research-article

Pointproofs: Aggregating Proofs for Multiple Vector Commitments

Authors:

Sergey Gorbunov,

Zhenfei ZhangAuthors Info & Claims

CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security

Pages 2007 - 2023

https://doi.org/10.1145/3372297.3417244

Published: 02 November 2020 Publication History

Abstract

Vector commitments enable a user to commit to a sequence of values and provably reveal one or many values at specific posi- tions at a later time. In this work, we construct Pointproofs? a new vector commitment scheme that supports non-interactive aggregation of proofs across multiple commitments. Our construction enables any third party to aggregate a collection of proofs with respect to different, independently computed commitments into a single proof represented by an elliptic curve point of 48-bytes. In addition, our scheme is hiding: a commitment and proofs for some values reveal no information about the remaining values. We build Pointproofs and demonstrate how to apply them to blockchain smart contracts. In our example application, Pointproofs reduce bandwidth overheads for propagating a block of transactions by at least 60% compared to prior state- of-art vector commitments. Pointproofs are also efficient: on a single-thread, it takes 0.08 seconds to generate a proof for 8 values with respect to one commitment, 0.25 seconds to aggregate 4000 such proofs across multiple commitments into one proof, and 23 seconds (0.7 ms per value proven) to verify the aggregated proof.

Supplementary Material

MOV File (Copy of CCS20_fp130_LeonidReyzin - Ami Eckard-Lee.mov)

Presentation video

Download
181.71 MB

References

[1]

Jae Hyun Ahn, Matthew Green, and Susan Hohenberger. Synchronized aggregate signatures: new definitions, constructions and applications. In Ehab Al-Shaer, Angelos D. Keromytis, and Vitaly Shmatikov, editors, ACM CCS 2010, pages 473--484. ACM Press, October 2010.

[2]

Algorand. Pairing plus library, 2020. https://github.com/algorand/pairing-plus.

[3]

Algorand. Source code for pointproofs, 2020. https://github.com/algorand/pointproofs.

[4]

Mihir Bellare and Phillip Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In Dorothy E. Denning, Raymond Pyle, Ravi Ganesan, Ravi S. Sandhu, and Victoria Ashby, editors, ACM CCS 93, pages 62--73. ACM Press, November 1993.

[5]

Dan Boneh, Xavier Boyen, and Eu-Jin Goh. Hierarchical identity based encryption with constant size ciphertext. In Ronald Cramer, editor, EUROCRYPT 2005, volume 3494 of LNCS, pages 440--456. Springer, Heidelberg, May 2005.

[6]

Dan Boneh, Benedikt Bünz, and Ben Fisch. A survey of two verifiable delay functions. Cryptology ePrint Archive, Report 2018/712, 2018. https://eprint.iacr.org/2018/712.

[7]

Dan Boneh, Benedikt Bünz, and Ben Fisch. Batching techniques for accumulators with applications to IOPs and stateless blockchains. In Alexandra Boldyreva and Daniele Micciancio, editors, CRYPTO 2019, Part I, volume 11692 of LNCS, pages 561--586. Springer, Heidelberg, August 2019.

[8]

Dan Boneh, Justin Drake, Ben Fisch, and Ariel Gabizon. Efficient polynomial commitment schemes for multiple points and polynomials. Cryptology ePrint Archive, Report 2020/081, 2020.

[9]

Dan Boneh, Manu Drijvers, and Gregory Neven. Compact multi-signatures for smaller blockchains. In Thomas Peyrin and Steven Galbraith, editors, ASIACRYPT 2018, Part II, volume 11273 of LNCS, pages 435--464. Springer, Heidelberg, December 2018.

[10]

Dan Boneh, Craig Gentry, and Brent Waters. Collusion resistant broadcast encryption with short ciphertexts and private keys. In Victor Shoup, editor, CRYPTO 2005, volume 3621 of LNCS, pages 258--275. Springer, Heidelberg, August 2005.

[11]

Sean Bowe, Ariel Gabizon, and Ian Miers. Scalable multi-party computation for zk-SNARK parameters in the random beacon model. Cryptology ePrint Archive, Report 2017/1050, 2017. http://eprint.iacr.org/2017/1050.

[12]

Kyle Brogle, Sharon Goldberg, and Leonid Reyzin. Sequential aggregate signatures with lazy verification from trapdoor permutations - (extended abstract). In Xiaoyun Wang and Kazue Sako, editors, ASIACRYPT 2012, volume 7658 of LNCS, pages 644--662. Springer, Heidelberg, December 2012.

[13]

Benedikt Bünz, Mary Maller, Pratyush Mishra, and Noah Vesely. Proofs for inner pairing products and applications. Cryptology ePrint Archive, Report 2019/1177, 2019. https://eprint.iacr.org/2019/1177.

