Post-Quantum Lattice-Based Zero-Knowledge

Encryption and signatures are foundational to all security and, luckily, all ev-
idence points to the fact that we will be able to have these primitives in a
post-quantum world. But modern cryptography has the capability to deliver
a lot more than just the basics, allowing for “fine-grained” security where the
knowledge of all information is on a strict need-to-know basis. And as the world
moves towards this more decentralized, privacy-oriented mode of storing data
and operating on it, advanced cryptography stands to play a central role.

The construction of many advanced privacy-preserving primitives often rests
on being able to create a zero-knowledge proof, which allows for showing knowl-
edge of an x satisfying f (x) = y without revealing anything else about the secret
input x. A zero-knowledge proof is the glue that holds a cryptographic proto-
col together allowing one to prove that some part of the protocol was correctly
formed / executed without giving away any other information. Having efficient
zero-knowledge proofs for various functions can thus dramatically increase what
cryptography can achieve. As a simple example, a potential borrower wishing
to prove that his income is high enough to obtain a mortgage may have his pay-
check digitally signed by his employer, and then present the encrypted version
of it to the bank and create a zero-knowledge proof of the following statement:
the ciphertext is a valid encryption of a number and this number was signed
by XYZ-corporation and it’s a number larger than ten thousand euros. By us-
ing zero-knowledge proofs, the individual didn’t reveal anything more than the
information that was demanded for his mortgage application.

The central objective of the PLAZA project will be to create practical zero-
knowledge proofs that can withstand quantum attacks by basing them on the
hardness of lattice problems. Lattice problems are a very promising set of
assumptions upon which to base cryptography and they are currently being
used to create the most efficient quantum-resistant encryption and signature
schemes. Creating more complex, but still practical, lattice-based schemes has
so far proved to be a major challenge mostly due to the difficulty of construct-
ing efficient zero-knowledge proofs – and this is the problem that the project
proposes to solve.

From the beginning our project until its midpoint, most of our work focused on
the fundamentals of designing more efficient linear-sized and succinct ZK proofs.
Our output has been around a dozen papers, most of which appeared at top
cryptography and security conferences. Because I feel that we are converging to the ”right” answer, a year ago we began a serious effort of implementing a
software library which will allow other to use our ZK proofs in their designs.
This effort is nearing completion and should be out soon.

The first half of the PLAZA project saw some excellent progress in the area
of practical ZK. We made important foundational contributions along all the
proposed axes and are in the process of releasing software that allows the simple
integration of our ZK proofs into protocol designs. The two main scientific
results of the PLAZA project were two papers that, respectively, appeared in the
Crypto 2022 and Crypto 2023 conferences. In the first paper, it was shown how
to create efficient linear-size ZK proofs for simple lattice relations. These proofs
have been used as foundations for efficient privacy-based primitives by us (in a
subsequent paper) and by other researchers. In the 2023 paper, it was shown
how to construct succinct ZK proofs – i.e. the proof size is essentially constant
no matter the size of the witness. This can be used in a wide variety of protocols,
especially in highly distributed systems where one would like to condense the
cryptographic outputs of many parties into one proof that states that everyone
produced the correct output. These two main results were based on several
other techniques developed during the project and we are also building upon
these results to make them more easily consumable by others. In particular, we
are working on a software library that will make it easy for others to embed our
proofs into their protocols.

By the end of the project, we hope to realize our software library and cre-
ate further privacy-based primitives. There still remain some more theoretical
questions that we will be striving to answer. Firstly is we would like to come
up with succinct ZK proofs that have more efficient verifiers, like in several
other quantum-safe an non-quantum-safe constructions. Some partial work was
already done in this direction and we’re hoping that it can be generalized to all
applications. Another direction that we would like to pursue is constructing a
cryptographic hash function which is compatible with our (succinct) ZK proofs.
The existence of such a function will open up many more design avenues where
our ZK proof can be used for constructions of efficient privacy-based cryptog-
raphy.