Skip to Main content Skip to Navigation
Conference papers

Zero-Knowledge Arguments for Lattice-Based PRFs and Applications to E-Cash

Benoît Libert 1, 2 San Ling 3 Khoa Nguyen 3 Huaxiong Wang 3 
Abstract : Beyond their security guarantees under well-studied assumptions , algebraic pseudo-random functions are motivated by their compatibility with efficient zero-knowledge proof systems, which is useful in a number of privacy applications like digital cash. We consider the problem of proving the correct evaluation of lattice-based PRFs based on the Learning-With-Rounding (LWR) problem introduced by Banerjee et al. (Eurocrypt'12). Namely, we are interested zero-knowledge arguments of knowledge of triples (y, k, x) such that y = F k (x) is the correct evaluation of a PRF for a secret input x and a committed key k. While analogous statements admit efficient zero-knowledge protocols in the discrete logarithm setting, they have never been addressed in lattices so far. We provide such arguments for the key homomorphic PRF of Boneh et al. (Crypto'13) and the generic PRF implied by the LWR-based pseudo-random generator. As an application of our ZK arguments, we design the first compact e-cash system based on lattice assumptions. By " compact " , we mean that the complexity is at most logarithmic in the value of withdrawn wallets. Our system can be seen as a lattice-based analogue of the first compact e-cash construction due to Camenisch, Hohenberger and Lysyanskaya (Eurocrypt'05).
Document type :
Conference papers
Complete list of metadata

Cited literature [84 references]  Display  Hide  Download
Contributor : Benoit Libert Connect in order to contact the contributor
Submitted on : Sunday, October 22, 2017 - 7:04:48 PM
Last modification on : Monday, May 16, 2022 - 4:58:02 PM
Long-term archiving on: : Tuesday, January 23, 2018 - 12:34:03 PM


Files produced by the author(s)


  • HAL Id : hal-01621027, version 1



Benoît Libert, San Ling, Khoa Nguyen, Huaxiong Wang. Zero-Knowledge Arguments for Lattice-Based PRFs and Applications to E-Cash. Asiacrypt 2017, Dec 2017, Hong Kong, China. ⟨hal-01621027⟩



Record views


Files downloads