About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBMโsprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Publication
CRYPTO 2020
Conference paper
Practical Product Proofs for Lattice Commitments
Abstract
We construct a practical lattice-based zero-knowledge argument for proving multiplicative relations between committed values. The underlying commitment scheme that we use is the currently most efficient one of Baum et al. (SCN 2018), and the size of our multiplicative proof (9 KB) is only slightly larger than the 7 KB required for just proving knowledge of the committed values. We additionally expand on the work of Lyubashevsky and Seiler (Eurocrypt 2018) by showing that the above-mentioned result can also apply when working over rings โค๐[๐]/(๐๐+1) where ๐๐+1 splits into low-degree factors, which is a desirable property for many applications (e.g. range proofs, multiplications over โค๐ ) that take advantage of packing multiple integers into the NTT coefficients of the committed polynomial.