The CL encryption scheme, proposed in 2015 by Castagnos and Laguillaumie, is an efficient linearly homomorphic encryption scheme, based on class groups of imaginary quadratic fields. The specificity of these groups is that their order is hard to compute, which means it can be considered unknown. This particularity, while being key in the security of the scheme, brings technical challenges in working with CL, especially in the design of zero-knowledge protocols. 

To overcome these difficulties, we define a new notion of soundness, called soundness with partial extractability. Thanks to this notion, we design efficient zero-knowledge proofs and arguments for different CL-related statements. In this talk, I will in particular introduce a batched proof of correct encryption, and a succinct argument for a multiexponentiation of ciphertexts.

Joint work with G. Castagnos and F. Laguillaumie.