Structure-preserving signatures and commitments to group elements
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
A general, flexible and efficient proof of inclusion and exclusion
CT-RSA'11 Proceedings of the 11th international conference on Topics in cryptology: CT-RSA 2011
Round-efficient sub-linear zero-knowledge arguments for linear algebra
PKC'11 Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptography
Toward practical and unconditional verification of remote computations
HotOS'13 Proceedings of the 13th USENIX conference on Hot topics in operating systems
AFRICACRYPT'10 Proceedings of the Third international conference on Cryptology in Africa
Efficient zero-knowledge arguments from two-tiered homomorphic commitments
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Progression-free sets and sublinear pairing-based non-interactive zero-knowledge arguments
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
Efficient zero-knowledge argument for correctness of a shuffle
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Taking proof-based verified computation a few steps closer to practicality
Security'12 Proceedings of the 21st USENIX conference on Security symposium
A general, flexible and efficient proof of inclusion and exclusion
INTRUST'11 Proceedings of the Third international conference on Trusted Systems
A more efficient computationally sound non-interactive zero-knowledge shuffle argument
SCN'12 Proceedings of the 8th international conference on Security and Cryptography for Networks
Proceedings of the 4th conference on Innovations in Theoretical Computer Science
A more efficient computationally sound non-interactive zero-knowledge shuffle argument
Journal of Computer Security - Advances in Security for Communication Networks
| Hi-index | 0.00 |
We suggest practical sub-linear size zero-knowledge arguments for statements involving linear algebra. Given commitments to matrices over a finite field, we give a sub-linear size zero-knowledge argument that one committed matrix is the product of two other committed matrices. We also offer a sub-linear size zero-knowledge argument for a committed matrix being equal to the Hadamard product of two other committed matrices. Armed with these tools we can give many other sub-linear size zero-knowledge arguments, for instance for a committed matrix being upper or lower triangular, a committed matrix being the inverse of another committed matrix, or a committed matrix being a permutation of another committed matrix.A special case of what can be proved using our techniques is the satisfiability of an arithmetic circuit with N gates. Our arithmetic circuit zero-knowledge argument has a communication complexity of $O(\sqrt{N})$ group elements. We give both a constant round variant and an O(logN) round variant of our zero-knowledge argument; the latter has a computation complexity of O(N/logN) exponentiations for the prover and O(N) multiplications for the verifier making it efficient for the prover and very efficient for the verifier. In the case of a binary circuit consisting of NAND-gates we give a zero-knowledge argument of circuit satisfiability with a communication complexity of $O(\sqrt{N})$ group elements and a computation complexity of O(N) multiplications for both the prover and the verifier.