1,127 research outputs found
Relaxed Lattice-Based Signatures with Short Zero-Knowledge Proofs
Higher-level cryptographic privacy-enhancing protocols such as anonymous credentials, voting schemes, and e-cash are often constructed by suitably combining signature, commitment, and encryption schemes with zero-knowledge proofs. Indeed, a large body of protocols have been constructed in that manner from Camenisch-Lysyanskaya signatures and generalized Schnorr proofs. In this paper, we build a similar framework for lattice-based schemes by presenting a signature and commitment scheme that are compatible with Lyubashevsky\u27s Fiat-Shamir proofs with abort, currently the most efficient zero-knowledge proofs for lattices. To cope with the relaxed soundness guarantees of these proofs, we define corresponding notions of relaxed signature and commitment schemes. We demonstrate the flexibility and efficiency of our new primitives by constructing a new lattice-based anonymous attribute token scheme and providing concrete parameters to securely instantiate this scheme
Floppy-Sized Group Signatures from Lattices
We present the first lattice-based group signature scheme whose cryptographic artifacts are of size small enough to be usable in practice: for a group of users, signatures take 910 kB and public keys are 501 kB. Our scheme builds upon two recently proposed lattice-based primitives: the verifiable encryption scheme by Lyubashevsky and Neven (Eurocrypt 2017) and the signature scheme by Boschini, Camenisch, and Neven (IACR ePrint 2017). To achieve such short signatures and keys, we first re-define verifiable encryption to allow one to encrypt a function of the witness, rather than the full witness. This definition enables more efficient realizations of verifiable encryption and is of independent interest. Second, to minimize the size of the signatures and public keys of our group signature scheme, we revisit the proof of knowledge of a signature and the proofs in the verifiable encryption scheme provided in the respective papers
Real-time evolution for weak interaction quenches in quantum systems
Motivated by recent experiments in ultracold atomic gases that explore the
nonequilibrium dynamics of interacting quantum many-body systems, we
investigate the nonequilibrium properties of a Fermi liquid. We apply an
interaction quench within the Fermi liquid phase of the Hubbard model by
switching on a weak interaction suddenly; then we follow the real-time dynamics
of the momentum distribution by a systematic expansion in the interaction
strength based on the flow equation method. In this paper we derive our main
results, namely the applicability of a quasiparticle description, the
observation of a new type of quasi-stationary nonequilibrium Fermi liquid like
state and a delayed thermalization of the momentum distribution. We explain the
physical origin of the delayed relaxation as a consequence of phase space
constraints in fermionic many-body systems. This brings about a close relation
to similar behavior of one-particle systems which we illustrate by a discussion
of the squeezed oscillator; we generalize to an extended class of systems with
discrete energy spectra and point out the generic character of the
nonequilibrium Fermi liquid results for weak interaction quenches. Both for
discrete and continuous systems we observe that particular nonequilibrium
expectation values are twice as large as their corresponding analogues in
equilibrium. For a Fermi liquid, this shows up as an increased
correlation-induced reduction of the quasiparticle residue in nonequilibrium.Comment: 54 page
Lattice-based Zero-Knowledge Proofs: New Techniques for Shorter and Faster Constructions and Applications
We devise new techniques for design and analysis of efficient lattice-based zero-knowledge proofs (ZKP). First, we introduce one-shot proof techniques for non-linear polynomial relations of degree , where the protocol achieves a negligible soundness error in a single execution, and thus performs significantly better in both computation and communication compared to prior protocols requiring multiple repetitions. Such proofs with degree have been crucial ingredients for important privacy-preserving protocols in the discrete logarithm setting, such as Bulletproofs (IEEE S&P \u2718) and arithmetic circuit arguments (EUROCRYPT \u2716). In contrast, one-shot proofs in lattice-based cryptography have previously only been shown for the linear case () and a very specific quadratic case (), which are obtained as a special case of our technique.
Moreover, we introduce two speedup techniques for lattice-based ZKPs: a CRT-packing technique supporting ``inter-slot\u27\u27 operations, and ``NTT-friendly\u27\u27 tools that permit the use of fully-splitting rings. The former technique comes at almost no cost to the proof length, and the latter one barely increases it, which can be compensated for by tweaking the rejection sampling parameters while still having faster computation overall.
To illustrate the utility of our techniques, we show how to use them to build efficient relaxed proofs for important relations, namely proof of commitment to bits, one-out-of-many proof, range proof and set membership proof. Despite their relaxed nature, we further show how our proof systems can be used as building blocks for advanced cryptographic tools such as ring signatures.
Our ring signature achieves a dramatic improvement in length over all the existing proposals from lattices at the same security level. The computational evaluation also shows that our construction is highly likely to outperform all the relevant works in running times. Being efficient in both aspects, our ring signature is particularly suitable for both small-scale and large-scale applications such as cryptocurrencies and e-voting systems. No trusted setup is required for any of our proposals
Return Codes from Lattice Assumptions
We present an approach for creating return codes for latticebased
electronic voting. For a voting system with four control components
and two rounds of communication our scheme results in a total
of 2.3MB of communication per voter, taking less than 1 s of computation.
Together with the shuffle and the decryption protocols by Aranha et
al. [1,2], the return codes presented can be used to build a post-quantum
secure cryptographic voting scheme
Efficient Hybrid Exact/Relaxed Lattice Proofs and Applications to Rounding and VRFs
In this work, we study hybrid exact/relaxed zero-knowledge proofs from lattices, where the proved relation is exact in one part and relaxed in the other. Such proofs arise in important real-life applications such as those requiring verifiable PRF evaluation and have so far not received significant attention as a standalone problem.
We first introduce a general framework, LANES+, for realizing such hybrid proofs efficiently by combining standard relaxed proofs of knowledge RPoK and the LANES framework (due to a series of works in Crypto\u2720, Asiacrypt\u2720, ACM CCS\u2720). The latter framework is a powerful lattice-based proof system that can prove exact linear and multiplicative relations. The advantage of LANES+ is its ability to realize hybrid proofs more efficiently by exploiting RPoK for the high-dimensional part of the secret witness while leaving a low-dimensional secret witness part for the exact proof that is proven at a significantly lower cost via LANES. Thanks to the flexibility of LANES+, other exact proof systems can also be supported.
We apply our LANES+ framework to construct substantially shorter proofs of rounding, which is a central tool for verifiable deterministic lattice-based cryptography. Based on our rounding proof, we then design an efficient long-term verifiable random function (VRF), named LaV. LaV leads to the shortest VRF outputs among the proposals of standard (i.e., long-term and stateless) VRFs based on quantum-safe assumptions.
Of independent interest, we also present generalized results for challenge difference invertibility, a fundamental soundness security requirement for many proof systems
Subtractive Sets over Cyclotomic Rings:Limits of Schnorr-like Arguments over Lattices
We study when (dual) Vandermonde systems of the form admit a solution over a ring , where is the Vandermonde matrix defined by a set and where the slack is a measure of the quality of solutions.
To this end, we propose the notion of -subtractive sets over a ring , with the property that if is -subtractive then the above (dual) Vandermonde systems defined by any -subset are solvable over .
The challenge is then to find large sets while minimising (the norm of) when given a ring .
By constructing families of -subtractive sets of size poly over cyclotomic rings for prime , we construct Schnorr-like lattice-based proofs of knowledge for the SIS relation with knowledge error, and in case poly. Our technique slots naturally into the lattice Bulletproof framework from Crypto\u2720, producing lattice-based succinct arguments for NP with better parameters.
We then give matching impossibility results constraining relative to , which suggest that our Bulletproof-compatible protocols are optimal unless fundamentally new techniques are discovered. Noting that the knowledge error of lattice Bulletproofs is for witnesses in and subtractive set size , our result represents a barrier to practically efficient lattice-based succinct arguments in the Bulletproof framework.
Beyond these main results, the concept of -subtractive sets bridges group-based threshold cryptography to lattice settings, which we demonstrate by relating it to distributed pseudorandom functions
One-Shot Verifiable Encryption from Lattices
Verifiable encryption allows one to prove properties about encrypted data and is an important building block in the design of cryptographic protocols, e.g., group signatures, key escrow, fair exchange protocols, etc. Existing lattice-based verifiable encryption schemes, and even just proofs of knowledge of the encrypted data, require parallel composition of proofs to reduce the soundness error, resulting in proof sizes that are only truly practical when amortized over a large number of ciphertexts.
In this paper, we present a new construction of a verifiable encryption scheme, based on the hardness of the Ring-LWE problem in the random-oracle model, for short solutions to linear equations over polynomial rings. Our scheme is one-shot , in the sense that a single instance of the proof already has negligible soundness error, yielding compact proofs even for individual ciphertexts. Whereas verifiable encryption usually guarantees that decryption can recover a witness for the original language, we relax this requirement to decrypt a witness of a related but extended language. This relaxation is sufficient for many applications and we illustrate this with example usages of our scheme in key escrow and verifiably encrypted signatures.
One of the interesting aspects of our construction is that the decryption algorithm is probabilistic and uses the proof as input (rather than using only the ciphertext). The decryption time for honestly-generated ciphertexts only depends on the security parameter, while the expected running time for decrypting an adversarially-generated ciphertext is directly related to the number of random-oracle queries of the adversary who created it. This property suffices in most practical scenarios, especially in situations where the ciphertext proof is part of an interactive protocol, where the decryptor is substantially more powerful than the adversary, or where adversaries can be otherwise discouraged to submit malformed ciphertexts
- …