a receiver statements of the form “ P(x) = y ”. In our scheme, which builds on commitments schemes of Bootle et al. (Eurocrypt 2016) and Bünz et al. (S&P 2018), we assume that the sender is given multi-pass streaming access to the evaluations of P on the Boolean hypercube and we show how to implement both the sender and receiver in roughly time 2n and space n and with communication complexity roughly n.

AB - Zero-knowledge protocols enable the truth of a mathematical statement to be certified by a verifier without revealing any other information. Such protocols are a cornerstone of modern cryptography and recently are becoming more and more practical. However, a major bottleneck in deployment is the efficiency of the prover and, in particular, the space-efficiency of the protocol. For every NP relation that can be verified in time T and space S, we construct a public-coin zero-knowledge argument in which the prover runs in time T· polylog (T) and space S· polylog (T). Our proofs have length polylog (T) and the verifier runs in time T· polylog (T) (and space polylog (T)). Our scheme is in the random oracle model and relies on the hardness of discrete log in prime-order groups. Our main technical contribution is a new space efficient polynomial commitment scheme for multi-linear polynomials. Recall that in such a scheme, a sender commits to a given multi-linear polynomial P: Fn→ F so that later on it can prove to a receiver statements of the form “ P(x) = y ”. In our scheme, which builds on commitments schemes of Bootle et al. (Eurocrypt 2016) and Bünz et al. (S&P 2018), we assume that the sender is given multi-pass streaming access to the evaluations of P on the Boolean hypercube and we show how to implement both the sender and receiver in roughly time 2n and space n and with communication complexity roughly n.

UR - http://www.scopus.com/inward/record.url?scp=85098287606&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-64378-2_7

DO - 10.1007/978-3-030-64378-2_7

M3 - منشور من مؤتمر

SN - 9783030643775

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 168

EP - 197

BT - Theory of Cryptography - 18th International Conference, TCC 2020, Proceedings

A2 - Pass, Rafael

A2 - Pietrzak, Krzysztof

PB - Springer Science and Business Media Deutschland GmbH

T2 - 18th International Conference on Theory of Cryptography, TCCC 2020

Y2 - 16 November 2020 through 19 November 2020

ER -

Block AR, Holmgren J, Rosen A, Rothblum RD, Soni P. Public-coin zero-knowledge arguments with (almost) minimal time and space overheads. In Pass R, Pietrzak K, editors, Theory of Cryptography - 18th International Conference, TCC 2020, Proceedings. Springer Science and Business Media Deutschland GmbH. 2020. p. 168-197. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-64378-2_7

Public-coin zero-knowledge arguments with (almost) minimal time and space overheads

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this