We construct a practical lattice-based zero-knowledge argument for proving multiplicative relations between committed values. The underlying commitment scheme that we use is the currently most efficient one of Baum et al. (SCN 2018), and the size of our multiplicative proof (9 KB) is only slightly larger than the 7 KB required for just proving knowledge of the committed values. We additionally expand on the work of Lyubashevsky and Seiler (Eurocrypt 2018) by showing that the above-mentioned result can also apply when working over rings Zq[X]/(Xd+1) where Xd+1 splits into low-degree factors, which is a desirable property for many applications (e.g. range proofs, multiplications over
International audienceLattice problems are an attractive basis for cryptographic systems because the...
Abstract. Even though Zero-knowledge has existed for more than 30 years, few generic constructions f...
Committing integers and proving relations between them is an essential ingredient in many cryptograp...
We construct a practical lattice-based zero-knowledge argument for proving multiplicative relations ...
International audienceWe provide lattice-based protocols allowing to prove relations among committed...
This PhD thesis is about practical lattice-based zero-knowledge proof systems. We construct protocol...
Abstract. We design an efficient commitment scheme, and companion zero-knowledge proofs of knowledge...
We present efficient Zero-Knowledge Proofs of Knowledge (ZKPoK) for linear and multiplicative relati...
A key component of many lattice-based protocols is a zeroknowledge proof of knowledge of a vector ~s...
We introduce a new flavor of commitment schemes, which we call mercurial commitments. Infor-mally, m...
We extend a commitment scheme based on the learning with errors over rings (RLWE) problem, and prese...
We extend a commitment scheme based on the learning with errors over rings (RLWE) problem, and prese...
Mercurial commitments were introduced by Chase et al. [8] and form a key building block for construc...
There has been a lot of recent progress in constructing efficient zero-knowledge proofs for showing ...
In preparation for the eventual arrival of quantum computers, there has been a significant amount of...
International audienceLattice problems are an attractive basis for cryptographic systems because the...
Abstract. Even though Zero-knowledge has existed for more than 30 years, few generic constructions f...
Committing integers and proving relations between them is an essential ingredient in many cryptograp...
We construct a practical lattice-based zero-knowledge argument for proving multiplicative relations ...
International audienceWe provide lattice-based protocols allowing to prove relations among committed...
This PhD thesis is about practical lattice-based zero-knowledge proof systems. We construct protocol...
Abstract. We design an efficient commitment scheme, and companion zero-knowledge proofs of knowledge...
We present efficient Zero-Knowledge Proofs of Knowledge (ZKPoK) for linear and multiplicative relati...
A key component of many lattice-based protocols is a zeroknowledge proof of knowledge of a vector ~s...
We introduce a new flavor of commitment schemes, which we call mercurial commitments. Infor-mally, m...
We extend a commitment scheme based on the learning with errors over rings (RLWE) problem, and prese...
We extend a commitment scheme based on the learning with errors over rings (RLWE) problem, and prese...
Mercurial commitments were introduced by Chase et al. [8] and form a key building block for construc...
There has been a lot of recent progress in constructing efficient zero-knowledge proofs for showing ...
In preparation for the eventual arrival of quantum computers, there has been a significant amount of...
International audienceLattice problems are an attractive basis for cryptographic systems because the...
Abstract. Even though Zero-knowledge has existed for more than 30 years, few generic constructions f...
Committing integers and proving relations between them is an essential ingredient in many cryptograp...