This is the implementation artifacts for the paper:
Extractable Witness Encryption for KZG Commitments and Efficient Laconic OT
Abstract:
We present a concretely efficient and simple extractable witness encryption scheme for KZG polynomial commitments.
It allows to encrypt a message towards a triple
Our construction is simple and highly efficient. The ciphertext is only a single group element. Encryption and decryption both require a single pairing evaluation and a constant number of group operations.
Using our witness encryption scheme for KZG we construct a simple and highly efficient laconic OT protocol which significantly outperforms the state of the art in most important metrics.
At 128-bits of security, the digest is a constant 48 bytes and the communication is just 256 bytes.
Below are the running times on an Macbook Pro M3 Max for different operations and different database sizes:
| Database Size | Hash (Time) | Send (Time) | Recv (Time) |
|---|---|---|---|
| 12.39 ms | 2.59 ms | 595.52 µs | |
| 24.58 ms | 2.62 ms | 594.31 µs | |
| 49.27 ms | 2.63 ms | 595.35 µs | |
| 98.93 ms | 2.64 ms | 590.88 µs | |
| 199.65 ms | 2.64 ms | 597.03 µs | |
| 405.10 ms | 2.64 ms | 597.60 µs | |
| 819.49 ms | 2.64 ms | 595.67 µs | |
| 1.65 s | 2.65 ms | 596.54 µs | |
| 2.90 s | 2.64 ms | 592.32 µs | |
| 5.19 s | 2.65 ms | 592.85 µs | |
| 10.08 s | 2.65 ms | 597.57 µs | |
| 20.01 s | 2.65 ms | 592.74 µs | |
| 40.76 s | 2.65 ms | 591.76 µs | |
| 1:22 m | 2.65 ms | 592.44 µs | |
| 3:48 m | 2.65 ms | 593.00 µs | |
| 6:39 m | 2.64 ms | 592.98 µs |
Where:
- Hash: compute the digest of the database (containing the OT choice bits)
- Send: OT send.
- Recv: OT receive.
Benchmarks can be reproduced by simply running cargo bench.