constant size commitments to polynomials and their
play

Constant-Size Commitments to Polynomials and Their Applications Ian - PowerPoint PPT Presentation

Nov 16, 2022 •613 likes •1.4k views

Constant-Size Commitments to Polynomials and Their Applications Ian Goldberg Cryptography, Security, and Privacy Research Lab University of Waterloo ECRYPT II Provable Privacy Workshop 10 July 2012 Coauthors Aniket Kate (Max Planck

  1. Constant-Size Commitments to Polynomials and Their Applications Ian Goldberg Cryptography, Security, and Privacy Research Lab University of Waterloo ECRYPT II Provable Privacy Workshop 10 July 2012

  2. Coauthors Aniket Kate (Max Planck Institutes) Gregory Zaverucha (Microsoft Research) Ryan Henry (University of Waterloo) Femi Olumofin (Pitney Bowes) Yizhou Huang (University of Waterloo) Ian Goldberg Polynomial Commitments 2 / 26

  3. Commitments One of the most common cryptographic primitives Ian Goldberg Polynomial Commitments 3 / 26

  4. Commitments One of the most common cryptographic primitives Ian Goldberg Polynomial Commitments 3 / 26

  5. Commitments One of the most common cryptographic primitives Commit Ian Goldberg Polynomial Commitments 3 / 26

  6. Commitments One of the most common cryptographic primitives Ian Goldberg Polynomial Commitments 3 / 26

  7. Commitments One of the most common cryptographic primitives Binding, Hiding Ian Goldberg Polynomial Commitments 3 / 26

  8. Commitments One of the most common cryptographic primitives Open Ian Goldberg Polynomial Commitments 3 / 26

  9. Hash commitments Simplest kind of commitment C ( m ) = H ( m ) Ian Goldberg Polynomial Commitments 4 / 26

  10. Hash commitments Simplest kind of commitment C ( m ) = H ( r , m ) Ian Goldberg Polynomial Commitments 4 / 26

  11. Homomorphic commitments Ian Goldberg Polynomial Commitments 5 / 26

  12. Homomorphic commitments Ian Goldberg Polynomial Commitments 5 / 26

  13. Homomorphic commitments Ian Goldberg Polynomial Commitments 5 / 26

  14. Homomorphic commitments Ian Goldberg Polynomial Commitments 5 / 26

  15. Homomorphic commitments Ian Goldberg Polynomial Commitments 5 / 26

  16. Homomorphic commitments Ian Goldberg Polynomial Commitments 5 / 26

  17. Homomorphic commitments Ian Goldberg Polynomial Commitments 5 / 26

  18. Homomorphic commitments Ian Goldberg Polynomial Commitments 5 / 26

  19. Homomorphic commitments Ian Goldberg Polynomial Commitments 5 / 26

  20. Homomorphic commitments C ( a ⊕ b ) = C ( a ) ⊗ C ( b ) Ian Goldberg Polynomial Commitments 5 / 26

  21. Homomorphic commitments Simplest homomorphic commitment C ( m ) = g m Ian Goldberg Polynomial Commitments 6 / 26

  22. Homomorphic commitments Simplest homomorphic commitment C ( m ) = g m g a + b = g a · g b Ian Goldberg Polynomial Commitments 6 / 26

  23. Homomorphic commitments Simplest homomorphic commitment C ( m ) = g m C ( a + b ) = C ( a ) · C ( b ) Ian Goldberg Polynomial Commitments 6 / 26

  24. Homomorphic commitments Simplest homomorphic commitment C ( m ) = g m h r Ian Goldberg Polynomial Commitments 6 / 26

  25. Polynomial commitments Until now: Commit to a numbery A Ap Ian Goldberg Polynomial Commitments 7 / 26

  26. Polynomial commitments Next: Commit to a polynomial A Ap Ian Goldberg Polynomial Commitments 7 / 26

  27. Polynomial commitments Next: Commit to a polynomial And:A Open evaluationsAp Ian Goldberg Polynomial Commitments 7 / 26

