Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                



Dates are inconsistent

Dates are inconsistent

56 results sorted by ID

2024/1812 (PDF) Last updated: 2024-11-05
Batching Adaptively-Sound SNARGs for NP
Lalita Devadas, Brent Waters, David J. Wu
Foundations

A succinct non-interactive argument (SNARG) for NP allows a prover to convince a verifier that an NP statement $x$ is true with a proof whose size is sublinear in the length of the traditional NP witness. Moreover, a SNARG is adaptively sound if the adversary can choose the statement it wants to prove after seeing the scheme parameters. Very recently, Waters and Wu (STOC 2024) showed how to construct adaptively-sound SNARGs for NP in the plain model from falsifiable assumptions...

2024/1764 (PDF) Last updated: 2024-10-29
Fully Homomorphic Encryption with Efficient Public Verification
Mi-Ying (Miryam) Huang, Baiyu Li, Xinyu Mao, Jiapeng Zhang
Public-key cryptography

We present an efficient Publicly Verifiable Fully Homomorphic Encryption scheme that, along with being able to evaluate arbitrary boolean circuits over ciphertexts, also generates a succinct proof of correct homomorphic computation. Our scheme is based on FHEW proposed by Ducas and Micciancio (Eurocrypt'15), and we incorporate the GINX homomorphic accumulator (Eurocrypt'16) for improved bootstrapping efficiency. In order to generate the proof efficiently, we generalize the widely used Rank-1...

2024/1685 (PDF) Last updated: 2024-10-16
GAPP: Generic Aggregation of Polynomial Protocols
Chaya Ganesh, Sikhar Patranabis, Shubh Prakash, Nitin Singh
Cryptographic protocols

We propose a generic framework called GAPP for aggregation of polynomial protocols. This allows proving $n$ instances of a polynomial protocol using a single aggregate proof that has $O(\log n)$ size, and can be verified using $O(\log^2 n)$ operations. The satisfiability of several univariate polynomial identities over a domain is reduced to the satisfiability of a single bivariate polynomial identity over a related domain, where the bivariate polynomials interpolate a batch of univariate...

2024/1603 (PDF) Last updated: 2024-10-08
Boosting SNARKs and Rate-1 Barrier in Arguments of Knowledge
Jiaqi Cheng, Rishab Goyal
Foundations

We design a generic compiler to boost any non-trivial succinct non-interactive argument of knowledge (SNARK) to full succinctness. Our results come in two flavors: For any constant $\epsilon > 0$, any SNARK with proof size $|\pi| < \frac{|\omega|}{\lambda^\epsilon} + \mathsf{poly}(\lambda, |x|)$ can be upgraded to a fully succinct SNARK, where all system parameters (such as proof/CRS sizes and setup/verifier run-times) grow as fixed polynomials in $\lambda$, independent of witness...

2024/1586 (PDF) Last updated: 2024-10-07
WHIR: Reed–Solomon Proximity Testing with Super-Fast Verification
Gal Arnon, Alessandro Chiesa, Giacomo Fenzi, Eylon Yogev
Cryptographic protocols

We introduce WHIR, a new IOP of proximity that offers small query complexity and exceptionally fast verification time. The WHIR verifier typically runs in a few hundred microseconds, whereas other verifiers in the literature require several milliseconds (if not much more). This significantly improves the state of the art in verifier time for hash-based SNARGs (and beyond). Crucially, WHIR is an IOP of proximity for constrained Reed–Solomon codes, which can express a rich class of queries to...

2024/1385 (PDF) Last updated: 2024-09-03
Locally Verifiable Distributed SNARGs
Eden Aldema Tshuva, Elette Boyle, Ran Cohen, Tal Moran, Rotem Oshman
Cryptographic protocols

The field of distributed certification is concerned with certifying properties of distributed networks, where the communication topology of the network is represented as an arbitrary graph; each node of the graph is a separate processor, with its own internal state. To certify that the network satisfies a given property, a prover assigns each node of the network a certificate, and the nodes then communicate with one another and decide whether to accept or reject. We require soundness and...

2024/1207 (PDF) Last updated: 2024-07-31
What Have SNARGs Ever Done for FHE?
Michael Walter
Public-key cryptography

In recent years, there have been several constructions combining FHE with SNARGs to add integrity guarantees to FHE schemes. Most of these works focused on improving efficiency, while the precise security model with regards to client side input privacy has remained understudied. Only recently it was shown by Manulis and Nguyen (Eurocrypt'24) that this combination does not yield IND-CCA1 security. So an interesting open question is: does the SNARG actually add any meaningful security to input...

2024/956 (PDF) Last updated: 2024-06-14
SNARGs under LWE via Propositional Proofs
Zhengzhong Jin, Yael Tauman Kalai, Alex Lombardi, Vinod Vaikuntanathan
Foundations

We construct a succinct non-interactive argument (SNARG) system for every NP language $\mathcal{L}$ that has a propositional proof of non-membership for each $x\notin \mathcal{L}$. The soundness of our SNARG system relies on the hardness of the learning with errors (LWE) problem. The common reference string (CRS) in our construction grows with the space required to verify the propositional proof, and the size of the proof grows poly-logarithmically in the length of the propositional...

2024/933 (PDF) Last updated: 2024-07-03
A Pure Indistinguishability Obfuscation Approach to Adaptively-Sound SNARGs for NP
Brent Waters, David J. Wu
Foundations

We construct an adaptively-sound succinct non-interactive argument (SNARG) for NP in the CRS model from sub-exponentially-secure indistinguishability obfuscation ($i\mathcal{O}$) and sub-exponentially-secure one-way functions. Previously, Waters and Wu (STOC 2024), and subsequently, Waters and Zhandry (CRYPTO 2024) showed how to construct adaptively-sound SNARGs for NP by relying on sub-exponentially-secure indistinguishability obfuscation, one-way functions, and an additional algebraic...

2024/931 (PDF) Last updated: 2024-10-14
Multi-Hop Multi-Key Homomorphic Signatures with Context Hiding from Standard Assumptions
Abtin Afshar, Jiaqi Cheng, Rishab Goyal
Public-key cryptography

Fully homomorphic signatures are a significant strengthening of digital signatures, enabling computations on \emph{secretly} signed data. Today, we have multiple approaches to design fully homomorphic signatures such as from lattices, or succinct functional commitments, or indistinguishability obfuscation, or mutable batch arguments. Unfortunately, all existing constructions for homomorphic signatures suffer from one or more limitations. We do not have homomorphic signatures with features...

2024/856 (PDF) Last updated: 2024-09-26
Indistinguishability Obfuscation from Bilinear Maps and LPN Variants
Seyoon Ragavan, Neekon Vafa, Vinod Vaikuntanathan
Foundations

We construct an indistinguishability obfuscation (IO) scheme from the sub-exponential hardness of the decisional linear problem on bilinear groups together with two variants of the learning parity with noise (LPN) problem, namely large-field LPN and (binary-field) sparse LPN. This removes the need to assume the existence pseudorandom generators (PRGs) in $\mathsf{NC}^0$ with polynomial stretch from the state-of-the-art construction of IO (Jain, Lin, and Sahai, EUROCRYPT 2022). As an...

2024/737 (PDF) Last updated: 2024-10-08
Mutable Batch Arguments and Applications
Rishab Goyal
Foundations

We put forth a new concept of mutability for batch arguments (BARGs), called mutable batch arguments. Our goal is to re-envision how we think about and use BARGs. Traditionally, a BARG proof $\pi$ is an immutable encoding of $k$ $\mathbf{NP}$ witness $\omega_1, \ldots, \omega_{k}$. A mutable BARG system captures the notion of computations over BARGs, where each proof string $\pi$ is treated as a mutable encoding of original witnesses. We also study strong privacy notions for mutable BARGs,...

2024/728 (PDF) Last updated: 2024-05-12
Relativized Succinct Arguments in the ROM Do Not Exist
Annalisa Barbara, Alessandro Chiesa, Ziyi Guan
Foundations

A relativized succinct argument in the random oracle model (ROM) is a succinct argument in the ROM that can prove/verify the correctness of computations that involve queries to the random oracle. We prove that relativized succinct arguments in the ROM do not exist. The impossibility holds even if the succinct argument is interactive, and even if soundness is computational (rather than statistical). This impossibility puts on a formal footing the commonly-held belief that succinct...

2024/254 (PDF) Last updated: 2024-02-16
Adaptive Security in SNARGs via iO and Lossy Functions
Brent Waters, Mark Zhandry
Foundations

We construct an adaptively sound SNARGs in the plain model with CRS relying on the assumptions of (subexponential) indistinguishability obfuscation (iO), subexponential one-way functions and a notion of lossy functions we call length parameterized lossy functions. Length parameterized lossy functions take in separate security and input length parameters and have the property that the function image size in lossy mode depends only on the security parameter. We then show a novel way of...

