research-article

Free access

Separating succinct non-interactive arguments from all falsifiable assumptions

Authors:

Daniel WichsAuthors Info & Claims

STOC '11: Proceedings of the forty-third annual ACM symposium on Theory of computing

Pages 99 - 108

https://doi.org/10.1145/1993636.1993651

Published: 06 June 2011 Publication History

Abstract

An argument system for NP is succinct, if its communication complexity is polylogarithmic the instance and witness sizes. The seminal works of Kilian '92 and Micali '94 show that such arguments can be constructed under standard cryptographic hardness assumptions with four rounds of interaction, and that they be made non-interactive in the random-oracle model. However, we currently do not have any construction of succinct non-interactive arguments (SNARGs) in the standard model with a proof of security under any simple cryptographic assumption.

In this work, we give a broad black-box separation result, showing that black-box reductions cannot be used to prove the security of any SNARG construction based on any falsifiable cryptographic assumption. This includes essentially all common assumptions used in cryptography (one-way functions, trapdoor permutations, DDH, RSA, LWE etc.). More generally, we say that an assumption is falsifiable if it can be modeled as an interactive game between an adversary and an efficient challenger that can efficiently decide if the adversary won the game. This is similar, in spirit, to the notion of falsifiability of Naor '03, and captures the fact that we can efficiently check if an adversarial strategy breaks the assumption.

Our separation result also extends to designated verifier SNARGs, where the verifier needs a trapdoor associated with the CRS to verify arguments, and slightly succinct SNARGs, whose size is only required to be sublinear in the statement and witness size.

Supplementary Material

JPG File (stoc_2b_2.jpg)

Download
16.42 KB

MP4 File (stoc_2b_2.mp4)

Download
94.92 MB

References

[1]

William Aiello, Sandeep N. Bhatt, Rafail Ostrovsky, and Sivaramakrishnan Rajagopalan. Fast verification of any remote procedure call: Short witness-indistinguishable one-round proofs for np. In ICALP, pages 463--474, 2000.

Digital Library

[2]

Masayuki Abe and Serge Fehr. Perfect nizk with adaptive soundness. In TCC, pages 118--136, 2007.

Digital Library

[3]

Sanjeev Arora, Carsten Lund, Rajeev Motwani, Madhu Sudan, and Mario Szegedy. Proof verification and the hardness of approximation problems. J. ACM, 45(3):501--555, 1998.

Digital Library

[4]

Boaz Barak. How to go beyond the black-box simulation barrier. In FOCS, pages 106--115, 2001.

Digital Library

[5]

László Babai, Lance Fortnow, Leonid A. Levin, and Mario Szegedy. Checking computations in polylogarithmic time. In STOC, pages 21--31. ACM, 1991.

Digital Library

[6]

Boaz Barak and Rafael Pass. On the possibility of one-message weak zero-knowledge. In TCC, pages 121--132, 2004.

[7]

Dan Boneh, Periklis A. Papakonstantinou, Charles Rackoff, Yevgeniy Vahlis, and Brent Waters. On the impossibility of basing identity based encryption on trapdoor permutations. In FOCS, pages 283--292, 2008.

Digital Library

[8]

Boaz Barak, Ronen Shaltiel, and Avi Wigderson. Computational analogues of entropy. In RANDOM-APPROX, pages 200--215, 2003.

[9]

Giovanni Di Crescenzo and Helger Lipmaa. Succinct np proofs from an extractability assumption. In Arnold Beckmann, Costas Dimitracopoulos, and Benedikt Löwe, editors, CiE, volume 5028 of Lecture Notes in Computer Science, pages 175--185. Springer, 2008.

Digital Library

[10]

Ivan Damgård. Towards practical public key systems secure against chosen ciphertext attacks. In CRYPTO, pages 445--456, 1991.

Digital Library

[11]

Cynthia Dwork, Michael Langberg, Moni Naor, Kobbi Nissim, and Omer Reingold. Succint proofs for NP and spooky interactions. Manuscript, 2004.

[12]

Yevgeniy Dodis, Roberto Oliveira, and Krzysztof Pietrzak. On the generic insecurity of the full domain hash. In CRYPTO, pages 449--466, 2005.

Digital Library

[13]

Stefan Dziembowski and Krzysztof Pietrzak. Leakage-resilient cryptography. In FOCS, pages 293--302, 2008.

Digital Library

[14]

Uriel Feige, Shafi Goldwasser, László Lovász, Shmuel Safra, and Mario Szegedy. Approximating clique is almost np-complete (preliminary version). In FOCS, pages 2--12, 1991.

Digital Library

[15]

Amos Fiat and Adi Shamir. How to prove yourself: Practical solutions to identification and signature problems. In CRYPTO, pages 186--194, 1986.

Digital Library

[16]

Oded Goldreich and Johan Håstad. On the complexity of interactive proofs with bounded communication. Inf. Process. Lett., 67(4):205--214, 1998.

Digital Library

[17]

Yael Gertner, Sampath Kannan, Tal Malkin, Omer Reingold, and Mahesh Viswanathan. The relationship between public key encryption and oblivious transfer. In FOCS, pages 325--335, 2000.

Digital Library

[18]

Shafi Goldwasser, Silvio Micali, and Charles Rackoff. The knowledge complexity of interactive proof-systems (extended abstract). In STOC, pages 291--304, 1985.

Digital Library

[19]

Yael Gertner, Tal Malkin, and Omer Reingold. On the impossibility of basing trapdoor functions on trapdoor predicates. In FOCS, pages 126--135, 2001.

Digital Library

[20]

Jens Groth. Short pairing-based non-interactive zero-knowledge arguments. Asiacrypt, 2010. To Appear.

[21]

Oded Goldreich, Salil P. Vadhan, and Avi Wigderson. On interactive proofs with a laconic prover. Computational Complexity, 11(1--2):1--53, 2002.

Digital Library

[22]

Iftach Haitner and Thomas Holenstein. On the (im)possibility of key dependent encryption. In Omer Reingold, editor, TCC, volume 5444 of Lecture Notes in Computer Science, pages 202--219. Springer, 2009.

Digital Library

[23]

Satoshi Hada and Toshiaki Tanaka. On the existence of 3-round zero-knowledge protocols. In Hugo Krawczyk, editor, CRYPTO, volume 1462 of Lecture Notes in Computer Science, pages 408--423. Springer, 1998.

Digital Library

[24]

Russell Impagliazzo. Hard-core distributions for somewhat hard problems. In FOCS, pages 538--545, 1995.

Digital Library

[25]

Russell Impagliazzo and Steven Rudich. Limits on the provable consequences of one-way permutations. In STOC, pages 44--61, 1989.

Digital Library

[26]

Joe Kilian. A note on efficient zero-knowledge proofs and arguments (extended abstract). In STOC, pages 723--732, 1992.

Digital Library

[27]

Carsten Lund, Lance Fortnow, Howard J. Karloff, and Noam Nisan. Algebraic methods for interactive proof systems. In FOCS, pages 2--10, 1990.

Digital Library

[28]

Silvio Micali. Cs proofs (extended abstracts). In FOCS, pages 436--453, 1994.

Digital Library

[29]

Thilo Mie. Polylogarithmic two-round argument systems. Journal of Mathematical Cryptology, 2(4):343--363, 2008.

[30]

Moni Naor. On cryptographic assumptions and challenges. In CRYPTO, pages 96--109, 2003.

[31]

Rafael Pass. Limits of security reductions from standard assumptions. In STOC, 2011.

Digital Library

[32]

Omer Reingold, Luca Trevisan, Madhur Tulsiani, and Salil P. Vadhan. Dense subsets of pseudorandom sets. In FOCS, pages 76--85, 2008.

Digital Library

[33]

Omer Reingold, Luca Trevisan, and Salil P. Vadhan. Notions of reducibility between cryptographic primitives. In TCC, pages 1--20, 2004.

[34]

Guy N. Rothblum and Salil P. Vadhan. Are pcps inherent in efficient arguments? Computational Complexity, 19(2):265--304, 2010.

Digital Library

[35]

Adi Shamir. IP=PSPACE. In FOCS, pages 11--15, 1990.

[36]

Daniel R. Simon. Finding collisions on a one-way street: Can secure hash functions be based on general assumptions? In EUROCRYPT, pages 334--345, 1998.

[37]

J. von Neumann. Zur theorie der gesellschaftsspiele. In Math. Annalen, pages 100:295--320, 1928.

[38]

Hoeteck Wee. On round-efficient argument systems. In ICALP, pages 140--152, 2005.

Digital Library

Cited By

Buxbaum SMahmoody M(2025)A Note on the Minimality of One-Way Functions in Post-Quantum CryptographyIACR Communications in Cryptology10.62056/a6ksr-10k1:4Online publication date: 13-Jan-2025
https://doi.org/10.62056/a6ksr-10k
Hall-Andersen MSimkin MWagner B(2025)Foundations of Data Availability SamplingIACR Communications in Cryptology10.62056/a09qudhdj1:4Online publication date: 13-Jan-2025
https://doi.org/10.62056/a09qudhdj
Lee K(2024)Bit Security as Cost to Demonstrate AdvantageIACR Communications in Cryptology10.62056/an5txol7Online publication date: 9-Apr-2024
https://doi.org/10.62056/an5txol7
Show More Cited By

Index Terms

Separating succinct non-interactive arguments from all falsifiable assumptions
1. Theory of computation
  1. Computational complexity and cryptography
    1. Complexity classes

Recommendations

From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again
ITCS '12: Proceedings of the 3rd Innovations in Theoretical Computer Science Conference

