We construct a perfectly binding string commitment scheme whose security is based on the learning... more We construct a perfectly binding string commitment scheme whose security is based on the learning parity with noise (LPN) assumption, or equivalently, the hardness of decoding random linear codes. Our scheme not only allows for a simple and efficient zero-knowledge proof of knowledge for committed values (essentially a Σ-protocol), but also for such proofs showing any kind of relation amongst committed values, i.e., proving that messages m0, . . . , mu, are such that m0 = C(m1, . . . , mu) for any circuit C. To get soundness which is exponentially small in a security parameter t, and when the zero-knowledge property relies on the LPN problem with secrets of length , our 3 round protocol has communication complexity O(t|C| log( )) and computational complexity of O(t|C| ) bit operations. The hidden constants are small, and the computation consists mostly of computing inner products of bit-vectors.
We construct efficient authentication protocols and message-authentication codes (MACs) whose sec... more We construct efficient authentication protocols and message-authentication codes (MACs) whose security can be reduced to the learning parity with noise (LPN) problem. Despite a large body of work – starting with the HB protocol of Hopper and Blum in 2001 – until now it was not even known how to construct an efficient authentication protocol from LPN which is secure against man-in-the-middle (MIM) attacks. A MAC implies such a (two-round) protocol.
We construct a perfectly binding string commitment scheme whose security is based on the learning... more We construct a perfectly binding string commitment scheme whose security is based on the learning parity with noise (LPN) assumption, or equivalently, the hardness of decoding random linear codes. Our scheme not only allows for a simple and efficient zero-knowledge proof of knowledge for committed values (essentially a Σ-protocol), but also for such proofs showing any kind of relation amongst committed values, i.e., proving that messages m0, . . . , mu, are such that m0 = C(m1, . . . , mu) for any circuit C. To get soundness which is exponentially small in a security parameter t, and when the zero-knowledge property relies on the LPN problem with secrets of length , our 3 round protocol has communication complexity O(t|C| log( )) and computational complexity of O(t|C| ) bit operations. The hidden constants are small, and the computation consists mostly of computing inner products of bit-vectors.
We construct efficient authentication protocols and message-authentication codes (MACs) whose sec... more We construct efficient authentication protocols and message-authentication codes (MACs) whose security can be reduced to the learning parity with noise (LPN) problem. Despite a large body of work – starting with the HB protocol of Hopper and Blum in 2001 – until now it was not even known how to construct an efficient authentication protocol from LPN which is secure against man-in-the-middle (MIM) attacks. A MAC implies such a (two-round) protocol.
Uploads
Papers by Abhishek Jain