Round-efficient sub-linear zero-knowledge arguments for linear algebra

Abstract

The round complexity of interactive zero-knowledge arguments is an important measure along with communication and computational complexities. In the case of zero-knowledge arguments for linear algebraic relations over finite fields, Groth proposed (at CRYPTO 2009) an elegant methodology that achieves sub-linear communication overheads and low computational complexity. He obtained zero-knowledge arguments of sub-linear size for linear algebra using reductions from linear algebraic relations to equations of the form z=x*'y, where x,y ∈ double-struck F signnp are committed vectors,z ∈ double-struck F signp is a committed element, and * : double-struck F signnp→ double-struck F sign pis a bilinear map. These reductions impose additional rounds on zero-knowledge arguments of sub-linear size. We focus on minimizing such additional rounds, and we reduce the rounds of sub-linear zero-knowledge arguments for linear algebraic relations as compared with Groth's zero-knowledge arguments for the same relations. To reduce round complexity, we propose a general transformation from a t-round zero-knowledge argument, satisfying mild conditions, to a (t∈-∈2)-round zero-knowledge argument; this transformation is of independent interest. © 2011 International Association for Cryptologic Research.