[go: up one dir, main page]

What a lovely hat

Is it made out of tin foil?

Paper 2024/257

LatticeFold: A Lattice-based Folding Scheme and its Applications to Succinct Proof Systems

Dan Boneh, Stanford University
Binyi Chen, Stanford University
Abstract

Folding is a recent technique for building efficient recursive SNARKs. Several elegant folding protocols have been proposed, such as Nova, Supernova, Hypernova, Protostar, and others. However, all of them rely on an additively homomorphic commitment scheme based on discrete log, and are therefore not post-quantum secure and require a large (256-bit) field. In this work we present LatticeFold, the first lattice-based folding protocol based on the Module SIS problem. This folding protocol naturally leads to an efficient recursive lattice-based SNARK and an efficient PCD scheme. LatticeFold supports folding low-degree relations, such as R1CS, as well as high-degree relations, such as CCS. The key challenge is to construct a secure folding protocol that works with the Ajtai commitment scheme. The difficulty is ensuring that extracted witnesses are low norm through many rounds of folding. We present a novel technique using the sumcheck protocol to ensure that extracted witnesses are always low norm no matter how many rounds of folding are used. Since LatticeFold can operate over a small (64-bit) field, our evaluation of the final proof system suggests that it is as performant as Hypernova, while providing plausible post-quantum security. Moreover, LatticeFold operates over the same module structure used by fully homomorphic encryption (FHE) and lattice signatures schemes, and can therefore benefit from software optimizations and custom hardware designed to accelerate these lattice schemes.

Note: Updates: (i) An optimized folding scheme for CCS (Section 4.3). (ii) A more general knowledge soundness proof that works for k-to-1 folding even if k > 2. (iii) more related work discussion and typo fixes.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
Succinct Proof SystemsIVC/PCDFoldingLattice-based Cryptography
Contact author(s)
dabo @ cs stanford edu
binyi @ cs stanford edu
History
2024-07-30: last of 3 revisions
2024-02-16: received
See all versions
Short URL
https://ia.cr/2024/257
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/257,
      author = {Dan Boneh and Binyi Chen},
      title = {{LatticeFold}: A Lattice-based Folding Scheme and its Applications to Succinct Proof Systems},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/257},
      year = {2024},
      url = {https://eprint.iacr.org/2024/257}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.