The existence of succinct non-interactive arguments for NP (i.e., non-interactive computationally-sound proofs where the verifier's work is essentially independent of the complexity of the NP nondeterministic verifier) has been an intriguing question ...
On Minimal Assumptions for Sender-Deniable Public Key Encryption
Proceedings of the 17th International Conference on Public-Key Cryptography --- PKC 2014 - Volume 8383

The primitive of deniable encryption was introduced by Canetti et al. CRYPTO, 1997. Deniable encryption is an encryption scheme with the added feature that after transmitting a message m, both sender and receiver may produce random coins showing that ...
Separating short structure-preserving signatures from non-interactive assumptions
ASIACRYPT'11: Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security

Structure-preserving signatures are signatures whose public keys, messages, and signatures are all group elements in bilinear groups, and the verification is done by evaluating pairing product equations. It is known that any structure-preserving ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

STOC '11: Proceedings of the forty-third annual ACM symposium on Theory of computing

June 2011

840 pages

ISBN:9781450306911

DOI:10.1145/1993636

General Chair:
Lance Fortnow
Northwestern University
,
Program Chair:
Salil Vadhan
Harvard University

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGACT: ACM Special Interest Group on Algorithms and Computation Theory

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 June 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

STOC'11

Sponsor:

SIGACT

STOC'11: Symposium on Theory of Computing

June 6 - 8, 2011

California, San Jose, USA

Acceptance Rates

STOC '11 Paper Acceptance Rate 84 of 304 submissions, 28%;

Overall Acceptance Rate 1,469 of 4,586 submissions, 32%

Upcoming Conference

STOC '25

Sponsor:
sigact

57th Annual ACM Symposium on Theory of Computing (STOC 2025)

June 23 - 27, 2025

Prague , Czech Republic

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

310
Total Citations
View Citations
1,172
Total Downloads

Downloads (Last 12 months)219
Downloads (Last 6 weeks)29

Reflects downloads up to 13 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Buxbaum SMahmoody M(2025)A Note on the Minimality of One-Way Functions in Post-Quantum CryptographyIACR Communications in Cryptology10.62056/a6ksr-10k1:4Online publication date: 13-Jan-2025
https://doi.org/10.62056/a6ksr-10k
Hall-Andersen MSimkin MWagner B(2025)Foundations of Data Availability SamplingIACR Communications in Cryptology10.62056/a09qudhdj1:4Online publication date: 13-Jan-2025
https://doi.org/10.62056/a09qudhdj
Lee K(2024)Bit Security as Cost to Demonstrate AdvantageIACR Communications in Cryptology10.62056/an5txol7Online publication date: 9-Apr-2024
https://doi.org/10.62056/an5txol7
Luo J(2024)Ad Hoc Broadcast, Trace, and RevokeIACR Communications in Cryptology10.62056/a39qxrxqiOnline publication date: 8-Jul-2024
https://doi.org/10.62056/a39qxrxqi
Lin XCao HLiu FWang ZWang M(2024)Shorter ZK-SNARKs from square span programs over ideal latticesCybersecurity10.1186/s42400-024-00215-x7:1Online publication date: 19-Mar-2024
https://doi.org/10.1186/s42400-024-00215-x
Jin ZKalai YLombardi AVaikuntanathan VMohar BShinkar IO'Donnell R(2024)SNARGs under LWE via Propositional ProofsProceedings of the 56th Annual ACM Symposium on Theory of Computing10.1145/3618260.3649770(1750-1757)Online publication date: 10-Jun-2024
https://dl.acm.org/doi/10.1145/3618260.3649770
Lei DLiang JZhang CLiu XHe DZhu LGuo S(2024)Publicly Verifiable and Secure SVM Classification for Cloud-Based Health Monitoring ServicesIEEE Internet of Things Journal10.1109/JIOT.2023.332635811:6(9829-9842)Online publication date: 15-Mar-2024
https://doi.org/10.1109/JIOT.2023.3326358
Abdolmaleki BGlaeser NRamacher SSlamanig D(2024)Circuit-Succinct Universally-Composable NIZKs with Updatable CRS2024 IEEE 37th Computer Security Foundations Symposium (CSF)10.1109/CSF61375.2024.00006(527-542)Online publication date: 8-Jul-2024
https://doi.org/10.1109/CSF61375.2024.00006
Krishnan DFu X(2024)Towards Zero Knowledge Argument for Double Discrete Logarithm with Constant CostTheoretical Computer Science10.1016/j.tcs.2024.114799(114799)Online publication date: Aug-2024
https://doi.org/10.1016/j.tcs.2024.114799
Fuller B(2024)Impossibility of efficient information-theoretic fuzzy extractionDesigns, Codes and Cryptography10.1007/s10623-024-01376-z92:7(1983-2009)Online publication date: 14-Mar-2024
https://doi.org/10.1007/s10623-024-01376-z
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents