Efficient Noninteractive Polynomial Commitment Scheme in the Discrete Logarithm Setting

Polynomial commitment schemes (PCSs) are fundamental components that can effectively solve the problems arising from the combination of Internet of Things and blockchain. These allow a committer to commit to a polynomial and then later evaluate the committed polynomial at an arbitrary challenge point along with a proof of valid, without revealing any additional information about the polynomial. Recent works have presented polynomial commitment schemes based on the discrete logarithm assumption. Their schemes do not require a trusted setup, and the verifier uses homomorphism to check the polynomial evaluation proofs. However, these schemes require two-party interactions and satisfy only special soundness and special honest verifier zero-knowledge, which are infeasible for some nonsimultaneous online or decentralized applications. In this article, we propose a novel PCS inspired by the idea of the Fiat–Shamir heuristic. Our scheme is noninteractive between the committer and the verifier. Instead of waiting for the challenge values from the verifier, the committer generates the values by accessing a random oracle. Moreover, it satisfies computational soundness and zero-knowledge by using a group operation to enhance the unpredictability of challenge values. We also propose a trapdoor commitment scheme to ensure the honest use of challenge values by the committers. Finally, we present the security and performance analysis of our scheme, which shows that our scheme is feasible with an acceptable time overhead.