2G2T: Constant-Size, Statistically Sound MSM Outsourcing
Majid Khabbazian
TL;DR
The paper introduces 2G2T, an efficient protocol for verifiably outsourcing multi-scalar multiplication (MSM) computations to untrusted servers, significantly reducing client verification effort and ensuring statistical soundness.
Contribution
It presents a simple, efficient, and statistically sound protocol for MSM outsourcing that minimizes client work and enables latency-hiding verification.
Findings
Verification is up to 300x faster than local MSM computation.
Client verification involves only one scalar multiplication and one group addition.
The protocol guarantees a maximum 1/q probability of accepting incorrect results.
Abstract
Multi-scalar multiplication (MSM), MSM(vec{P},vec{x}) = sum_{i=1}^n x_i P_i, is a dominant computational kernel in discrete-logarithm-based cryptography and often becomes a bottleneck for verifiers and other resource-constrained clients. We present 2G2T, a simple protocol for verifiably outsourcing MSM to an untrusted server. 2G2T is efficient for both parties: the server performs only two MSM computations and returns only two group elements to the client, namely the claimed result A = MSM(vec{P},vec{x}) and an auxiliary group element B. Client-side verification consists of a single length-n field inner product and only three group operations (two scalar multiplications and one group addition). In our Ristretto255 implementation, verification is up to about 300x faster than computing the MSM locally using a highly optimized MSM routine (for n up to 2^18). Moreover, 2G2T enables…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.