  28. Polynomial commitments Previous method: f ( x ) = f 0 + f 1 x + f 2 x 2 + · · · + f t x t Ian Goldberg Polynomial Commitments 8 / 26

  29. Polynomial commitments Previous method: f ( x ) = f 0 + f 1 x + f 2 x 2 + · · · + f t x t Ian Goldberg Polynomial Commitments 8 / 26

  30. Polynomial commitments Previous method: f ( x ) = f 0 + f 1 x + f 2 x 2 + · · · + f t x t C ( f ) = � C ( f 0 ) , C ( f 1 ) , C ( f 2 ) , . . . , C ( f t ) � Ian Goldberg Polynomial Commitments 8 / 26

  31. Polynomial commitments Previous method: f ( x ) = f 0 + f 1 x + f 2 x 2 + · · · + f t x t C ( f ) = � C ( f 0 ) , C ( f 1 ) , C ( f 2 ) , . . . , C ( f t ) � � g f 0 , g f 1 , g f 2 , . . . , g f t � C ( f ) = Ian Goldberg Polynomial Commitments 8 / 26

  32. Opening polynomial commitments To open C ( f ) at a given point ( i , y = f ( i )): Ian Goldberg Polynomial Commitments 9 / 26

  33. Opening polynomial commitments To open C ( f ) at a given point ( i , y = f ( i )): Alice sends ( i , y ) to Bob Ian Goldberg Polynomial Commitments 9 / 26

  34. Opening polynomial commitments To open C ( f ) at a given point ( i , y = f ( i )): Alice sends ( i , y ) to Bob Bob checks: = C ( f 0 ) · C ( f 1 ) i · C ( f 2 ) i 2 · · · · · C ( f t ) i t ? g y Ian Goldberg Polynomial Commitments 9 / 26

  35. Opening polynomial commitments To open C ( f ) at a given point ( i , y = f ( i )): Alice sends ( i , y ) to Bob Bob checks: = C ( f 0 ) · C ( f 1 ) i · C ( f 2 ) i 2 · · · · · C ( f t ) i t ? g y g y = g f 0 · g f 1 i · g f 2 i 2 · · · · · g f t i t g i t Ian Goldberg Polynomial Commitments 9 / 26

  36. Opening polynomial commitments To open C ( f ) at a given point ( i , y = f ( i )): Alice sends ( i , y ) to Bob Bob checks: = C ( f 0 ) · C ( f 1 ) i · C ( f 2 ) i 2 · · · · · C ( f t ) i t ? g y g y = g f 0 + f 1 i + f 2 i 2 + ··· + f t i t g i t Ian Goldberg Polynomial Commitments 9 / 26

  37. Opening polynomial commitments To open C ( f ) at a given point ( i , y = f ( i )): Alice sends ( i , y ) to Bob Bob checks: = C ( f 0 ) · C ( f 1 ) i · C ( f 2 ) i 2 · · · · · C ( f t ) i t ? g y g y = g f ( i ) g i t Ian Goldberg Polynomial Commitments 9 / 26

  38. A slight variation C ( f ) = � ( i 0 , C ( f ( i 0 )) ), ( i 1 , C ( f ( i 1 )) ), . . . , ( i t , C ( f ( i t )) ) � Ian Goldberg Polynomial Commitments 10 / 26

  39. A slight variation C ( f ) = � ( i 0 , C ( f ( i 0 )) ), ( i 1 , C ( f ( i 1 )) ), . . . , ( i t , C ( f ( i t )) ) � Ian Goldberg Polynomial Commitments 10 / 26

  40. A slight variation C ( f ) = � ( i 0 , C ( f ( i 0 )) ), ( i 1 , C ( f ( i 1 )) ), . . . , ( i t , C ( f ( i t )) ) � ? = C ( f ( i 0 )) Λ 0 · C ( f ( i 1 )) Λ 1 · · · · · C ( f ( i t )) Λ t g y i − i k � Λ j = i j − i k k Ian Goldberg Polynomial Commitments 10 / 26

  41. Size matters Both types of polynomial commitments grow in size with the degree of the polynomial! Ian Goldberg Polynomial Commitments 11 / 26

  42. Constant-size polynomial commitments Trick #1: Committing Commit to a single evaluation of f Ian Goldberg Polynomial Commitments 12 / 26

  43. Constant-size polynomial commitments Trick #1: Committing Commit to a single evaluation of f . . . at a point α no one knows Ian Goldberg Polynomial Commitments 12 / 26

  44. Constant-size polynomial commitments Trick #1: Committing Commit to a single evaluation of f . . . at a point α no one knows Public key of the system: � g , g α , g α 2 , . . . , g α t � Ian Goldberg Polynomial Commitments 12 / 26

  45. Constant-size polynomial commitments Trick #1: Committing Commit to a single evaluation of f . . . at a point α no one knows Public key of the system: � g , g α , g α 2 , . . . , g α t � � f 0 · g α � f 1 · g α 2 � f 2 ·· · ·· g α t � f t g f ( α ) = � � � � g Ian Goldberg Polynomial Commitments 12 / 26

  46. Constant-size polynomial commitments Trick #2: Opening If f ( i ) = y , then w ( x ) = f ( x ) − y is a x − i polynomial, which Alice can compute Ian Goldberg Polynomial Commitments 13 / 26

  47. Constant-size polynomial commitments Trick #2: Opening If f ( i ) = y , then w ( x ) = f ( x ) − y is a x − i polynomial, which Alice can compute Alice forms a polynomial commitment ω = g w ( α ) to w Ian Goldberg Polynomial Commitments 13 / 26

  48. Constant-size polynomial commitments Trick #2: Opening If f ( i ) = y , then w ( x ) = f ( x ) − y is a x − i polynomial, which Alice can compute Alice forms a polynomial commitment ω = g w ( α ) to w Alice sends ( i , y , ω ) to Bob Ian Goldberg Polynomial Commitments 13 / 26

  49. Constant-size polynomial commitments Trick #3: Verifying The group G generated by g should admit a bilinear pairing e : G × G → G T Ian Goldberg Polynomial Commitments 14 / 26

  50. Constant-size polynomial commitments Trick #3: Verifying The group G generated by g should admit a bilinear pairing e : G × G → G T e ( g a , g b ) = e ( g , g ) ab Ian Goldberg Polynomial Commitments 14 / 26

  51. Constant-size polynomial commitments Trick #3: Verifying The group G generated by g should admit a bilinear pairing e : G × G → G T Bob checks: ? = e ( ω, g α / g i ) e ( g y , g ) e ( C , g ) Ian Goldberg Polynomial Commitments 14 / 26

  52. Constant-size polynomial commitments Trick #3: Verifying The group G generated by g should admit a bilinear pairing e : G × G → G T Bob checks: ? = e ( ω, g α / g i ) e ( g y , g ) e ( C , g ) e ( g f ( α ) , g ) ? = e ( g w ( α ) , g α − i ) e ( g y , g ) e ( g , g ) f ( α ) ? = e ( g , g ) w ( α )( α − i )+ y Ian Goldberg Polynomial Commitments 14 / 26

  53. Variants Can open multiple evaluations with only a single witness Can perform various ZKPoKs; e.g. prove knowledge of f ( i ) � = 0 without revealing f or f ( i ) to Bob Can use a Pedersen-like scheme to achieve perfect hiding Ian Goldberg Polynomial Commitments 15 / 26

  54. Provable security properties Polynomial binding: t-SDH Evaluation binding: t-SDH Hiding: perfect when < t openings revealed; DL when t Ian Goldberg Polynomial Commitments 16 / 26

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Access and Opportunity Committee Agenda 1. Construction Commitments 2. Design Commitments 3.

Access and Opportunity Committee Agenda 1. Construction Commitments 2. Design Commitments 3.

Access and Opportunity Committee Agenda 1. Construction Commitments 2. Design Commitments 3. Construction Workforce Construction Commitments Construction Commitments Through May 31, 2015 Group Project Goals Commitments Variance

430 views • 15 slides
Stack: Resize scale by constant Original size c then increase by c when full Run time to push n

Stack: Resize scale by constant Original size c then increase by c when full Run time to push n

Stack: Resize scale by constant Original size c then increase by c when full Run time to push n items into an empty stack? Number of resizes: Cost of i th resize: Total resize cost: 1 Stack summary Linked list implementation: Array

412 views • 6 slides
Full-fl Full-edged Real-Time Indexing for Constant Size Alphabets Gregory Kucherov CNRS/LIGM

Full-fl Full-edged Real-Time Indexing for Constant Size Alphabets Gregory Kucherov CNRS/LIGM

Full-fl Full-edged Real-Time Indexing for Constant Size Alphabets Gregory Kucherov CNRS/LIGM Marne-la-Vall ee, France Yakov Nekrich University of Kansas, USA ICALP13, July 11, 2013 Context and history Suffix Tree Supporting real-time

604 views • 33 slides
? ? The rank A of a subset A of E is the common size ? ? of maximal independent

? ? The rank A of a subset A of E is the common size ? ? of maximal independent

Codes Polynomials associated with code over GF n k q is a k

230 views • 4 slides
Does the Hubble constant tension call for new physics? Edvard Mrtsell and Suhail Dhawan

Does the Hubble constant tension call for new physics? Edvard Mrtsell and Suhail Dhawan

Does the Hubble constant tension call for new physics? Edvard Mrtsell and Suhail Dhawan 1801.07260 The Hubble constant ( H 0 ) Size of Universe compared to today Billion years from today Local CMB Freedman, Nature Astronomy 1 Cosmic

748 views • 13 slides
More Zeroes of Polynomials In this lecture we look more carefully at zeroes of polynomials.

More Zeroes of Polynomials In this lecture we look more carefully at zeroes of polynomials.

More Zeroes of Polynomials In this lecture we look more carefully at zeroes of polynomials. (Recall: a zero of a polynomial is sometimes called a root.) Our goal in the next few presentations is to set up a strategy for Elementary

331 views • 9 slides
TEMPORAL VARIATIONS OF BED LOAD TRANSPORT RATE AND THE GRAIN SIZE DISTRIBUTION OF NON-UNIFORM

TEMPORAL VARIATIONS OF BED LOAD TRANSPORT RATE AND THE GRAIN SIZE DISTRIBUTION OF NON-UNIFORM

INTERNATIONAL CONFERENCE ON REHABILITATION AND MAINTENANCE IN CIVIL ENGINEERING Surakarta, 11-12 July 2018 TEMPORAL VARIATIONS OF BED LOAD TRANSPORT RATE AND THE GRAIN SIZE DISTRIBUTION OF NON-UNIFORM SIZE SEDIMENT DURING A CONSTANT FLOW RATES

332 views • 17 slides
Secure Database Commitments and Universal Arguments of Quasi Knowledge Melissa Chase (Microsoft

Secure Database Commitments and Universal Arguments of Quasi Knowledge Melissa Chase (Microsoft

Secure Database Commitments and Universal Arguments of Quasi Knowledge Melissa Chase (Microsoft Research) Ivan Visconti (University of Salerno) Size hiding protocols Traditional secure computation: All existing definitions and Parties

631 views • 22 slides
28 4x 81y 4 z rt 3 2 , 4 5 6 7 2 17x mn 3 We usually write the variables in exponential

28 4x 81y 4 z rt 3 2 , 4 5 6 7 2 17x mn 3 We usually write the variables in exponential

Slide 1 / 216 Slide 2 / 216 Algebra I Polynomials 2015-11-02 www.njctl.org Slide 3 / 216 Click on the topic to go to that section Table of Contents Definitions of Monomials, Polynomials and Degrees Adding and Subtracting Polynomials

