TY - GEN
T1 - Polynomial Commitment with a One-to-Many Prover and Applications
AU - Zhang, Jiaheng
AU - Xie, Tiancheng
AU - Hoang, Thang
AU - Shi, Elaine
AU - Zhang, Yupeng
N1 - Funding Information:
Elaine Shi and Yupeng Zhang are supported by DARPA under Contract No. HR001120C0087. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of DARPA.
Publisher Copyright:
© USENIX Security Symposium, Security 2022.All rights reserved.
PY - 2022
Y1 - 2022
N2 - Verifiable Secret Sharing (VSS) is a foundational cryptographic primitive that serves as an essential building block in multi-party computation and decentralized blockchain applications. One of the most practical ways to construct VSS is through a polynomial commitment, where the dealer commits to a random polynomial whose 0-th coefficient encodes the secret to be shared, and proves the evaluation of the committed polynomial at a different point to each of N verifiers, i.e., the polynomial commitment is used in a “one-to-many” fashion. The recent work of Tomescu et al. (IEEE S&P 2020) was the first to consider polynomial commitment with “one-to-many prover batching”, such that the prover can prove evaluations at N different points at the cost of Õ(1) proofs. However, their scheme is not optimal and requires a trusted setup. In this paper, we asymptotically improve polynomial commitment with one-to-many prover batching. We propose two novel schemes. First, we propose a scheme with optimal asymptotics in all dimensions in the trusted setup setting. Second, we are the first to consider one-to-many prover batching for transparent polynomial commitments, and we propose a transparent scheme whose performance approximately matches the best-known scheme in the trusted setup setting. We implement our schemes and evaluate their performance. Our scheme in the trusted setup setting improves the proof size by 20× and the verifier time by 7.8× for 221 parties, with a small overhead on the prover time. Our transparent polynomial commitment removes the trusted setup and further improves the prover time by 2.3×.
AB - Verifiable Secret Sharing (VSS) is a foundational cryptographic primitive that serves as an essential building block in multi-party computation and decentralized blockchain applications. One of the most practical ways to construct VSS is through a polynomial commitment, where the dealer commits to a random polynomial whose 0-th coefficient encodes the secret to be shared, and proves the evaluation of the committed polynomial at a different point to each of N verifiers, i.e., the polynomial commitment is used in a “one-to-many” fashion. The recent work of Tomescu et al. (IEEE S&P 2020) was the first to consider polynomial commitment with “one-to-many prover batching”, such that the prover can prove evaluations at N different points at the cost of Õ(1) proofs. However, their scheme is not optimal and requires a trusted setup. In this paper, we asymptotically improve polynomial commitment with one-to-many prover batching. We propose two novel schemes. First, we propose a scheme with optimal asymptotics in all dimensions in the trusted setup setting. Second, we are the first to consider one-to-many prover batching for transparent polynomial commitments, and we propose a transparent scheme whose performance approximately matches the best-known scheme in the trusted setup setting. We implement our schemes and evaluate their performance. Our scheme in the trusted setup setting improves the proof size by 20× and the verifier time by 7.8× for 221 parties, with a small overhead on the prover time. Our transparent polynomial commitment removes the trusted setup and further improves the prover time by 2.3×.
UR - http://www.scopus.com/inward/record.url?scp=85140358279&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85140358279&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85140358279
T3 - Proceedings of the 31st USENIX Security Symposium, Security 2022
SP - 2965
EP - 2982
BT - Proceedings of the 31st USENIX Security Symposium, Security 2022
PB - USENIX Association
T2 - 31st USENIX Security Symposium, Security 2022
Y2 - 10 August 2022 through 12 August 2022
ER -