Skip to main content
SpringerLink
Log in
Book cover

Annual International Cryptology Conference

CRYPTO 2019: Advances in Cryptology – CRYPTO 2019 pp 561–586Cite as

Batching Techniques for Accumulators with Applications to IOPs and Stateless Blockchains

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11692))

Abstract

We present batching techniques for cryptographic accumulators and vector commitments in groups of unknown order. Our techniques are tailored for distributed settings where no trusted accumulator manager exists and updates to the accumulator are processed in batches. We develop techniques for non-interactively aggregating membership proofs that can be verified with a constant number of group operations. We also provide a constant sized batch non-membership proof for a large number of elements. These proofs can be used to build the first positional vector commitment (VC) with constant sized openings and constant sized public parameters. As a core building block for our batching techniques we develop several succinct proof systems in groups of unknown order. These extend a recent construction of a succinct proof of correct exponentiation, and include a succinct proof of knowledge of an integer discrete logarithm between two group elements. We circumvent an impossibility result for Sigma-protocols in these groups by using a short trapdoor-free CRS. We use these new accumulator and vector commitment constructions to design a stateless blockchain, where nodes only need a constant amount of storage in order to participate in consensus. Further, we show how to use these techniques to reduce the size of IOP instantiations, such as STARKs. The full version of the paper is available online [BBF18b].

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   109.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   139.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    In each round of an IOP, the prover prepares a message and sends the verifier a “proof oracle”, which gives the verifier random read access to the prover’s message. The “length” of the proof oracle is the length of this message.

  2. 2.

    The condition that \(gcd(x, y) = 1\) is minor as we can simply use a different set of primes as the domains for each accumulator. Equivalently we can utilize different collision resistant hash functions with prime domain for each accumulator. The concrete security assumption would be that it is difficult to find two values ab such that both hash functions map to the same prime. We utilize this aggregation technique in our IOP application (Sect. 6.2).

  3. 3.

    Examples include (described earlier), or alternatively the function that maps i to the next prime after \(f(i) = 2(i+2) \cdot \log _2(i+2)^2\), which maps the integers [0, N) to smaller primes than (in expectation).

References

  1. Ahn, J.H., Boneh, D., Camenisch, J., Hohenberger, S., shelat, A., Waters, B.: Computing on authenticated data. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 1–20. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28914-9_1

    Chapter  Google Scholar 

  2. Ames, S., Hazay, C., Ishai, Y., Venkitasubramaniam, M.: Ligero: lightweight sublinear arguments without a trusted setup. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS 2017, pp. 2087–2104. ACM Press, October–November 2017

    Google Scholar 

  3. Boneh, D., Bonneau, J., Bünz, B., Fisch, B.: Verifiable delay functions. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018, Part I. LNCS, vol. 10991, pp. 757–788. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96884-1_25

    Chapter  Google Scholar 

  4. Boneh, D., Bünz, B., Fisch, B.: A survey of two verifiable delay functions. Cryptology ePrint Archive, Report 2018/712 (2018). https://eprint.iacr.org/2018/712

  5. Boneh, D., Bünz, B., Fisch, B.: Batching techniques for accumulators with applications to IOPs and stateless blockchains. Cryptology ePrint Archive, Report 2018/1188 (2018). https://eprint.iacr.org/2018/1188

  6. Ben-Sasson, E., Bentov, I., Horesh, Y., Riabzev, M.: Scalable, transparent, and post-quantum secure computational integrity. Cryptology ePrint Archive, Report 2018/046 (2018). https://eprint.iacr.org/2018/046

  7. Baldimtsi, F., et al.: Accumulators with applications to anonymity-preserving revocation. Cryptology ePrint Archive, Report 2017/043 (2017). http://eprint.iacr.org/2017/043

  8. Ben-Sasson, E., et al.: Zerocash: decentralized anonymous payments from bitcoin. In: 2014 IEEE Symposium on Security and Privacy, pp. 459–474. IEEE Computer Society Press, May 2014

    Google Scholar 

  9. Bangerter, E., Camenisch, J., Krenn, S.: Efficiency limitations for \(\sum \)-protocols for group homomorphisms. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 553–571. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-11799-2_33

    Chapter  Google Scholar 

  10. Ben-Sasson, E., Chiesa, A., Spooner, N.: Interactive oracle proofs. In: Hirt, M., Smith, A. (eds.) TCC 2016, Part II. LNCS, vol. 9986, pp. 31–60. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53644-5_2

    Chapter  Google Scholar 

  11. Benaloh, J., de Mare, M.: One-way accumulators: a decentralized alternative to digital signatures. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 274–285. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48285-7_24

    Chapter  Google Scholar 

  12. Buchmann, J., Hamdy, S.: A survey on IQ cryptography. In: Public-Key Cryptography and Computational Number Theory, pp. 1–15 (2001)

    Google Scholar 

  13. Buldas, A., Laud, P., Lipmaa, H.: Accountable certificate management using undeniable attestations. In: Jajodia, S., Samarati, P. (eds) ACM CCS 2000, pp. 9–17. ACM Press, November 2000

    Google Scholar 

  14. Ben-Sasson, E., Chiesa, A., Riabzev, M., Spooner, N., Virza, M., Ward, N.P.: Aurora: Transparent succinct arguments for r1cs. Cryptology ePrint Archive, Report 2018/828 (2018). https://eprint.iacr.org/2018/828

  15. Catalano, D., Fiore, D.: Vector commitments and their applications. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 55–72. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36362-7_5

    Chapter  Google Scholar 

  16. Canard, S., Jambert, A.: On extended sanitizable signature schemes. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 179–194. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-11925-5_13

    Chapter  Google Scholar 

  17. Camenisch, J., Lysyanskaya, A.: Dynamic accumulators and application to efficient revocation of anonymous credentials. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 61–76. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45708-9_5

    Chapter  Google Scholar 

  18. Damgård, I., Koprowski, M.: Generic lower bounds for root extraction and signature schemes in general groups. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 256–271. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-46035-7_17

    Chapter  MATH  Google Scholar 

  19. Drake, J.: Accumulators, scalability of utxo blockchains, and data availability. https://ethresear.ch/t/accumulators-scalability-of-utxo-blockchains-and-data-availability/176

  20. Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987). https://doi.org/10.1007/3-540-47721-7_12

    Chapter  Google Scholar 

  21. Fromknecht, C., Velicanu, D., Yakoubov, S.: A decentralized public key infrastructure with identity retention. Cryptology ePrint Archive, Report 2014/803 (2014). http://eprint.iacr.org/2014/803

  22. Garman, C., Green, M., Miers, I.: Decentralized anonymous credentials. In: NDSS 2014. The Internet Society, February 2014

    Google Scholar 

  23. Hamdy, S., Möller, B.: Security of cryptosystems based on class groups of imaginary quadratic orders. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 234–247. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44448-3_18

    Chapter  Google Scholar 

  24. Kilian, J.: A note on efficient zero-knowledge proofs and arguments (extended abstract). In: 24th ACM STOC, pp. 723–732. ACM Press, May 1992

    Google Scholar 

  25. Lipmaa, H.: Secure accumulators from euclidean rings without trusted setup. In: Bao, F., Samarati, P., Zhou, J. (eds.) ACNS 2012. LNCS, vol. 7341, pp. 224–240. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31284-7_14

    Chapter  Google Scholar 

  26. Li, J., Li, N., Xue, R.: Universal accumulators with efficient nonmembership proofs. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 253–269. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-72738-5_17

    Chapter  Google Scholar 

  27. Lai, R.W.F., Malavolta, G.: Optimal succinct arguments via hidden order groups. Cryptology ePrint Archive, Report 2018/705 (2018). https://eprint.iacr.org/2018/705

  28. Libert, B., Ramanna, S.C., Yung, M.: Functional commitment schemes: from polynomial commitments to pairing-based accumulators from simple assumptions. In: Chatzigiannakis, I., Mitzenmacher, M., Rabani, Y., Sangiorgi, D. (eds) ICALP 2016, volume 55 of LIPIcs, pp. 30:1–30:14. Schloss Dagstuhl, July 2016

    Google Scholar 

  29. Merkle, R.C.: A digital signature based on a conventional encryption function. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 369–378. Springer, Heidelberg (1988). https://doi.org/10.1007/3-540-48184-2_32