2024/227 (PDF) Last updated: 2024-04-01
Adaptively Sound Zero-Knowledge SNARKs for UP
Surya Mathialagan, Spencer Peters, Vinod Vaikuntanathan

We study succinct non-interactive arguments (SNARGs) and succinct non-interactive arguments of knowledge (SNARKs) for the class $\mathsf{UP}$ in the reusable designated verifier model. $\mathsf{UP}$ is an expressive subclass of $\mathsf{NP}$ consisting of all $\mathsf{NP}$ languages where each instance has at most one witness; a designated verifier SNARG (dvSNARG) is one where verification of the SNARG proof requires a private verification key; and such a dvSNARG is reusable if soundness...

2024/165 (PDF) Last updated: 2024-02-05
Adaptively-Sound Succinct Arguments for NP from Indistinguishability Obfuscation
Brent Waters, David J. Wu
Foundations

A succinct non-interactive argument (SNARG) for $\mathsf{NP}$ allows a prover to convince a verifier that an $\mathsf{NP}$ statement $x$ is true with a proof of size $o(|x| + |w|)$, where $w$ is the associated $\mathsf{NP}$ witness. A SNARG satisfies adaptive soundness if the malicious prover can choose the statement to prove after seeing the scheme parameters. In this work, we provide the first adaptively-sound SNARG for $\mathsf{NP}$ in the plain model assuming sub-exponentially-hard...

2023/1500 (PDF) Last updated: 2023-10-02
Holographic SNARGs for P and Batch-NP from (Polynomially Hard) Learning with Errors
Susumu Kiyoshima
Foundations

A succinct non-interactive argument (SNARG) is called holographic if the verifier runs in time sub-linear in the input length when given oracle access to an encoding of the input. We present holographic SNARGs for P and Batch-NP under the learning with errors (LWE) assumption. Our holographic SNARG for P has a verifier that runs in time $\mathsf{poly}(\lambda, \log T, \log n)$ for $T$-time computations and $n$-bit inputs ($\lambda$ is the security parameter), while our holographic SNARG for...

2023/1416 (PDF) Last updated: 2023-09-20
On Black-Box Knowledge-Sound Commit-And-Prove SNARKs
Helger Lipmaa
Cryptographic protocols

Gentry and Wichs proved that adaptively sound SNARGs for hard languages need non-falsifiable assumptions. Lipmaa and Pavlyk claimed Gentry-Wichs is tight by constructing a non-adaptively sound zk-SNARG FANA for NP from falsifiable assumptions. We show that FANA is flawed. We define and construct a fully algebraic $F$-position-binding vector commitment scheme VCF. We construct a concretely efficient commit-and-prove zk-SNARK Punic, a version of FANA with an additional VCF commitment to the...

2023/1050 (PDF) Last updated: 2023-07-05
SNARGs for Monotone Policy Batch NP
Zvika Brakerski, Maya Farber Brodsky, Yael Tauman Kalai, Alex Lombardi, Omer Paneth
Foundations

We construct a succinct non-interactive argument ($\mathsf{SNARG}$) for the class of monotone policy batch $\mathsf{NP}$ languages under the Learning with Errors ($\mathsf{LWE}$) assumption. This class is a subclass of $\mathsf{NP}$ that is associated with a monotone function~$f:\{0,1\}^k\rightarrow\{0,1\}$ and an $\mathsf{NP}$ language $\mathcal L$, and contains instances $(x_1,\ldots,x_k)$ such that $f(b_1,\ldots,b_k)=1$ where $b_j=1$ if and only if $x_j\in \mathcal L$. Our...

2023/695 (PDF) Last updated: 2023-08-05
Non-Interactive Zero-Knowledge from Non-Interactive Batch Arguments
Jeffrey Champion, David J. Wu
Foundations

Zero-knowledge and succinctness are two important properties that arise in the study of non-interactive arguments. Previously, Kitagawa et al. (TCC 2020) showed how to obtain a non-interactive zero-knowledge (NIZK) argument for NP from a succinct non-interactive argument (SNARG) for NP. In particular, their work demonstrates how to leverage the succinctness property from an argument system and transform it into a zero-knowledge property. In this work, we study a similar question of...

2023/343 (PDF) Last updated: 2023-03-08
A Map of Witness Maps: New Definitions and Connections
Suvradip Chakraborty, Manoj Prabhakaran, Daniel Wichs
Public-key cryptography

A \emph{witness map} deterministically maps a witness $w$ of some NP statement $x$ into computationally sound proof that $x$ is true, with respect to a public common reference string (CRS). In other words, it is a deterministic, non-interactive, computationally sound proof system in the CRS model. A \emph{unique witness map} (UWM) ensures that for any fixed statement $x$, the witness map should output the same \emph{unique} proof for $x$, no matter what witness $w$ it is applied to. More...

2022/1760 (PDF) Last updated: 2024-03-01
Fully Succinct Batch Arguments for NP from Indistinguishability Obfuscation
Rachit Garg, Kristin Sheridan, Brent Waters, David J. Wu
Cryptographic protocols

Non-interactive batch arguments for $\mathsf{NP}$ provide a way to amortize the cost of $\mathsf{NP}$ verification across multiple instances. In particular, they allow a prover to convince a verifier of multiple $\mathsf{NP}$ statements with communication that scales sublinearly in the number of instances. In this work, we study fully succinct batch arguments for $\mathsf{NP}$ in the common reference string (CRS) model where the length of the proof scales not only sublinearly in the...

2022/1508 (PDF) Last updated: 2022-11-02
Non-Interactive Publicly-Verifiable Delegation of Committed Programs
Riddhi Ghosal, Amit Sahai, Brent Waters
Cryptographic protocols

In this work, we present the first construction of a fully non-interactive publicly-verifiable delegation scheme for committed programs. More specifically, we consider a setting where Alice is a trusted author who delegates to an untrusted worker the task of hosting a program $P$, represented as a Boolean circuit. Alice also commits to a succinct value based on $P$. Any arbitrary user/verifier without knowledge of $P$ should be convinced that they are receiving from the worker an actual...

2022/1486 (PDF) Last updated: 2022-10-28
Correlation Intractability and SNARGs from Sub-exponential DDH
Arka Rai Choudhuri, Sanjam Garg, Abhishek Jain, Zhengzhong Jin, Jiaheng Zhang
Foundations

We provide the first constructions of SNARGs for Batch-NP and P based solely on the sub-exponential Decisional Diffie Hellman (DDH) assumption. Our schemes achieve poly-logarithmic proof sizes. Central to our results and of independent interest is a new construction of correlation-intractable hash functions for ``small input'' product relations verifiable in $\mathsf{TC}^0$, based on sub-exponential DDH.

2022/1409 (PDF) Last updated: 2022-10-26
SNARGs and PPAD Hardness from the Decisional Diffie-Hellman Assumption
Yael Tauman Kalai, Alex Lombardi, Vinod Vaikuntanathan
Foundations

We construct succinct non-interactive arguments (SNARGs) for bounded-depth computations assuming that the decisional Diffie-Hellman (DDH) problem is sub-exponentially hard. This is the first construction of such SNARGs from a Diffie-Hellman assumption. Our SNARG is also unambiguous: for every (true) statement $x$, it is computationally hard to find any accepting proof for $x$ other than the proof produced by the prescribed prover strategy. We obtain our result by showing how to...

2022/1365 (PDF) Last updated: 2023-06-15
Chainable Functional Commitments for Unbounded-Depth Circuits
David Balbás, Dario Catalano, Dario Fiore, Russell W. F. Lai
Foundations

A functional commitment (FC) scheme allows one to commit to a vector $\vec{x}$ and later produce a short opening proof of $(f, f(\vec{x}))$ for any admissible function $f$. Since their inception, FC schemes supporting ever more expressive classes of functions have been proposed. In this work, we introduce a novel primitive that we call chainable functional commitment (CFC), which extends the functionality of FCs by allowing one to 1) open to functions of multiple inputs $f(\vec x_1,...

2022/994 (PDF) Last updated: 2023-02-25
Faster Sounder Succinct Arguments and IOPs
Justin Holmgren, Ron Rothblum
Cryptographic protocols

Succinct arguments allow a prover to convince a verifier that a given statement is true, using an extremely short proof. A major bottleneck that has been the focus of a large body of work is in reducing the overhead incurred by the prover in order to prove correctness of the computation. By overhead we refer to the cost of proving correctness, divided by the cost of the original computation. In this work, for a large class of Boolean circuits $C=C(x,w)$, we construct succinct arguments...

2022/638 (PDF) Last updated: 2024-08-06
Impossibilities in Succinct Arguments: Black-box Extraction and More
Matteo Campanelli, Chaya Ganesh, Hamidreza Khoshakhlagh, Janno Siim
Foundations

The celebrated result by Gentry and Wichs established a theoretical barrier for succinct non-interactive arguments (SNARGs), showing that for (expressive enough) hard-on-average languages, we must assume non-falsifiable assumptions. We further investigate those barriers by showing new negative and positive results related to the proof size. 1. We start by formalizing a folklore lower bound for the proof size of black-box extractable arguments based on the hardness of the language. This...

2022/353 (PDF) Last updated: 2022-03-18
SNARGs for P from Sub-exponential DDH and QR
James Hulett, Ruta Jawale, Dakshita Khurana, Akshayaram Srinivasan
Cryptographic protocols

We obtain publicly verifiable Succinct Non-Interactive Arguments (SNARGs) for arbitrary deterministic computations and bounded space non-deterministic computation from standard group-based assumptions, without relying on pairings. In particular, assuming the sub-exponential hardness of both the Decisional Diffie-Hellman (DDH) and Quadratic Residuosity (QR) assumptions, we obtain the following results, where $n$ denotes the length of the instance: 1. A SNARG for any language that can be...

2022/178 (PDF) Last updated: 2022-11-09
Lower Bound on SNARGs in the Random Oracle Model
Iftach Haitner, Daniel Nukrai, Eylon Yogev
Foundations

Succinct non-interactive arguments (SNARGs) have become a fundamental primitive in the cryptographic community. The focus of this work is constructions of SNARGs in the Random Oracle Model (ROM). Such SNARGs enjoy post-quantum security and can be deployed using lightweight cryptography to heuristically instantiate the random oracle. A ROM-SNARG is \emph{$(t,\varepsilon)$-sound} if no $t$-query malicious prover can convince the verifier to accept a false statement with probability larger...

2021/1289 (PDF) Last updated: 2021-11-09
Verifiable Isogeny Walks: Towards an Isogeny-based Postquantum VDF
Jorge Chavez-Saab, Francisco Rodríguez Henríquez, Mehdi Tibouchi
Public-key cryptography

In this paper, we investigate the problem of constructing postquantum-secure verifiable delay functions (VDFs), particularly based on supersingular isogenies. Isogeny-based VDF constructions have been proposed before, but since verification relies on pairings, they are broken by quantum computers. We propose an entirely different approach using succinct non-interactive arguments (SNARGs), but specifically tailored to the arithmetic structure of the isogeny setting to achieve good asymptotic...

2021/1178 (PDF) Last updated: 2023-09-25
Onion Routing with Replies
Christiane Kuhn, Dennis Hofheinz, Andy Rupp, Thorsten Strufe
Cryptographic protocols

Onion routing (OR) protocols are a crucial tool for providing anonymous internet communication. An OR protocol enables a user to anonymously send requests to a server. A fundamental problem of OR protocols is how to deal with replies: ideally, we would want the server to be able to send a reply back to the anonymous user without knowing or disclosing the user's identity. Existing OR protocols do allow for such replies, but do not provably protect the payload (i.e., message) of replies...

2021/808 (PDF) Last updated: 2021-11-08
SNARGs for $\mathcal{P}$ from LWE
Arka Rai Choudhuri, Abhishek Jain, Zhengzhong Jin
Foundations

We provide the first construction of a succinct non-interactive argument (SNARG) for *all* polynomial time deterministic computations based on standard assumptions. For $T$ steps of computation, the size of the proof and the common random string (CRS) as well as the verification time are poly-logarithmic in $T$. The security of our scheme relies on the hardness of the Learning with Errors (LWE) problem against polynomial-time adversaries. Previously, SNARGs based on standard assumptions...

2021/788 (PDF) Last updated: 2021-08-19
Somewhere Statistical Soundness, Post-Quantum Security, and SNARGs
Yael Tauman Kalai, Vinod Vaikuntanathan, Rachel Yun Zhang
Foundations

The main conceptual contribution of this paper is a unification of two leading paradigms for constructing succinct argument systems, namely Kilian's protocol and the BMW (Biehl-Meyer-Wetzel) heuristic. We define the notion of a multi-extractable somewhere statistically binding (meSSB) hash family, an extension of the notion of somewhere statistically binding hash functions (Hubacek and Wichs, ITCS 2015), and construct it from LWE. We show that when instantiating Kilian's protocol with a...

2021/281 (PDF) Last updated: 2021-03-07
Subquadratic SNARGs in the Random Oracle Model
Alessandro Chiesa, Eylon Yogev
Foundations

In a seminal work, Micali (FOCS 1994) gave the first succinct non-interactive argument (SNARG) in the random oracle model (ROM). The construction combines a PCP and a cryptographic commitment, and has several attractive features: it is plausibly post-quantum; it can be heuristically instantiated via lightweight cryptography; and it has a transparent (public-coin) parameter setup. However, it also has a significant drawback: a large argument size. In this work, we provide a new construction...

2021/188 (PDF) Last updated: 2021-08-29
Tight Security Bounds for Micali’s SNARGs
Alessandro Chiesa, Eylon Yogev
Foundations

Succinct non-interactive arguments (SNARGs) in the random oracle model (ROM) have several attractive features: they are plausibly post-quantum; they can be heuristically instantiated via lightweight cryptography; and they have a transparent (public-coin) parameter setup. The canonical construction of a SNARG in the ROM is due to Micali (FOCS 1994), who showed how to use a random oracle to compile any probabilistically checkable proof (PCP) with sufficiently-small soundness error into a...

2020/1319 (PDF) Last updated: 2021-02-04
On Succinct Arguments and Witness Encryption from Groups
Ohad Barta, Yuval Ishai, Rafail Ostrovsky, David J. Wu
Foundations

Succinct non-interactive arguments (SNARGs) enable proofs of NP statements with very low communication. Recently, there has been significant work in both theory and practice on constructing SNARGs with very short proofs. Currently, the state-of-the-art in succinctness is due to Groth (Eurocrypt 2016) who constructed a SNARG from bilinear maps where the proof consists of just 3 group elements. In this work, we first construct a concretely-efficient designated-verifier (preprocessing) SNARG...

2020/980 (PDF) Last updated: 2020-08-19
SNARGs for Bounded Depth Computations and PPAD Hardness from Sub-Exponential LWE
Ruta Jawale, Yael Tauman Kalai, Dakshita Khurana, Rachel Zhang
Cryptographic protocols

We construct a succinct non-interactive publicly-verifiable delegation scheme for any log-space uniform circuit under the sub-exponential Learning With Errors ($\mathsf{LWE}$) assumption. For a circuit $C:\{0,1\}^N\rightarrow\{0,1\}$ of size $S$ and depth $D$, the prover runs in time $\mathsf{poly}(S)$, the communication complexity is $D \cdot \mathsf{polylog} (S)$, and the verifier runs in time $(D+N) \cdot \mathsf{polylog} (S)$. To obtain this result, we introduce a new cryptographic...

2020/860 (PDF) Last updated: 2020-07-12
SNARGs for Bounded Depth Computations from Sub-Exponential LWE
Yael Tauman Kalai, Rachel Zhang
Cryptographic protocols

We construct a succinct non-interactive publicly-verifiable delegation scheme for any log-space uniform circuit under the sub-exponential $\mathsf{LWE}$ assumption, a standard assumption that is believed to be post-quantum secure. For a circuit of size $S$ and depth $D$, the prover runs in time poly$(S)$, and the verifier runs in time $(D + n) \cdot S^{o(1)}$, where $n$ is the input size. We obtain this result by slightly modifying the $\mathsf{GKR}$ protocol and proving that the...

2020/649 (PDF) Last updated: 2022-03-02
NIZK from SNARG
Fuyuki Kitagawa, Takahiro Matsuda, Takashi Yamakawa
Foundations

We give a construction of a non-interactive zero-knowledge (NIZK) argument for all NP languages based on a succinct non-interactive argument (SNARG) for all NP languages and a one-way function. The succinctness requirement for the SNARG is rather mild: We only require that the proof size be $|\pi|=\mathsf{poly}(\lambda)(|x|+|w|)^\delta$ for some constant $\delta<1$, where $|x|$ is the statement length, $|w|$ is the witness length, and $\lambda$ is the security parameter. Especially, we do...

2020/130 (PDF) Last updated: 2023-10-20
Breaking the $O(\sqrt n)$-Bit Barrier: Byzantine Agreement with Polylog Bits Per Party
Elette Boyle, Ran Cohen, Aarushi Goel
Cryptographic protocols

Byzantine agreement (BA), the task of $n$ parties to agree on one of their input bits in the face of malicious agents, is a powerful primitive that lies at the core of a vast range of distributed protocols. Interestingly, in protocols with the best overall communication, the demands of the parties are highly unbalanced: the amortized cost is $\tilde O(1)$ bits per party, but some parties must send $\Omega(n)$ bits. In best known balanced protocols, the overall communication is sub-optimal,...

2019/1251 (PDF) Last updated: 2019-10-28
Lattice-based Zero-knowledge SNARGs for Arithmetic Circuits
Anca Nitulescu
Cryptographic protocols

Succinct non-interactive arguments (SNARGs) enable verifying NP computations with substantially lower complexity than that required for classical NP verification. In this work, we construct a zero-knowledge SNARG candidate that relies only on lattice-based assumptions which are claimed to hold even in the presence of quantum computers. Central to this new construction is the notion of linear-targeted malleability introduced by Bitansky et al. (TCC 2013) and the conjecture that variants of...

2019/997 (PDF) Last updated: 2019-09-05
On the (In)security of Kilian-Based SNARGs
James Bartusek, Liron Bronfman, Justin Holmgren, Fermi Ma, Ron Rothblum
Foundations

The Fiat-Shamir transform is an incredibly powerful technique that uses a suitable hash function to reduce the interaction of general public-coin protocols. Unfortunately, there are known counterexamples showing that this methodology may not be sound (no matter what concrete hash function is used). Still, these counterexamples are somewhat unsatisfying, as the underlying protocols were specifically tailored to make Fiat-Shamir fail. This raises the question of whether this transform is...

2019/834 (PDF) Last updated: 2020-01-14
Succinct Arguments in the Quantum Random Oracle Model
Alessandro Chiesa, Peter Manohar, Nicholas Spooner
Foundations

Succinct non-interactive arguments (SNARGs) are highly efficient certificates of membership in non-deterministic languages. Constructions of SNARGs in the random oracle model are widely believed to be post-quantum secure, provided the oracle is instantiated with a suitable post-quantum hash function. No formal evidence, however, supports this belief. In this work we provide the first such evidence by proving that the SNARG construction of Micali is unconditionally secure in the *quantum*...

2018/133 (PDF) Last updated: 2018-02-07
Quasi-Optimal SNARGs via Linear Multi-Prover Interactive Proofs
Dan Boneh, Yuval Ishai, Amit Sahai, David J. Wu

Succinct non-interactive arguments (SNARGs) enable verifying NP computations with significantly less complexity than that required for classical NP verification. In this work, we focus on simultaneously minimizing the proof size and the prover complexity of SNARGs. Concretely, for a security parameter $\lambda$, we measure the asymptotic cost of achieving soundness error $2^{-\lambda}$ against provers of size $2^\lambda$. We say a SNARG is quasi-optimally succinct if its proof length is...

2017/240 (PDF) Last updated: 2017-03-18
Lattice-Based SNARGs and Their Application to More Efficient Obfuscation
Dan Boneh, Yuval Ishai, Amit Sahai, David J. Wu

Succinct non-interactive arguments (SNARGs) enable verifying NP computations with substantially lower complexity than that required for classical NP verification. In this work, we first construct a lattice-based SNARG candidate with quasi-optimal succinctness (where the argument size is quasilinear in the security parameter). Further extension of our methods yields the first SNARG (from any assumption) that is quasi-optimal in terms of both prover overhead (polylogarithmic in the security...

2016/260 (PDF) Last updated: 2016-05-31
On the Size of Pairing-based Non-interactive Arguments
Jens Groth

Non-interactive arguments enable a prover to convince a verifier that a statement is true. Recently there has been a lot of progress both in theory and practice on constructing highly efficient non-interactive arguments with small size and low verification complexity, so-called succinct non-interactive arguments (SNARGs) and succinct non-interactive arguments of knowledge (SNARKs). Many constructions of SNARGs rely on pairing-based cryptography. In these constructions a proof consists of a...

2015/437 (PDF) Last updated: 2015-05-07
A Note on the Unsoundness of vnTinyRAM's SNARK
Bryan Parno
Cryptographic protocols

Gennaro, Gentry, Parno, and Raykova (GGPR) introduced Quadratic Arithmetic Programs (QAPs) as a way of representing arithmetic circuits in a form amendable to highly efficient cryptographic protocols (EUROCRYPT 2013), particularly for verifiable computation and succinct non-interactive arguments. Subsequently, Parno, Gentry, Howell, and Raykova introduced an improved cryptographic protocol (and implementation), which they dubbed Pinocchio (IEEE S&P 2013). Ben-Sasson et al. then introduced...

2014/766 (PDF) Last updated: 2014-09-30
Succinct Garbling Schemes and Applications
Huijia Lin, Rafael Pass

Assuming the existence of iO for P/poly and one-way functions, we show how to succinctly garble bounded-space computations (BSC) M: the size of the garbled program (as well as the time needed to generate the garbling) only depends on the size and space (including the input and output) complexity of M, but not its running time. The key conceptual insight behind this construction is a method for using iO to "compress" a computation that can be performed piecemeal, without revealing anything...

2013/703 (PDF) Last updated: 2015-08-24
Limits of Extractability Assumptions with Distributional Auxiliary Input
Elette Boyle, Rafael Pass

Extractability, or “knowledge,” assumptions have recently gained popularity in the crypto- graphic community, leading to the study of primitives such as extractable one-way functions, extractable hash functions, succinct non-interactive arguments of knowledge (SNARKs), and (public-coin) differing-inputs obfuscation ((PC-)diO), and spurring the development of a wide spectrum of new applications relying on these primitives. For most of these applications, it is required that the extractability...

2013/437 (PDF) Last updated: 2013-07-17
A Uniform Min-Max Theorem with Applications in Cryptography
Salil Vadhan, Colin Jia Zheng
Foundations

We present a new, more constructive proof of von Neumann's Min-Max Theorem for two-player zero-sum game --- specifically, an algorithm that builds a near-optimal mixed strategy for the second player from several best-responses of the second player to mixed strategies of the first player. The algorithm extends previous work of Freund and Schapire (Games and Economic Behavior '99) with the advantage that the algorithm runs in poly(n) time even when a pure strategy for the first player is a...

2012/718 (PDF) Last updated: 2013-09-15
Succinct Non-Interactive Arguments via Linear Interactive Proofs
Nir Bitansky, Alessandro Chiesa, Yuval Ishai, Rafail Ostrovsky, Omer Paneth
Foundations

\emph{Succinct non-interactive arguments} (SNARGs) enable verifying NP statements with lower complexity than required for classical NP verification. Traditionally, the focus has been on minimizing the length of such arguments; nowadays researches have focused also on minimizing verification time, by drawing motivation from the problem of delegating computation. A common relaxation is a \emph{preprocessing} SNARG, which allows the verifier to conduct an expensive offline phase that is...

2012/506 (PDF) Last updated: 2013-03-03
Succinct Malleable NIZKs and an Application to Compact Shuffles
Melissa Chase, Markulf Kohlweiss, Anna Lysyanskaya, Sarah Meiklejohn
Foundations

Depending on the application, malleability in cryptography can be viewed as either a flaw or — especially if sufficiently understood and restricted — a feature. In this vein, Chase, Kohlweiss, Lysyanskaya, and Meiklejohn recently defined malleable zero-knowledge proofs, and showed how to control the set of allowable transformations on proofs. As an application, they construct the first compact verifiable shuffle, in which one such controlled-malleable proof suffices to prove the correctness...

2012/215 (PDF) Last updated: 2012-06-18
Quadratic Span Programs and Succinct NIZKs without PCPs
Rosario Gennaro, Craig Gentry, Bryan Parno, Mariana Raykova
Foundations

We introduce a new characterization of the NP complexity class, called Quadratic Span Programs (QSPs), which is a natural extension of span programs defined by Karchmer and Wigderson. Our main motivation is the construction of succinct arguments of NP-statements that are quick to construct and verify. QSPs seem well-suited for this task, perhaps even better than Probabilistically Checkable Proofs (PCPs). In 2010, Groth constructed a NIZK argument in the common reference string (CRS) model...

2012/095 (PDF) Last updated: 2012-12-28
Recursive Composition and Bootstrapping for SNARKs and Proof-Carrying Data
Nir Bitansky, Ran Canetti, Alessandro Chiesa, Eran Tromer

\emph{Succinct non-interactive arguments} (SNARGs) enable verifying NP statements with much lower complexity than required for classical NP verification (in fact, with complexity that is \emph{independent} of the NP language at hand). In particular, SNARGs provide strong solutions to the problem of verifiably delegating computation. Despite recent progress in the understanding and construction of SNARGs, there remain unattained goals. First, \emph{publicly-verifiable SNARGs} are only known...

2010/610 (PDF) Last updated: 2013-06-06
Separating Succinct Non-Interactive Arguments From All Falsifiable Assumptions
Craig Gentry, Daniel Wichs
Foundations

In this paper, we study succinct computationally sound proofs (arguments) for NP, whose communication complexity is polylogarithmic the instance and witness sizes. The seminal works of Kilian '92 and Micali '94 show that such arguments can be constructed under standard cryptographic hardness assumptions with four rounds of interaction, and that they be made non-interactive in the random-oracle model. The latter construction also gives us some evidence that succinct non interactive arguments...

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.