| 摘要: |
| 向量承诺方案是一种对向量的承诺方案,允许打开向量的某个特定位置,且打开的正确性可以被高效验证。实际应用场景的多样性和复杂性还要求向量承诺方案具备更多的性质,比如高效、透明、支持批量处理、零知识以及支持“和的打开”等性质。而现有的向量承诺方案往往在一个或者多个方面不尽如人意,比如当前功能较为完备且被广泛研究和应用的向量承诺方案往往需要可信初始化;零知识性可以保证在打开的过程中不会泄露未打开位置的信息,而现有的方案大多不支持零知识性质,在有些应用中需要通过通用目的简洁非交互零知识论证协议来实现向量承诺的零知识性,会带来巨大的额外计算开销。本文提出了一种计算/通信均高效的向量承诺方案,且无需可信初始化、支持批量处理、和的打开以及零知识性质。并给出了性能评估以及与已有方案的对比。 |
| 关键词: 向量承诺 零知识证明 内积论证 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2024.02.03 |
| 投稿时间:2021-11-30修订日期:2022-01-27 |
| 基金项目:中科院前沿学科重点研究项目(No. QYZDB SSW-SYS 035);国家自然科学基金项目(面上项目,重点项目,重大项目)(No.61932019、No61772521和No.61772522); |
|
| Zero Knowledge Vector Commitment with Good Properties |
|
WANG Hailong, DENG Yi
|
| (School of Cyber Security,University of Chinese Academy of Sciences) |
| Abstract: |
| Vector commitment is a commitment scheme to vectors, which allows a specific position of the vector to be opened, and the correctness of the opening can be verified efficiently. The diversity and complexity of practical application scenarios also require that vector commitment schemes have more properties, such as efficiency, transparency, support for batching, zero knowledge and support for "opening to sum mes are often unsatisfactory in one or more aspects. For example, the current vector commitment schemes with good properties and widely studied and applied often need trusted setup; Zero knowledge can ensure that the information of the unopened location will not leak in the opening process, and most of the existing schemes do not have zero knowledge. In some applications, it is necessary to realize the zero knowledge of vector commitment through the general purpose succinct non-interactive zero knowledge arguments of knowledge protocol, which will bring huge additional computational overhead. In this paper, a vector commitment scheme with efficient computation / communication is proposed, which does not need trusted setup, supports batching, “open to sum” and zero knowledge. The performance evaluation and comparison with the existing schemes are also given. |
| Key words: vector commitment zero knowledge proof inner product arguments |