    Chapter  Google Scholar 

  30. Miers, I., Garman, C., Green, M., Rubin, A.D.: Zerocoin: anonymous distributed E-cash from bitcoin. In: 2013 IEEE Symposium on Security and Privacy, pp. 397–411. IEEE Computer Society Press, May 2013

    Google Scholar 

  31. Micali, S.: CS proofs (extended abstracts). In: 35th FOCS, pp. 436–453. IEEE Computer Society Press, November 1994

    Google Scholar 

  32. Nissim, K., Naor, M.: Certificate revocation and certificate update. In: Usenix (1998)

    Google Scholar 

  33. Pöhls, H.C., Samelin, K.: On updatable redactable signatures. In: Boureanu, I., Owesarski, P., Vaudenay, S. (eds.) ACNS 2014. LNCS, vol. 8479, pp. 457–475. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-07536-5_27

    Chapter  Google Scholar 

  34. Shamir, A.: On the generation of cryptographically strong pseudorandom sequences. ACM Trans. Comput. Syst. (TOCS) 1(1), 38–44 (1983)

    Article  Google Scholar 

  35. Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997). https://doi.org/10.1007/3-540-69053-0_18

    Chapter  Google Scholar 

  36. Slamanig, D.: Dynamic accumulator based discretionary access control for outsourced storage with unlinkable access. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 215–222. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32946-3_16

    Chapter  Google Scholar 

  37. Sander, T., Ta-Shma, A.: Auditable, anonymous electronic cash. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 555–572. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_35

    Chapter  Google Scholar 

  38. Sander, T., Ta-Shma, A.: Flow control: a new approach for anonymity control in electronic cash systems. In: Franklin, M. (ed.) FC 1999. LNCS, vol. 1648, pp. 46–61. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48390-X_4

    Chapter  Google Scholar 

  39. Sander, T., Ta-Shma, A., Yung, M.: Blind, auditable membership proofs. In: Frankel, Y. (ed.) FC 2000. LNCS, vol. 1962, pp. 53–71. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45472-1_5

    Chapter  Google Scholar 

  40. Todd, P., Maxwell, G., Andreev, O.: Reducing UTXO: users send parent transactions with their merkle branches, October 2013. https://bitcointalk.org

  41. Todd, P.: Making UTXO Set Growth Irrelevant With Low-Latency Delayed TXO Commitments, May 2016. https://petertodd.org/2016/delayed-txo-commitments

  42. Terelius, B., Wikström, D.: Efficiency limitations of \(\sum \)-protocols for group homomorphisms revisited. In: Visconti, I., De Prisco, R. (eds.) SCN 2012. LNCS, vol. 7485, pp. 461–476. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32928-9_26

    Chapter  MATH  Google Scholar 

  43. Wesolowski, B.: Efficient verifiable delay functions. Cryptology ePrint Archive, Report 2018/623 (2018). https://eprint.iacr.org/2018/623

  44. Wood, G.: Ethereum: A secure decentralized transaction ledger (2014). http://gavwood.com/paper.pdf

Download references

Acknowledgments

This work was partially supported by NSF, ONR, the Simons Foundation and the ZCash foundation.

Author information

Authors and Affiliations

  1. Stanford University, Stanford, USA

    Dan Boneh, Benedikt Bünz & Ben Fisch

Authors
  1. Dan Boneh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Benedikt Bünz
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ben Fisch
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Benedikt Bünz or Ben Fisch .

Editor information

Editors and Affiliations

  1. Georgia Institute of Technology, Atlanta, GA, USA

    Alexandra Boldyreva

  2. University of California at San Diego, La Jolla, CA, USA

    Daniele Micciancio

Rights and permissions

Reprints and permissions

Copyright information

© 2019 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Boneh, D., Bünz, B., Fisch, B. (2019). Batching Techniques for Accumulators with Applications to IOPs and Stateless Blockchains. In: Boldyreva, A., Micciancio, D. (eds) Advances in Cryptology – CRYPTO 2019. CRYPTO 2019. Lecture Notes in Computer Science(), vol 11692. Springer, Cham. https://doi.org/10.1007/978-3-030-26948-7_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-26948-7_20

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-26947-0

  • Online ISBN: 978-3-030-26948-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation