An Approach to the Construction of a Recursive Argument of Polynomial Evaluation in the Discrete Log Setting

Succinct Non-interactive Arguments of Knowledge (SNARks) are receiving a lot of attention as a core privacy-enhancing technology for blockchain applications. Polynomial commitment schemes are important building blocks for the construction of SNARks. Polynomial commitment schemes enable the prover to commit to a secret polynomial of the prover and convince the verifier that the evaluation of the committed polynomial is correct at a public point later. Bünz et al. recently presented a novel polynomial commitment scheme with no trusted setup in Eurocrypt’20. To provide a transparent setup, their scheme is built over an ideal class group of imaginary quadratic fields (or briefly, class group). However, cryptographic assumptions on a class group are relatively new and have, thus far, not been well-analyzed. In this paper, we study an approach to transpose Bünz et al.’s techniques in the discrete log setting because the discrete log setting brings a significant improvement in efficiency and security compared to class groups. We show that the transposition to the discrete log setting can be obtained by employing a proof system for the equality of discrete logarithms over multiple bases. Theoretical analysis shows that the transposition preserves security requirements for a polynomial commitment scheme.

Polaris: Transparent Succinct Zero-Knowledge Arguments for R1CS with Efficient Verifier

We present a new zero-knowledge succinct argument of knowledge (zkSNARK) scheme for Rank-1 Constraint Satisfaction (RICS), a widely deployed NP-complete language that generalizes arithmetic circuit satisfiability. By instantiating with different commitment schemes, we obtain several zkSNARKs where the verifier’s costs and the proof size range from O(log2 N) to O ( N ) O\left( {\sqrt N } \right) depending on the underlying polynomial commitment schemes when applied to an N-gate arithmetic circuit. All these schemes do not require a trusted setup. It is plausibly post-quantum secure when instantiated with a secure collision-resistant hash function. We report on experiments for evaluating the performance of our proposed system. For instance, for verifying a SHA-256 preimage (less than 23k AND gates) in zero-knowledge with 128 bits security, the proof size is less than 150kB and the verification time is less than 11ms, both competitive to existing systems.

New Commitment Schemes Based on Conjugacy Problems over Rubik’s Groups

Commitment schemes are important tools in cryptography and used as building blocks in many cryptographic protocols. We propose two commitment schemes by using Rubik’s groups. Our proposals do not lay the security on the taken-for-granted hardness of the word problem over Rubik’s groups. Instead, our first proposal is based on a symmetric encryption algorithm that is secure based on the hardness of the conjugacy search problem over Rubik’s groups, while our second proposal is based on the hardness of a newly derived problem—the functional towering conjugacy search problem over Rubik’s groups. The former is proved secure in the sense of both computational hiding and binding, while the latter is proved even secure in the sense of perfect hiding and computational binding. Furthermore, the proposed schemes have a remarkable performance advantage: a linear commitment/opening speed. We also evaluate the efficiency of the commitment schemes and show that they are considerably fast.

Formalising $$\varSigma $$-Protocols and Commitment Schemes Using CryptHOL

Machine-checked proofs of security are important to increase the rigour of provable security. In this work we present a formalised theory of two fundamental two party cryptographic primitives: $$\varSigma $$ Σ -protocols and Commitment Schemes. $$\varSigma $$ Σ -protocols allow a prover to convince a verifier that they possess some knowledge without leaking information about the knowledge. Commitment schemes allow a committer to commit to a message and keep it secret until revealing it at a later time. We use CryptHOL (Lochbihler in Archive of formal proofs, 2017) to formalise both primitives and prove secure multiple examples namely; the Schnorr, Chaum-Pedersen and Okamoto $$\varSigma $$ Σ -protocols as well as a construction that allows for compound (AND and OR) $$\varSigma $$ Σ -protocols and the Pedersen and Rivest commitment schemes. A highlight of the work is a formalisation of the construction of commitment schemes from $$\varSigma $$ Σ -protocols (Damgard in Lecture notes, 2002). We formalise this proof at an abstract level using the modularity available in Isabelle/HOL and CryptHOL. This way, the proofs of the instantiations come for free.