Title: Proving multiplicative relations for different lattice commitments

Authors: Mengfan Wang; Guifang Huang; Dong Fang; Lei Hu

Addresses: Westone Cryptologic Research Center, CETC Cyberspace Security Technology Co., Ltd., Beijing, China ' State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China ' State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China ' State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China

Abstract: The BDLOP commitment of Baum et al. (SCN 2018) is the currently most efficient commitment scheme. Based on BDLOP commitment, Attema et al. in CRYPTO 2020 presented an efficient product proof in the ring R_q = ℤ_q[X]/(X^d + 1) where X^d + 1 splits into low-degree factors (ALS scheme). Their proof has only one garbage commitment besides the necessary opening proof and works in the case that all the messages are committed simultaneously using the same randomness r⃗. In this paper, we deal with the case where the messages involved in the multiplicative relation are committed using different randomnesses, and construct a parallel product proof and two sequential product proofs. Both of which still require need one additional garbage commitment.

Keywords: commitment scheme; zero-knowledge proof; module SIS; MSIS; module LWE; MLWE; Galois automorphisms.

DOI: 10.1504/IJICS.2025.146883

International Journal of Information and Computer Security, 2025 Vol.27 No.2, pp.285 - 305

Accepted: 17 Oct 2024
Published online: 24 Jun 2025 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article