Constant-Size Commitments to Polynomials and Their Applications

  • Aniket Kate
  • Gregory M. Zaverucha
  • Ian Goldberg
Conference paper

DOI: 10.1007/978-3-642-17373-8_11

Part of the Lecture Notes in Computer Science book series (LNCS, volume 6477)
Cite this paper as:
Kate A., Zaverucha G.M., Goldberg I. (2010) Constant-Size Commitments to Polynomials and Their Applications. In: Abe M. (eds) Advances in Cryptology - ASIACRYPT 2010. ASIACRYPT 2010. Lecture Notes in Computer Science, vol 6477. Springer, Berlin, Heidelberg


We introduce and formally define polynomial commitment schemes, and provide two efficient constructions. A polynomial commitment scheme allows a committer to commit to a polynomial with a short string that can be used by a verifier to confirm claimed evaluations of the committed polynomial. Although the homomorphic commitment schemes in the literature can be used to achieve this goal, the sizes of their commitments are linear in the degree of the committed polynomial. On the other hand, polynomial commitments in our schemes are of constant size (single elements). The overhead of opening a commitment is also constant; even opening multiple evaluations requires only a constant amount of communication overhead. Therefore, our schemes are useful tools to reduce the communication cost in cryptographic protocols. On that front, we apply our polynomial commitment schemes to four problems in cryptography: verifiable secret sharing, zero-knowledge sets, credentials and content extraction signatures.


Polynomial Commitments Verifiable Secret Sharing Zero-Knowledge Sets Credentials 
Download to read the full conference paper text

Copyright information

© International Association for Cryptologic Research 2010

Authors and Affiliations

  • Aniket Kate
    • 1
  • Gregory M. Zaverucha
    • 2
  • Ian Goldberg
    • 3
  1. 1.Max Planck Institute for Software Systems (MPI-SWS) 
  2. 2.Certicom Research 
  3. 3.University of Waterloo 

Personalised recommendations