[14]

Vitalik Buterin. Ethereum: A next-generation smart contract and decentralized application platform, 2014.

[15]

Vitalik Buterin. The stateless client concept. Ethereum Blog, 2017. https://ethresear.ch/t/the-stateless-client-concept/172.

[16]

Jan Camenisch, Markulf Kohlweiss, and Claudio Soriente. An accumulator based on bilinear maps and efficient revocation for anonymous credentials. In Stanislaw Jarecki and Gene Tsudik, editors, PKC 2009, volume 5443 of LNCS, pages 481--500. Springer, Heidelberg, March 2009.

[17]

Matteo Campanelli, Dario Fiore, Nicola Greco, Dimitris Kolonelos, and Luca Nizzardo. Vector commitment techniques and applications to verifiable decentralized storage. Cryptology ePrint Archive, Report 2020/149, 2020. https://eprint.iacr.org/2020/149.

[18]

Dario Catalano and Dario Fiore. Vector commitments and their applications. In Kaoru Kurosawa and Goichiro Hanaoka, editors, PKC 2013, volume 7778 of LNCS, pages 55--72. Springer, Heidelberg, February / March 2013.

[19]

Jung Hee Cheon. Security analysis of the strong Diffie-Hellman problem. In Serge Vaudenay, editor, EUROCRYPT 2006, volume 4004 of LNCS, pages 1--11. Springer, Heidelberg, May / June 2006.

[20]

Alexander Chepurnoy, Charalampos Papamanthou, and Yupeng Zhang. Edrax: A cryptocurrency with stateless transaction validation. Cryptology ePrint Archive, Report 2018/968, 2018. https://eprint.iacr.org/2018/968.

[21]

Phil Daian, Rafael Pass, and Elaine Shi. Snow white: Robustly reconfigurable consensus and applications to provably secure proof of stake. In Ian Goldberg and Tyler Moore, editors, FC 2019, volume 11598 of LNCS, pages 23--41. Springer, Heidelberg, February 2019.

[22]

Bernardo David, Peter Gazi, Aggelos Kiayias, and Alexander Russell. Ouroboros praos: An adaptively-secure, semi-synchronous proof-of-stake blockchain. In Jesper Buus Nielsen and Vincent Rijmen, editors, EUROCRYPT 2018, Part II, volume 10821 of LNCS, pages 66--98. Springer, Heidelberg, April / May 2018.

[23]

Justin Drake. History, state, and asynchronous accumulators in the stateless model. Ethereum Blog, 2017. https://ethresear.ch/t/history-state-and-asynchronous-accumulators-in-the-stateless-model/287.

[24]

Manu Drijvers, Sergey Gorbunov, Gregory Neven, and Hoeteck Wee. Pixel: Multi-signatures for consensus. In USENIX Security, 2020. https://eprint.iacr.org/2019/514.

[25]

Georg Fuchsbauer, Eike Kiltz, and Julian Loss. The algebraic group model and its applications. In Hovav Shacham and Alexandra Boldyreva, editors, CRYPTO 2018, Part II, volume 10992 of LNCS, pages 33--62. Springer, Heidelberg, August 2018.

[26]

Ariel Gabizon. Private communication, April 2020.

[27]

Ariel Gabizon, Zachary J. Williamson, and Oana Ciobotaru. PLONK: Permutations over lagrange-bases for oecumenical noninteractive arguments of knowledge. Cryptology ePrint Archive, Report 2019/953, 2019. https://eprint.iacr.org/2019/953.

[28]

Yossi Gilad, Rotem Hemo, Silvio Micali, Georgios Vlachos, and Nickolai Zeldovich. Algorand: Scaling byzantine agreements for cryptocurrencies. In Proceedings of the 26th Symposium on Operating Systems Principles, 2017.

Digital Library

[29]

Aniket Kate, Gregory M. Zaverucha, and Ian Goldberg. Constant-size commitments to polynomials and their applications. In Masayuki Abe, editor, ASIACRYPT 2010, volume 6477 of LNCS, pages 177--194. Springer, Heidelberg, December 2010.

[30]

Russell W. F. Lai and Giulio Malavolta. Subvector commitments with application to succinct arguments. In Alexandra Boldyreva and Daniele Micciancio, editors, CRYPTO 2019, Part I, volume 11692 of LNCS, pages 530--560. Springer, Heidelberg, August 2019.

[31]

Beno^it Libert, Somindu C. Ramanna, and Moti Yung. Functional commitment schemes: From polynomial commitments to pairing-based accumulators from simple assumptions. In Ioannis Chatzigiannakis, Michael Mitzenmacher, Yuval Rabani, and Davide Sangiorgi, editors, ICALP 2016, volume 55 of LIPIcs, pages 30:1--30:14. Schloss Dagstuhl, July 2016.

[32]

Beno^it Libert and Moti Yung. Concise mercurial vector commitments and independent zero-knowledge sets with short proofs. In Daniele Micciancio, editor, TCC 2010, volume 5978 of LNCS, pages 499--517. Springer, Heidelberg, February 2010.

[33]

Mary Maller, Sean Bowe, Markulf Kohlweiss, and Sarah Meiklejohn. Sonic: Zero-knowledge SNARKs from linear-size universal and updatable structured reference strings. In Lorenzo Cavallaro, Johannes Kinder, XiaoFeng Wang, and Jonathan Katz, editors, ACM CCS 2019, pages 2111--2128. ACM Press, November 2019.

[34]

Ralph C. Merkle. A digital signature based on a conventional encryption function. In Carl Pomerance, editor, CRYPTO'87, volume 293 of LNCS, pages 369--378. Springer, Heidelberg, August 1988.

[35]

Andrew Miller. Storing UTXOs in a balanced Merkle tree (zero-trust nodes with O(1)-storage), 2012. https://bitcointalk.org/index.php?topic=101734.msg1117428.

[36]

Satoshi Nakamoto. Bitcoin: A peer-to-peer electronic cash system, 2009.

[37]

Rafael Pass and Elaine Shi. Thunderella: Blockchains with optimistic instant confirmation. In Jesper Buus Nielsen and Vincent Rijmen, editors, EUROCRYPT 2018, Part II, volume 10821 of LNCS, pages 3--33. Springer, Heidelberg, April / May 2018.

[38]

Nicholas Pippenger. On the evaluation of powers and monomials. SIAM J. Comput., 9(2):230--250, 1980.

Digital Library

[39]

Leonid Reyzin, Dmitry Meshkov, Alexander Chepurnoy, and Sasha Ivanov. Improving authenticated dynamic dictionaries, with applications to cryptocurrencies. In Aggelos Kiayias, editor, FC 2017, volume 10322 of LNCS, pages 376--392. Springer, Heidelberg, April 2017.

[40]

Tomas Sander and Amnon Ta-Shma. Auditable, anonymous electronic cash. In Michael J. Wiener, editor, CRYPTO'99, volume 1666 of LNCS, pages 555--572. Springer, Heidelberg, August 1999.

[41]

SCIPR-Lab. Zexe, 2020. https://github.com/scipr-lab/zexe.

[42]

Adam Suhl. Private communication, 2019. https://github.com/algorand/pointproofs-paramgen/blob/master/consistencycheck.pdf.

[43]

Supranational. blst, 2020. https://github.com/supranational/blst.

[44]

Steve Thakur. Batching non-membership proofs with bilinear accumulators. Cryptology ePrint Archive, Report 2019/1147, 2019. https://eprint.iacr.org/2019/1147.

[45]

Peter Todd. Making UTXO set growth irrelevant with low-latency delayed TXO commitments, 2016. https://petertodd.org/2016/delayed-txo-commitments.

[46]

Alin Tomescu, Ittai Abraham, Vitalik Buterin, Justin Drake, Dankrad Feist, and Dmitry Khovratovich. Aggregatable subvector commitments for stateless cryptocurrencies. Cryptology ePrint Archive, Report 2020/527, 2020. https://eprint.iacr.org/2020/527.

[47]

David Wagner. A generalized birthday problem. In Moti Yung, editor, CRYPTO 2002, volume 2442 of LNCS, pages 288--303. Springer, Heidelberg, August 2002.

[48]

Bill White. A theory for lightweight cryptocurrency ledgers. Available at http://qeditas.org/lightcrypto.pdf, 2015.

[49]

ZkCrypto. Pairing library, 2019. https://github.com/zkcrypto/pairing.

Cited By

Xu QGao CWang Y(2025)Aggregatable Subvector Commitment with Efficient UpdatesApplied Sciences10.3390/app1502055415:2(554)Online publication date: 8-Jan-2025
https://doi.org/10.3390/app15020554
Miao MZhao SLi JWei JSusilo W(2025)Practically secure linear-map vector commitment and its applicationsComputer Standards & Interfaces10.1016/j.csi.2024.10388591(103885)Online publication date: Jan-2025
https://doi.org/10.1016/j.csi.2024.103885
Li CBeillahi SYang GWu MXu WLong F(2024)LVMT: An Efficient Authenticated Storage for BlockchainACM Transactions on Storage10.1145/366481820:3(1-34)Online publication date: 6-Jun-2024
https://dl.acm.org/doi/10.1145/3664818
Show More Cited By

Index Terms

Pointproofs: Aggregating Proofs for Multiple Vector Commitments
1. Security and privacy
  1. Cryptography
  2. Formal methods and theory of security

