Vector commitments over rings and compressed Σ-protocols

Compressed Σ-Protocol Theory (CRYPTO 2020) presents an “alternative” to Bulletproofs that achieves the same communication complexity while adhering more elegantly to existing Σ -protocol theory, which enables their techniques to be directly applicable to other widely used settings in the context of “plug & play” algorithmics. Unfortunately, their techniques are restricted to arithmetic circuits over prime fields, which rules out the possibility of using more machine-friendly moduli such as powers of 2, which have proven to improve efficiency in applications. In this work we show that such techniques can be generalized to the case of arithmetic circuits modulo any number. This enables the use of powers of 2, which can prove to be beneficial for efficiency, but it also facilitates the use of other moduli that might prove useful in different applications. In order to achieve this, we first present an instantiation of the main building block of the theory of compressed Σ -protocols, namely compact vector commitments. Our construction, which may be of independent interest, is homomorphic modulo any positive integer m, a result that was not known in the literature before. Second, we generalize Compressed Σ-Protocol Theory from finite fields to Zm. The main challenge here is ensuring that there are large enough challenge sets as to fulfill the necessary soundness requirements, which is achieved by considering certain ring extensions. Our techniques have direct application for example to verifiable computation on homomorphically encrypted data

Squares of random linear codes

Given a linear code C, one can define the dth power of C as the span of all componentwise products of d elements of C. A power of C may quickly fill the whole space. Our purpose is to answer the following question: does the square of a code typically fill the whole space? We give a positive answer, for codes of dimension k and length roughly (1/2)k2 or smaller. Moreover, the convergence speed is exponential if the difference k(k+1)/2-n is at least linear in k. The proof uses random coding and combinatorial arguments, together with algebraic tools involving the precise computation of the number of quadratic forms of a given rank, and the number of their zeros