Polynomial Commitments
نویسندگان
چکیده
We introduce and formally define polynomial commitment schemes, and provide two efficientconstructions. A polynomial commitment scheme allows a committer to commit to a polynomialwith a short string that can be used by a verifier to confirm claimed evaluations of the committedpolynomial. Although the homomorphic commitment schemes in the literature can be used toachieve this goal, the sizes of their commitments are linear in the degree of the committedpolynomial. On the other hand, polynomial commitments in our schemes are of constant size(single elements). The overhead of opening a commitment is also constant; even opening multipleevaluations requires only a constant amount of communication overhead. Therefore, our schemesare useful tools to reduce the communication cost in cryptographic protocols. On that front, weapply our polynomial commitment schemes to four problems in cryptography: verifiable secretsharing, zero-knowledge sets, credentials and content extraction signatures.
منابع مشابه
All-but-k Mercurial Commitments and their Applications
We introduce and formally define all-but-k mercurial commitments, a new kind cryptographic commitment that generalizes standard mercurial and non-mercurial (vector) commitments. We provide two concrete constructions for all-but-k mercurial commitments: the first is for committing to unordered lists (i.e., to multisets) and the second is for committing to ordered lists (i.e., to vectors). Both o...
متن کاملRound Optimal Concurrent Non-malleability from Polynomial Hardness
Non-malleable commitments are a central cryptographic primitive that guarantee security against man-in-the-middle adversaries, and their exact round complexity has been a subject of great interest. Pass (TCC 2013, CC 2016) proved that non-malleable commitments with respect to commitment are impossible to construct in less than three rounds, via black-box reductions to polynomial hardness assump...
متن کاملConstant-Size Commitments to Polynomials and Their Applications
We introduce and formally define polynomial commitment schemes, and provide two efficient constructions. A polynomial commitment scheme allows a committer to commit to a polynomial with a short string that can be used by a verifier to confirm claimed evaluations of the committed polynomial. Although the homomorphic commitment schemes in the literature can be used to achieve this goal, the sizes...
متن کاملFunctional Commitment Schemes: From Polynomial Commitments to Pairing-Based Accumulators from Simple Assumptions
We formalize a cryptographic primitive called functional commitment (FC) which can be viewed as a generalization of vector commitments (VCs), polynomial commitments and many other special kinds of commitment schemes. A non-interactive functional commitment allows committing to a message in such a way that the committer has the flexibility of only revealing a function F (M) of the committed mess...
متن کامل4-Round Concurrent Non-Malleable Commitments
The round complexity of non-malleable commitments and non-malleable zero knowledge arguments has been an open question for long time. Very recent results of Pass [TCC 2013] and of Goyal et al. [FOCS 2014, STOC 2016], gave almost definitive answers. In this work we show how to construct round-efficient non-malleable protocols via compilers. Starting from protocols enjoying limited non-malleabili...
متن کامل