964 views • 72 slides
Classification of Combinatorial Polynomials (in particular, Ehrhart Polynomials of Zonotopes)

Classification of Combinatorial Polynomials (in particular, Ehrhart Polynomials of Zonotopes)

Classification of Combinatorial Polynomials (in particular, Ehrhart Polynomials of Zonotopes) Matthias Beck San Francisco State University Katharina Jochemko Kungliga Tekniska H ogskolan Emily McCullough University of San Francisco

244 views • 20 slides
Unimodality of q -Eulerian polynomials and q , p -Eulerian polynomials Michelle Wachs University

Unimodality of q -Eulerian polynomials and q , p -Eulerian polynomials Michelle Wachs University

Unimodality of q -Eulerian polynomials and q , p -Eulerian polynomials Michelle Wachs University of Miami Joint work with John Shareshian and with Anthony Henderson Eulerian numbers and Eulerian polynomials Eulerian numbers: a n , j := |{

710 views • 43 slides
Advances in Knot Polynomials 21 October 2016 Advances in Knot Polynomials 21 October 2016 1 /

Advances in Knot Polynomials 21 October 2016 Advances in Knot Polynomials 21 October 2016 1 /

Advances in Knot Polynomials 21 October 2016 Advances in Knot Polynomials 21 October 2016 1 / 49 ABSTRACT Review of achievements and problems in the theory of colored knot polynomials. Accent is on the current mystery around the differential

761 views • 49 slides
Polynomials Paul Valiant Brown University (Based on joint work with Gregory Valiant, mostly

Polynomials Paul Valiant Brown University (Based on joint work with Gregory Valiant, mostly

Three Perspectives on Orthogonal Polynomials Paul Valiant Brown University (Based on joint work with Gregory Valiant, mostly STOC11: Estimating the Unseen: An n/log(n)-sample Estimator for Entropy and Support Size, Shown Optimal via New

602 views • 14 slides
Robust Algorithms for Chebyshev Polynomials and Related Approximations Miroslav Vl cek

Robust Algorithms for Chebyshev Polynomials and Related Approximations Miroslav Vl cek

Introduction Chebyshev polynomials Symmetrical Zolotarev polynomials Overview Application in Filter Design Conclusion Robust Algorithms for Chebyshev Polynomials and Related Approximations Miroslav Vl cek vlcek@fd.cvut.cz Department of

484 views • 37 slides
From Eulerian Polynomials and Chromatic Polynomials to Hessenberg Varieties Michelle Wachs

From Eulerian Polynomials and Chromatic Polynomials to Hessenberg Varieties Michelle Wachs

From Eulerian Polynomials and Chromatic Polynomials to Hessenberg Varieties Michelle Wachs University of Miami 1 1 1 1 4 1 1 11 11 1 1 26 66 26 1 Eulerian polynomials - Eulers definition t t i = 1 t i 1 Eulerian

985 views • 69 slides
Lab 2 discussion Last Time Debugging Its a science use experiments to refine

Lab 2 discussion Last Time Debugging Its a science use experiments to refine

size= 64 correct= 0 size= 73 correct= 0 Shuying Liang size= 107 correct= 1 size= 107 correct= 0 size= 108 correct= 0 size= 108 correct= 1 Please do not handin a .doc file, a .zip file, a .tar file, size= 111 correct= 1 size=

430 views • 7 slides
HOUSING AS A SOCIAL DETERMINANT OF HEALTH PARTNERSHIP HEALTHPLAN OF CA JUNE 3, 2019 Carol

HOUSING AS A SOCIAL DETERMINANT OF HEALTH PARTNERSHIP HEALTHPLAN OF CA JUNE 3, 2019 Carol

6/27/2019 HOUSING AS A SOCIAL DETERMINANT OF HEALTH PARTNERSHIP HEALTHPLAN OF CA JUNE 3, 2019 Carol Wilkins Homelessness has lasting consequences for health High rates of housing instability associated with Adverse Childhood Experiences

388 views • 15 slides
County-level Social Determinants of HIV, Viral Hepatitis, STD, and TB Disease Burden: Poverty,

County-level Social Determinants of HIV, Viral Hepatitis, STD, and TB Disease Burden: Poverty,

County-level Social Determinants of HIV, Viral Hepatitis, STD, and TB Disease Burden: Poverty, Income, Education, Vacant Housing, Physician- population Ratio, and Urban-Rural Status NCHHSTP Atlas National Center for HIV/AIDS, Viral Hepatitis,

387 views • 10 slides
Socioeconomic Data, 2015 NCHHSTP AtlasPlus National Center for HIV/AIDS, Viral Hepatitis, STD and

Socioeconomic Data, 2015 NCHHSTP AtlasPlus National Center for HIV/AIDS, Viral Hepatitis, STD and

Socioeconomic Data, 2015 NCHHSTP AtlasPlus National Center for HIV/AIDS, Viral Hepatitis, STD and TB Prevention The NCHHSTP AtlasPlus is an online, interactive tool that gives you the power to analyze, map, and create tables using HIV, viral

111 views • 8 slides
PPP over SONET from STS-1 (STM-0/AU-3) to STS-192c (STM-64/AU-4-64c)

PPP over SONET from STS-1 (STM-0/AU-3) to STS-192c (STM-64/AU-4-64c)

P P P o v e r S O N E T / S D H f r o m S T S - 1 t o S T S - 1 9 2 c PPP over SONET from STS-1 (STM-0/AU-3) to STS-192c (STM-64/AU-4-64c) &lt;draft-merchant-pppext-sonet-sdh-00.txt&gt; Shahrukh Merchant Cimaron Communications

489 views • 9 slides
COMMUNITY RESOURCE INFORMATION EXCHANGE (CORIE) PLANNING INITIATIVE Health IT and HIE Connect a

COMMUNITY RESOURCE INFORMATION EXCHANGE (CORIE) PLANNING INITIATIVE Health IT and HIE Connect a

Addressing SDOH COMMUNITY RESOURCE INFORMATION EXCHANGE (CORIE) PLANNING INITIATIVE Health IT and HIE Connect a Disconnected Health System Department of Health Care Finance | 3 Community Input Led to Focus on Social Determinants of Health

449 views • 9 slides
Adapting Cache Partitioning Algorithms to Pseudo-LRU Replacement Policies Kamil Kedzierski 1,3 ,

Adapting Cache Partitioning Algorithms to Pseudo-LRU Replacement Policies Kamil Kedzierski 1,3 ,

Adapting Cache Partitioning Algorithms to Pseudo-LRU Replacement Policies Kamil Kedzierski 1,3 , Miquel Moreto 1,3 , Francisco J. Cazorla 2,3 , Mateo Valero 1,3 1 Technical University of Catalonia 2 Spanish National Research Council 3 Barcelona

411 views • 27 slides
ODE Filtering A Gaussian Decision Agent for Forward Problems Hans Kersting Alan Turing Institute

ODE Filtering A Gaussian Decision Agent for Forward Problems Hans Kersting Alan Turing Institute

ODE Filtering A Gaussian Decision Agent for Forward Problems Hans Kersting Alan Turing Institute 12 April 2018 some of the presented work is supported by the European Research Council. ODEs from a Bayesian machine learning perspective How we

493 views • 16 slides
Analytics for Health Policy Don Willison Sc.D. Institute for Health Policy, Management &amp;

Analytics for Health Policy Don Willison Sc.D. Institute for Health Policy, Management &amp;

Building Public Trust in Big Data Analytics for Health Policy Don Willison Sc.D. Institute for Health Policy, Management &amp; Evaluation, DLSPH Dept. of CE&amp;B, McMaster University don.willison@utoronto.ca Bottom Line Research

100 views • 5 slides

More recommend