Functional commitments for arbitrary circuits of bounded sizes

IF 16.4 1区化学 Q1 CHEMISTRY, MULTIDISCIPLINARY

Accounts of Chemical Research Pub Date : 2024-08-12 DOI:10.1007/s10623-024-01468-w

Jinrui Sha, Shengli Liu, Shuai Han

{"title":"Functional commitments for arbitrary circuits of bounded sizes","authors":"Jinrui Sha, Shengli Liu, Shuai Han","doi":"10.1007/s10623-024-01468-w","DOIUrl":null,"url":null,"abstract":"A functional commitment (FC) scheme enables committing to a vector \\({\\textbf{x}}\\) and later producing an opening proof \\(\\pi \\) for a function value \\(y=f({\\textbf{x}})\\) with function f in some function set \\({\\mathcal {F}}\\). Everyone can verify the validity of the opening proof \\(\\pi \\) w.r.t. the function f and the function value y. Up to now, the largest function set is the bounded-depth circuits and achieved by FC schemes in [Peikeit et al. TCC 2021, De Castro et al. TCC 2023, Wee et al. Eurocrypt 2023, Wee et al. Asiacrypt 2023] with the help of the homomorphic encoding and evaluation techniques from lattices. In fact, these FC schemes can hardly support circuits of large depth, due to the fast accumulation of noises in the homomorphic evaluations. For example, if the depth of the circuit is linear to the security parameter \\(\\lambda \\), then the underlying \\(\\textsf {GapSVP}_{\\gamma }\\) problem will be accompanied with a super-exponentially large parameter \\(\\gamma >(\\lambda \\log \\lambda )^{\\Theta (\\lambda )}\\) and can be easily solved by the LLL algorithm. In this work, we propose a new FC scheme supporting arbitrary circuits of bounded sizes. We make use of homomorphic encoding and evaluation as well, but we disassemble the circuit gate by gate, process the gates, and reassemble the processed gates to a flattened circuit of logarithm depth \\(O(\\log \\lambda )\\). This makes possible for our FC scheme to support arbitrary polynomial-size circuits. Our FC scheme has the common reference string (CRS) growing linear to the size of the circuit. So CRSs of different sizes allow our FC scheme to support circuits of different (bounded) sizes. Just like the recent work on FC schemes [Wee et al. Eurocrypt 2023, Asiacrypt 2023], our FC scheme achieves private opening and target binding based on a falsifiable family of “basis-augmented” SIS assumptions. Our FC scheme has succinct commitment but not succinct opening proof which of course does not support fast verification. To improve the running time of verification, we resort to the non-interactive GKR protocol to outsource the main computation in verification to the proof generation algorithm. As a result, we obtain an improved FC scheme which decreases the computational complexity of verification with a factor \\(O(\\lambda )\\).","PeriodicalId":1,"journal":{"name":"Accounts of Chemical Research","volume":null,"pages":null},"PeriodicalIF":16.4000,"publicationDate":"2024-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Accounts of Chemical Research","FirstCategoryId":"100","ListUrlMain":"https://doi.org/10.1007/s10623-024-01468-w","RegionNum":1,"RegionCategory":"化学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"CHEMISTRY, MULTIDISCIPLINARY","Score":null,"Total":0}

引用次数: 0

Abstract

A functional commitment (FC) scheme enables committing to a vector \({\textbf{x}}\) and later producing an opening proof \(\pi \) for a function value \(y=f({\textbf{x}})\) with function f in some function set \({\mathcal {F}}\). Everyone can verify the validity of the opening proof \(\pi \) w.r.t. the function f and the function value y. Up to now, the largest function set is the bounded-depth circuits and achieved by FC schemes in [Peikeit et al. TCC 2021, De Castro et al. TCC 2023, Wee et al. Eurocrypt 2023, Wee et al. Asiacrypt 2023] with the help of the homomorphic encoding and evaluation techniques from lattices. In fact, these FC schemes can hardly support circuits of large depth, due to the fast accumulation of noises in the homomorphic evaluations. For example, if the depth of the circuit is linear to the security parameter \(\lambda \), then the underlying \(\textsf {GapSVP}_{\gamma }\) problem will be accompanied with a super-exponentially large parameter \(\gamma >(\lambda \log \lambda )^{\Theta (\lambda )}\) and can be easily solved by the LLL algorithm. In this work, we propose a new FC scheme supporting arbitrary circuits of bounded sizes. We make use of homomorphic encoding and evaluation as well, but we disassemble the circuit gate by gate, process the gates, and reassemble the processed gates to a flattened circuit of logarithm depth \(O(\log \lambda )\). This makes possible for our FC scheme to support arbitrary polynomial-size circuits. Our FC scheme has the common reference string (CRS) growing linear to the size of the circuit. So CRSs of different sizes allow our FC scheme to support circuits of different (bounded) sizes. Just like the recent work on FC schemes [Wee et al. Eurocrypt 2023, Asiacrypt 2023], our FC scheme achieves private opening and target binding based on a falsifiable family of “basis-augmented” SIS assumptions. Our FC scheme has succinct commitment but not succinct opening proof which of course does not support fast verification. To improve the running time of verification, we resort to the non-interactive GKR protocol to outsource the main computation in verification to the proof generation algorithm. As a result, we obtain an improved FC scheme which decreases the computational complexity of verification with a factor \(O(\lambda )\).

Abstract Image

查看原文本刊更多论文

大小有界的任意电路的功能承诺

功能承诺（FC）方案能够承诺一个向量（{\textbf{x}}），之后为函数值（y=f({\textbf{x}})\）生成一个开局证明（\pi \），函数f在某个函数集（{\mathcal {F}}）中。到目前为止，最大的函数集是有界深度电路，并且是在[Peikeit et al. TCC 2021, De Castro et al. TCC 2023, Wee et al. Eurocrypt 2023, Wee et al. Asiacrypt 2023]的 FC 方案中借助同态编码和网格评估技术实现的。事实上，这些 FC 方案很难支持大深度电路，因为同态评估中的噪声会快速积累。例如，如果电路的深度与安全参数（\lambda \）呈线性关系，那么底层的（\textsf {GapSVP}_{\gamma }\ ）问题将伴随着一个超指数大参数（\gamma >(\lambda \log \lambda )^{\Theta（\lambda ）}\），并且可以通过 LLL 算法轻松解决。在这项工作中，我们提出了一种新的 FC 方案，支持大小有界的任意电路。我们也使用了同态编码和评估，但我们逐个门拆解电路，处理门，并将处理过的门重新组装成对数深度为 \(O(\log \lambda )\) 的扁平化电路。这使得我们的 FC 方案可以支持任意多项式大小的电路。我们的 FC 方案的公共参考字符串（CRS）与电路的大小呈线性增长。因此，不同大小的 CRS 可以让我们的 FC 方案支持不同（有界）大小的电路。就像最近关于 FC 方案的研究一样[Wee 等人，Eurocrypt 2023，Asiacrypt 2023]，我们的 FC 方案基于可证伪的 "基础增强 "SIS 假设系列，实现了私人开启和目标绑定。我们的 FC 方案有简洁的承诺，但没有简洁的开启证明，这当然不支持快速验证。为了改进验证的运行时间，我们采用了非交互式 GKR 协议，将验证中的主要计算外包给证明生成算法。因此，我们得到了一种改进的 FC 方案，它将验证的计算复杂度降低了 \(O(\lambda )\) 倍。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Accounts of Chemical Research 化学-化学综合

CiteScore

31.40

自引率

1.10%

发文量

312

审稿时长

2 months

期刊介绍： Accounts of Chemical Research presents short, concise and critical articles offering easy-to-read overviews of basic research and applications in all areas of chemistry and biochemistry. These short reviews focus on research from the author’s own laboratory and are designed to teach the reader about a research project. In addition, Accounts of Chemical Research publishes commentaries that give an informed opinion on a current research problem. Special Issues online are devoted to a single topic of unusual activity and significance. Accounts of Chemical Research replaces the traditional article abstract with an article "Conspectus." These entries synopsize the research affording the reader a closer look at the content and significance of an article. Through this provision of a more detailed description of the article contents, the Conspectus enhances the article's discoverability by search engines and the exposure for the research.