Recommendations

Updatable, Aggregatable, Succinct Mercurial Vector Commitment from Lattice
Public-Key Cryptography – PKC 2024
Abstract
Vector commitments (VC) and their variants attract a lot of attention due to their wide range of usage in applications such as blockchain and accumulator. Mercurial vector commitment (MVC), as one of the important variants of VC, is the core ...
Concise Mercurial Subvector Commitments: Definitions and Constructions
Information Security and Privacy
Abstract
Vector commitment and its variants have attracted a lot of attention recently as they have been exposed to a wide range of applications in blockchain. Two special extensions of vector commitments, namely subvector commitments and mercurial ...
Vector Commitments with Proofs of Smallness: Short Range Proofs and More
Public-Key Cryptography – PKC 2024
Abstract
Vector commitment schemes are compressing commitments to vectors that make it possible to succinctly open a commitment for individual vector positions without revealing anything about other positions. We describe vector commitments enabling ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security

October 2020

2180 pages

ISBN:9781450370899

DOI:10.1145/3372297

General Chairs:
Jay Ligatti
University of South Florida, USA
,
Xinming Ou
University of South Florida, USA
,
Program Chairs:
Jonathan Katz
University of Maryland, USA
,
Giovanni Vigna
University of California-Santa Barbara, USA

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 November 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '20

Sponsor:

SIGSAC

CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security

November 9 - 13, 2020

Virtual Event, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

52
Total Citations
View Citations
929
Total Downloads

Downloads (Last 12 months)174
Downloads (Last 6 weeks)20

Reflects downloads up to 12 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Xu QGao CWang Y(2025)Aggregatable Subvector Commitment with Efficient UpdatesApplied Sciences10.3390/app1502055415:2(554)Online publication date: 8-Jan-2025
https://doi.org/10.3390/app15020554
Miao MZhao SLi JWei JSusilo W(2025)Practically secure linear-map vector commitment and its applicationsComputer Standards & Interfaces10.1016/j.csi.2024.10388591(103885)Online publication date: Jan-2025
https://doi.org/10.1016/j.csi.2024.103885
Li CBeillahi SYang GWu MXu WLong F(2024)LVMT: An Efficient Authenticated Storage for BlockchainACM Transactions on Storage10.1145/366481820:3(1-34)Online publication date: 6-Jun-2024
https://dl.acm.org/doi/10.1145/3664818
Papamanthou CSrinivasan SGailly NHishon-Rezaizadeh ISalumets AGolemac SLuo BLiao XXu JKirda ELie D(2024)Reckle Trees: Updatable Merkle Batch Proofs with ApplicationsProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670354(1538-1551)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670354
Kudzin AToyoda KKawazoe MTakayama SIshigame A(2024)Scaling Ethereum 2.0’s Cross-Shard Transactions With Efficient Verification and Aggregation of KZG CommitmentsIEEE Internet of Things Journal10.1109/JIOT.2024.341993211:19(31822-31835)Online publication date: 1-Oct-2024
https://doi.org/10.1109/JIOT.2024.3419932
Yang XXu LZhu L(2024)PPSC: A Privacy-Preserving Stateless Cryptocurrency System2024 8th International Conference on Cryptography, Security and Privacy (CSP)10.1109/CSP62567.2024.00017(59-64)Online publication date: 20-Apr-2024
https://doi.org/10.1109/CSP62567.2024.00017
Qiao WZhang L(2024)A Maintainable Matrix Commitment Scheme with Constant-Size Public Parameters and Incremental Aggregation2024 IEEE 37th Computer Security Foundations Symposium (CSF)10.1109/CSF61375.2024.00030(172-185)Online publication date: 8-Jul-2024
https://doi.org/10.1109/CSF61375.2024.00030
Tortola DLisi AMori PRicci L(2024)Tethering Layer 2 solutions to the blockchainComputer Communications10.1016/j.comcom.2024.07.017225:C(289-310)Online publication date: 18-Nov-2024
https://dl.acm.org/doi/10.1016/j.comcom.2024.07.017
Sha JLiu SHan S(2024)Functional commitments for arbitrary circuits of bounded sizesDesigns, Codes and Cryptography10.1007/s10623-024-01468-w92:12(3919-3953)Online publication date: 12-Aug-2024
https://doi.org/10.1007/s10623-024-01468-w
Fleischhacker NHall-Andersen MSimkin MWagner B(2024)Jackpot: Non-interactive Aggregatable LotteriesAdvances in Cryptology – ASIACRYPT 202410.1007/978-981-96-0938-3_12(365-397)Online publication date: 10-Dec-2024
https://dl.acm.org/doi/10.1007/978-981-96-0938-3_12
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents