Article

Snarky Ceremonies

Authors:

Markulf Kohlweiss,

Mikhail VolkhovAuthors Info & Claims

Advances in Cryptology – ASIACRYPT 2021: 27th International Conference on the Theory and Application of Cryptology and Information Security, Singapore, December 6–10, 2021, Proceedings, Part III

Pages 98 - 127

https://doi.org/10.1007/978-3-030-92078-4_4

Published: 06 December 2021 Publication History

Abstract

Succinct non-interactive arguments of knowledge (SNARKs) have found numerous applications in the blockchain setting and elsewhere. The most efficient SNARKs require a distributed ceremony protocol to generate public parameters, also known as a structured reference string (SRS). Our contributions are two-fold:

•

We give a security framework for non-interactive zero-knowledge arguments with a ceremony protocol.

•

We revisit the ceremony protocol of Groth’s SNARK [Bowe et al., 2017]. We show that the original construction can be simplified and optimized, and then prove its security in our new framework. Importantly, our construction avoids the random beacon model used in the original work.

References

[1]

Abdolmaleki B, Baghery K, Lipmaa H, Siim J, and Zając M Buchmann J, Nitaj A, and Rachidi T UC-secure CRS generation for SNARKs Progress in Cryptology – AFRICACRYPT 2019 2019 Cham Springer 99-117

[2]

Abdolmaleki B, Baghery K, Lipmaa H, and Zając M Takagi T and Peyrin T A subversion-resistant SNARK Advances in Cryptology – ASIACRYPT 2017 2017 Cham Springer 3-33

[3]

Baghery, K., Kohlweiss, M., Siim, J., Volkhov, M.: Another look at extraction and randomization of Groth’s zk-SNARK. Cryptology ePrint Archive, Report 2020/811 (2020). https://eprint.iacr.org/2020/811

[4]

Bauer B, Fuchsbauer G, and Loss J Micciancio D and Ristenpart T A classification of computational assumptions in the algebraic group model Advances in Cryptology – CRYPTO 2020 2020 Cham Springer 121-151

[5]

Bellare M, Fuchsbauer G, and Scafuro A Cheon JH and Takagi T NIZKs with an untrusted CRS: security in the face of parameter subversion Advances in Cryptology – ASIACRYPT 2016 2016 Heidelberg Springer 777-804

[6]

Ben-Sasson, E., et al.: Zerocash: decentralized anonymous payments from bitcoin. In: 2014 IEEE Symposium on Security and Privacy, pp. 459–474. IEEE Computer Society Press, May 2014

[7]

Ben-Sasson, E., Chiesa, A., Green, M., Tromer, E., Virza, M.: Secure sampling of public parameters for succinct zero knowledge proofs. In: 2015 IEEE Symposium on Security and Privacy, pp. 287–304. IEEE Computer Society Press, May 2015

[8]

Ben-Sasson, E., Chiesa, A., Tromer, E., Virza, M.: Succinct non-interactive zero knowledge for a von neumann architecture. In: Fu, K., Jung, J. (eds.) USENIX Security 2014, pp. 781–796. USENIX Association, August 2014

[9]

Boneh D, Bonneau J, Bünz B, and Fisch B Shacham H and Boldyreva A Verifiable delay functions Advances in Cryptology – CRYPTO 2018 2018 Cham Springer 757-788

[10]

Bowe, S., Chiesa, A., Green, M., Miers, I., Mishra, P., Wu, H.: ZEXE: Enabling decentralized private computation. In: 2020 IEEE Symposium on Security and Privacy, pp. 947–964. IEEE Computer Society Press, May 2020

[11]

Bowe, S., Gabizon, A., Green, M.D.: A multi-party protocol for constructing the public parameters of the Pinocchio zk-SNARK. Cryptology ePrint Archive, Report 2017/602 (2017). http://eprint.iacr.org/2017/602

[12]

Bowe, S., Gabizon, A., Miers, I.: Scalable multi-party computation for zk-SNARK parameters in the random beacon model. Cryptology ePrint Archive, Report 2017/1050 (2017). http://eprint.iacr.org/2017/1050

[13]

Bünz, B., Maller, M., Mishra, P., Vesely, N.: Proofs for inner pairing products and applications. Cryptology ePrint Archive, Report 2019/1177 (2019). https://eprint.iacr.org/2019/1177

[14]

Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: 42nd FOCS, pp. 136–145. IEEE Computer Society Press, October 2001

[15]

Chiesa A, Hu Y, Maller M, Mishra P, Vesely N, and Ward N Canteaut A and Ishai Y Marlin: preprocessing zkSNARKs with universal and updatable SRS Advances in Cryptology – EUROCRYPT 2020 2020 Cham Springer 738-768

[16]

Danezis G, Fournet C, Groth J, and Kohlweiss M Sarkar P and Iwata T Square span programs with applications to succinct NIZK arguments Advances in Cryptology – ASIACRYPT 2014 2014 Heidelberg Springer 532-550

[17]

Fuchsbauer G Abdalla M and Dahab R Subversion-zero-knowledge SNARKs Public-Key Cryptography – PKC 2018 2018 Cham Springer 315-347

[18]

Fuchsbauer G, Kiltz E, and Loss J Shacham H and Boldyreva A The algebraic group model and its applications Advances in Cryptology – CRYPTO 2018 2018 Cham Springer 33-62

[19]

Fuchsbauer G, Plouviez A, and Seurin Y Canteaut A and Ishai Y Blind Schnorr signatures and signed ElGamal encryption in the algebraic group model Advances in Cryptology – EUROCRYPT 2020 2020 Cham Springer 63-95

[20]

Gabizon, A.: On the security of the BCTV pinocchio zk-SNARK variant. Cryptology ePrint Archive, Report 2019/119 (2019). https://eprint.iacr.org/2019/119

[21]

Gabizon, A., Williamson, Z.J., Ciobotaru, O.: PLONK: permutations over lagrange-bases for oecumenical noninteractive arguments of knowledge. Cryptology ePrint Archive, Report 2019/953 (2019). https://eprint.iacr.org/2019/953

[22]

Gennaro R, Gentry C, Parno B, and Raykova M Johansson T and Nguyen PQ Quadratic span programs and succinct NIZKs without PCPs Advances in Cryptology – EUROCRYPT 2013 2013 Heidelberg Springer 626-645

[23]

Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof-systems (extended abstract). In: 17th ACM STOC, pp. 291–304. ACM Press, May 1985

[24]

Groth J Abe M Short pairing-based non-interactive zero-knowledge arguments Advances in Cryptology - ASIACRYPT 2010 2010 Heidelberg Springer 321-340

[25]

Groth J Fischlin M and Coron J-S On the size of pairing-based non-interactive arguments Advances in Cryptology – EUROCRYPT 2016 2016 Heidelberg Springer 305-326

[26]

Groth J, Kohlweiss M, Maller M, Meiklejohn S, and Miers I Shacham H and Boldyreva A Updatable and universal common reference strings with applications to zk-SNARKs Advances in Cryptology – CRYPTO 2018 2018 Cham Springer 698-728

[27]

Han, R., Yu, J., Lin, H.: RandChain: decentralised randomness beacon from sequential proof-of-work. Cryptology ePrint Archive, Report 2020/1033 (2020). https://eprint.iacr.org/2020/1033

[28]

Hanke, T., Movahedi, M., Williams, D.: Dfinity technology overview series, consensus system. arXiv preprint arXiv:1805.04548 (2018). https://arxiv.org/abs/1805.04548

[29]

Kerber, T., Kiayas, A., Kohlweiss, M.: Composition with knowledge assumptions. Cryptology ePrint Archive, Report 2021/165 (2021). https://eprint.iacr.org/2021/165

[30]

Kiayias A, Russell A, David B, and Oliynykov R Katz J and Shacham H Ouroboros: a provably secure proof-of-stake blockchain protocol Advances in Cryptology – CRYPTO 2017 2017 Cham Springer 357-388

[31]

Kosba, A.E., Miller, A., Shi, E., Wen, Z., Papamanthou, C.: Hawk: the blockchain model of cryptography and privacy-preserving smart contracts. In: 2016 IEEE Symposium on Security and Privacy, pp. 839–858. IEEE Computer Society Press, May 2016

[32]

Kosba, A.E., Papadopoulos, D., Papamanthou, C., Song, D.: MIRAGE: succinct arguments for randomized algorithms with applications to universal zk-SNARKs. In: Capkun, S., Roesner, F. (eds.) USENIX Security 2020, pp. 2129–2146. USENIX Association, August 2020

[33]

Lee, J., Choi, J., Kim, J., Oh, H.: SAVER: snark-friendly, additively-homomorphic, and verifiable encryption and decryption with rerandomization. Cryptology ePrint Archive, Report 2019/1270 (2019). https://eprint.iacr.org/2019/1270

[34]

Lipmaa H Cramer R Progression-free sets and sublinear pairing-based non-interactive zero-knowledge arguments Theory of Cryptography 2012 Heidelberg Springer 169-189

[35]

Maller, M.: A proof of security for the sapling generation of zk-SNARK parameters in the generic group model (2018). https://github.com/zcash/sapling-security-analysis/blob/master/MaryMallerUpdated.pdf. Accessed 26 Feb 2020

[36]

Maller, M., Bowe, S., Kohlweiss, M., Meiklejohn, S.: Sonic: zero-knowledge SNARKs from linear-size universal and updatable structured reference strings. In: Cavallaro, L., Kinder, J., Wang, X., Katz, J. (eds.) ACM CCS 2019, pp. 2111–2128. ACM Press, November 2019

[37]

Parno, B., Howell, J., Gentry, C., Raykova, M.: Pinocchio: nearly practical verifiable computation. In: 2013 IEEE Symposium on Security and Privacy, pp. 238–252. IEEE Computer Society Press, May 2013

[38]

Pietrzak, K.: Simple verifiable delay functions. In: Blum, A. (ed.) ITCS 2019, vol. 124, pp. 60:1–60:15. LIPIcs, January 2019

[39]

Wesolowski B Ishai Y and Rijmen V Efficient verifiable delay functions Advances in Cryptology – EUROCRYPT 2019 2019 Cham Springer 379-407

Cited By

Cohen RDoerner JKondi YShelat A(2024)Secure Multiparty Computation with Identifiable Abort via Vindicating ReleaseAdvances in Cryptology – CRYPTO 202410.1007/978-3-031-68397-8_2(36-73)Online publication date: 18-Aug-2024
https://dl.acm.org/doi/10.1007/978-3-031-68397-8_2
Doerner JKondi YRosenbloom L(2024)Sometimes You Can’t Distribute Random-Oracle-Based ProofsAdvances in Cryptology – CRYPTO 202410.1007/978-3-031-68388-6_12(323-358)Online publication date: 18-Aug-2024
https://dl.acm.org/doi/10.1007/978-3-031-68388-6_12
Fuchsbauer GWolf M(2024)Concurrently Secure Blind Schnorr SignaturesAdvances in Cryptology – EUROCRYPT 202410.1007/978-3-031-58723-8_5(124-160)Online publication date: 26-May-2024
https://dl.acm.org/doi/10.1007/978-3-031-58723-8_5
Show More Cited By

Index Terms

Snarky Ceremonies

Index terms have been assigned to the content through auto-classification.

