Amortized efficient zk-SNARK from linear-only RLWE encodings

• Published in: Journal of communications and networks Vol. 25; no. 3; pp. 271 - 284
• Main Authors: Chung, Heewon, Kim, Dongwoo, Kim, Jeong Han, Kim, Jiseung
• Format: Journal Article
• Language: English
• Published: 한국통신학회 01.06.2023
• Subjects: 전자/정보통신공학
• ISSN: 1229-2370; 1976-5541
• DOI: 10.23919/JCN.2023.000012

This paper addresses a new lattice-based designatedzk-SNARK having the smallest proof size in the amortized sense,from the linear-only ring learning with the error (RLWE) encod-ings. We first generalize a quadratic arithmetic programming(QAP) over a finite field to a ring-variant over a polynomialring Zp[X]/(XN + 1) with a power of two N. Then, wepropose a zk-SNARK over this ring with a linear-only encodingassumption on RLWE encodings. From the ring isomorphismZp[X]/(XN + 1) ∼= ZpN , the proposed scheme packs multiplemessages from Zp, resulting in much smaller amortized proofsize compared to previous works. In addition, we present a refined analysis on the noise floodingtechnique based on the Hellinger divergence instead of theconventional statistical distance, which reduces the size of a proof. In particular, our proof size is 276.5 KB and the amortizedproof size is only 156 bytes since our protocol allows to batchN proofs into a single proof. Therefore, we achieve the smallestamortized proof size in the category of lattice-based zk-SNARKsand comparable proof size in the (pre-quantum) zk-SNARKscategory. KCI Citation Count: 0