Zero-knowledge arguments for lattice-based accumulators: logarithmic-size ring signatures and group signatures without trapdoors
An accumulator is a function that hashes a set of inputs into a short, constant-size string while preserving the ability to efficiently prove the inclusion of a specific input element in the hashed set. It has proved useful in the design of numerous privacy-enhancing protocols, in order to handle re...
Saved in:
| Main Authors: | , , , |
|---|---|
| Other Authors: | |
| Format: | Article |
| Language: | English |
| Published: |
2024
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/172932 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-172932 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1729322024-01-08T15:35:52Z Zero-knowledge arguments for lattice-based accumulators: logarithmic-size ring signatures and group signatures without trapdoors Libert, Benoît Ling, San Nguyen, Khoa Wang, Huaxiong School of Physical and Mathematical Sciences Science::Mathematics Constant Sizes Group Signatures An accumulator is a function that hashes a set of inputs into a short, constant-size string while preserving the ability to efficiently prove the inclusion of a specific input element in the hashed set. It has proved useful in the design of numerous privacy-enhancing protocols, in order to handle revocation or simply prove set membership. In the lattice setting, currently known instantiations of the primitive are based on Merkle trees, which do not interact well with zero-knowledge proofs. In order to efficiently prove the membership of some element in a zero-knowledge manner, the prover has to demonstrate knowledge of a hash chain without revealing it, which is not known to be efficiently possible under well-studied hardness assumptions. In this paper, we provide an efficient method of proving such statements using involved extensions of Stern’s protocol. Under the Small Integer Solution assumption, we provide zero-knowledge arguments showing possession of a hash chain. As an application, we describe new lattice-based group and ring signatures in the random oracle model. In particular, we obtain: (i) the first lattice-based ring signatures with logarithmic size in the cardinality of the ring and (ii) the first lattice-based group signature that does not require any GPV trapdoor and thus allows for a much more efficient choice of parameters. Ministry of Education (MOE) Published version Benoît Libert was supported by the “Programme Avenir Lyon Saint-Etienne de l’Université de Lyon” in the framework of the programme “Investissements d’Avenir” (ANR-11-IDEX-0007), by the French ANR ALAMBIC Project (ANR-16-CE39-0006) and by the European Union PROMETHEUS Project (Horizon 2020 Research and Innovation Program, Grant 780701). San Ling, Khoa Nguyen and Huaxiong Wang were supported by the Singapore Ministry of Education under Research Grant MOE2019-T2-2-083. Khoa Nguyen was also partially supported by Vietnam National University Ho Chi Minh City (VNU-HCM) under Grant Number NCM2019-18-01. Open Access funding enabled and organized by CAUL and its Member Institutions. 2024-01-03T02:02:43Z 2024-01-03T02:02:43Z 2023 Journal Article Libert, B., Ling, S., Nguyen, K. & Wang, H. (2023). Zero-knowledge arguments for lattice-based accumulators: logarithmic-size ring signatures and group signatures without trapdoors. Journal of Cryptology, 36(3). https://dx.doi.org/10.1007/s00145-023-09470-6 0933-2790 https://hdl.handle.net/10356/172932 10.1007/s00145-023-09470-6 2-s2.0-85160210984 3 36 en MOE2019-T2-2-083 Journal of Cryptology © 2023 The Author(s). This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/. application/pdf |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Science::Mathematics Constant Sizes Group Signatures |
| spellingShingle |
Science::Mathematics Constant Sizes Group Signatures Libert, Benoît Ling, San Nguyen, Khoa Wang, Huaxiong Zero-knowledge arguments for lattice-based accumulators: logarithmic-size ring signatures and group signatures without trapdoors |
| description |
An accumulator is a function that hashes a set of inputs into a short, constant-size string while preserving the ability to efficiently prove the inclusion of a specific input element in the hashed set. It has proved useful in the design of numerous privacy-enhancing protocols, in order to handle revocation or simply prove set membership. In the lattice setting, currently known instantiations of the primitive are based on Merkle trees, which do not interact well with zero-knowledge proofs. In order to efficiently prove the membership of some element in a zero-knowledge manner, the prover has to demonstrate knowledge of a hash chain without revealing it, which is not known to be efficiently possible under well-studied hardness assumptions. In this paper, we provide an efficient method of proving such statements using involved extensions of Stern’s protocol. Under the Small Integer Solution assumption, we provide zero-knowledge arguments showing possession of a hash chain. As an application, we describe new lattice-based group and ring signatures in the random oracle model. In particular, we obtain: (i) the first lattice-based ring signatures with logarithmic size in the cardinality of the ring and (ii) the first lattice-based group signature that does not require any GPV trapdoor and thus allows for a much more efficient choice of parameters. |
| author2 |
School of Physical and Mathematical Sciences |
| author_facet |
School of Physical and Mathematical Sciences Libert, Benoît Ling, San Nguyen, Khoa Wang, Huaxiong |
| format |
Article |
| author |
Libert, Benoît Ling, San Nguyen, Khoa Wang, Huaxiong |
| author_sort |
Libert, Benoît |
| title |
Zero-knowledge arguments for lattice-based accumulators: logarithmic-size ring signatures and group signatures without trapdoors |
| title_short |
Zero-knowledge arguments for lattice-based accumulators: logarithmic-size ring signatures and group signatures without trapdoors |
| title_full |
Zero-knowledge arguments for lattice-based accumulators: logarithmic-size ring signatures and group signatures without trapdoors |
| title_fullStr |
Zero-knowledge arguments for lattice-based accumulators: logarithmic-size ring signatures and group signatures without trapdoors |
| title_full_unstemmed |
Zero-knowledge arguments for lattice-based accumulators: logarithmic-size ring signatures and group signatures without trapdoors |
| title_sort |
zero-knowledge arguments for lattice-based accumulators: logarithmic-size ring signatures and group signatures without trapdoors |
| publishDate |
2024 |
| url |
https://hdl.handle.net/10356/172932 |
| _version_ |
1789483201302888448 |