Recommendations

An adaptive threat model for security ceremonies

Ever since Needham and Schroeder introduced the notion of an active attacker, significant research has been conducted regarding protocol design and analysis to verify that the protocols' goals are robust against this type of attacker. Nowadays, the ...
An updated threat model for security ceremonies
SAC '13: Proceedings of the 28th Annual ACM Symposium on Applied Computing

Since Needham and Schroeder introduced the idea of an active attacker, a lot of research has been made in the protocol design and analysis area in order to verify the protocols' claims against this type of attacker. Nowadays, the Dolev-Yao threat model ...
Mining for Privacy: How to Bootstrap a Snarky Blockchain
Financial Cryptography and Data Security
Abstract
Non-interactive zero-knowledge proofs, and more specifically succinct non-interactive zero-knowledge arguments (zk-SNARKs), have been proven to be the “Swiss army knife” of the blockchain and distributed ledger space, with a variety of ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

Advances in Cryptology – ASIACRYPT 2021: 27th International Conference on the Theory and Application of Cryptology and Information Security, Singapore, December 6–10, 2021, Proceedings, Part III

Dec 2021

712 pages

ISBN:978-3-030-92077-7

DOI:10.1007/978-3-030-92078-4

Editors:
Mehdi Tibouchi
NTT Corporation, Tokyo, Japan
,
Huaxiong Wang
Nanyang Technological University, Singapore, Singapore

© International Association for Cryptologic Research 2021.

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 06 December 2021

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Cohen RDoerner JKondi YShelat A(2024)Secure Multiparty Computation with Identifiable Abort via Vindicating ReleaseAdvances in Cryptology – CRYPTO 202410.1007/978-3-031-68397-8_2(36-73)Online publication date: 18-Aug-2024
https://dl.acm.org/doi/10.1007/978-3-031-68397-8_2
Doerner JKondi YRosenbloom L(2024)Sometimes You Can’t Distribute Random-Oracle-Based ProofsAdvances in Cryptology – CRYPTO 202410.1007/978-3-031-68388-6_12(323-358)Online publication date: 18-Aug-2024
https://dl.acm.org/doi/10.1007/978-3-031-68388-6_12
Fuchsbauer GWolf M(2024)Concurrently Secure Blind Schnorr SignaturesAdvances in Cryptology – EUROCRYPT 202410.1007/978-3-031-58723-8_5(124-160)Online publication date: 26-May-2024
https://dl.acm.org/doi/10.1007/978-3-031-58723-8_5
Nikolaenko VRagsdale SBonneau JBoneh D(2024)Powers-of-Tau to the People: Decentralizing Setup CeremoniesApplied Cryptography and Network Security10.1007/978-3-031-54776-8_5(105-134)Online publication date: 5-Mar-2024
https://dl.acm.org/doi/10.1007/978-3-031-54776-8_5
Lipmaa HParisella RSiim J(2023)Algebraic Group Model with Oblivious SamplingTheory of Cryptography10.1007/978-3-031-48624-1_14(363-392)Online publication date: 29-Nov-2023
https://dl.acm.org/doi/10.1007/978-3-031-48624-1_14
Baghery KMertens ASedaghat M(2023)Benchmarking the Setup of Updatable Zk-SNARKsProgress in Cryptology – LATINCRYPT 202310.1007/978-3-031-44469-2_19(375-396)Online publication date: 3-Oct-2023
https://dl.acm.org/doi/10.1007/978-3-031-44469-2_19
Abraham IJovanovic PMaller MMeiklejohn SStern G(2023)Bingo: Adaptivity and Asynchrony in Verifiable Secret Sharing and Distributed Key GenerationAdvances in Cryptology – CRYPTO 202310.1007/978-3-031-38557-5_2(39-70)Online publication date: 20-Aug-2023
https://dl.acm.org/doi/10.1007/978-3-031-38557-5_2
Zapico AButerin VKhovratovich DMaller MNitulescu ASimkin MYin HStavrou ACremers CShi E(2022)CaulkProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security10.1145/3548606.3560646(3121-3134)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3548606.3560646

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents