Subvector Commitments with Application to Succinct Arguments

Lai, Russell W. F.; Malavolta, Giulio

doi:10.1007/978-3-030-26948-7_19

Cited by 72 publications

(36 citation statements)

References 53 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In §4, we propose a construction Π UUD for F UUD . Π UUD is based on subvector commitments (SVC) [22], which we extend with a UC ZK proof of knowledge of a subvector. A SVC scheme allows us to compute a commitment com to a vector x = (x[1], .…”

Section: Our Contributionmentioning

confidence: 99%

“…We describe an efficient instantiation of Π UUD in §5 that uses a SVC scheme based on the Cube Diffie-Hellman assumption [22]. In terms of efficiency, the storage cost grows quadratically with the vector length N × L. However, after initializing com and the openings w I to the initial DB, the communication and computation costs of the update and read operations are independent of N .…”

Section: Our Contributionmentioning

confidence: 99%

“…The size of an opening w I for x I is independent of both the size of I and of the length of the committed vector. We extend the definition of SVC in [22] with algorithms to update commitments and openings. SVC.Setup(1 k , ).…”

Section: Building Blocksmentioning

confidence: 99%

“…A SVC scheme must be correct and binding [22]. In §B, we recall those properties and define correctness for the update algorithms.…”

Section: Building Blocksmentioning

confidence: 99%

“…SVC scheme. We use a SVC scheme secure under the CubeDH assumption [22], which we extend with update algorithms for commitments and openings.…”

Section: Instantiation and Efficiency Analysismentioning

confidence: 99%

See 4 more Smart Citations

Unlinkable Updatable Databases and Oblivious Transfer with Access Control

Damodaran

Rial

2020

Information Security and Privacy

View full text Add to dashboard Cite

An oblivious transfer with access control protocol (OTAC) allows us to protect privacy of accesses to a database while enforcing access control policies. Existing OTAC have several shortcomings. First, their design is not modular. Typically, to create an OTAC, an adaptive oblivious transfer protocol (OT) is extended ad-hoc. Consequently, the security of the OT is reanalyzed when proving security of the OTAC, and it is not possible to instantiate the OTAC with any secure OT. Second, existing OTAC do not allow for policy updates. Finally, in practical applications, many messages share the same policy. However, existing OTAC cannot take advantage of that to improve storage efficiency. We propose an UC-secure OTAC that addresses the aforementioned shortcomings. Our OTAC uses as building blocks the ideal functionalities for OT, for zero-knowledge (ZK) and for an unlinkable updatable database (UUD), which we define and construct. UUD is a protocol between an updater U and multiple readers R k . U sets up a database and updates it. R k can read the database by computing UC ZK proofs of an entry in the database, without disclosing what entry is read. In our OTAC, UUD is used to store and read the policies. We construct an UUD based on subvector commitments (SVC). We extend the definition of SVC with update algorithms for commitments and openings, and we provide an UC ZK proof of a subvector. Our efficiency analysis shows that our UUD is practical.

show abstract

Section: Our Contributionmentioning

confidence: 99%

Section: Our Contributionmentioning

confidence: 99%

Section: Building Blocksmentioning

confidence: 99%

“…A SVC scheme must be correct and binding [22]. In §B, we recall those properties and define correctness for the update algorithms.…”

Section: Building Blocksmentioning

confidence: 99%

“…SVC scheme. We use a SVC scheme secure under the CubeDH assumption [22], which we extend with update algorithms for commitments and openings.…”

Section: Instantiation and Efficiency Analysismentioning

confidence: 99%

See 3 more Smart Citations

Unlinkable Updatable Databases and Oblivious Transfer with Access Control

Damodaran

Rial

2020

Information Security and Privacy

View full text Add to dashboard Cite

show abstract

Verifiable Computation and Succinct Arguments for NP

Fiore

2022

Asymmetric Cryptography

View full text Add to dashboard Cite

UC Updatable Databases and Applications

Damodaran

Rial

2020

Progress in Cryptology - AFRICACRYPT 2020

View full text Add to dashboard Cite

We define an ideal functionality FUD and a construction ΠUD for an updatable database (UD). UD is a two-party protocol between an updater and a reader. The updater sets the database and updates it at any time throughout the protocol execution. The reader computes zeroknowledge (ZK) proofs of knowledge of database entries. These proofs prove that a value is stored at a certain position in the database, without revealing the position or the value.(Non-)updatable databases are implicitly used as building block in priced oblivious transfer, privacy-preserving billing and other privacypreserving protocols. Typically, in those protocols the updater signs each database entry, and the reader proves knowledge of a signature on a database entry. Updating the database requires a revocation mechanism to revoke signatures on outdated database entries.Our construction ΠUD uses a non-hiding vector commitment (NHVC) scheme. The updater maps the database to a vector and commits to the database. This commitment can be updated efficiently at any time without needing a revocation mechanism. ZK proofs for reading a database entry have communication and amortized computation cost independent of the database size. Therefore, ΠUD is suitable for large databases. We implement ΠUD and our timings show that it is practical.In existing privacy-preserving protocols, a ZK proof of a database entry is intertwined with other tasks, e.g., proving further statements about the value read from the database or the position where it is stored. FUD allows us to improve modularity in protocol design by separating those tasks. We show how to use FUD as building block of a hybrid protocol along with other functionalities.

show abstract

Subvector Commitments with Application to Succinct Arguments

Cited by 72 publications

References 53 publications

Unlinkable Updatable Databases and Oblivious Transfer with Access Control

Unlinkable Updatable Databases and Oblivious Transfer with Access Control

Verifiable Computation and Succinct Arguments for NP

UC Updatable Databases and Applications

Contact Info

Product

Resources

About