Article

Impossibilities in Succinct Arguments: Black-Box Extraction and More

Authors:

Matteo Campanelli,

Hamidreza Khoshakhlagh, and

Janno SiimAuthors Info & Claims

Progress in Cryptology - AFRICACRYPT 2023: 14th International Conference on Cryptology in Africa, Sousse, Tunisia, July 19–21, 2023, Proceedings

July 2023

Pages 465 - 489

https://doi.org/10.1007/978-3-031-37679-5_20

Published: 19 July 2023 Publication History

Abstract

The celebrated result by Gentry and Wichs established a theoretical barrier for succinct non-interactive arguments (SNARGs), showing that for (expressive enough) hard-on-average languages, we must assume non-falsifiable assumptions. We further investigate those barriers by showing new negative and positive results related to the proof size.

1.

We start by formalizing a folklore lower bound for the proof size of black-box extractable arguments based on the hardness of the language. This separates knowledge-sound SNARGs (SNARKs) in the random oracle model (that can have black-box extraction) and those in the standard model.

2.

We find a positive result in the non-adaptive setting. Under the existence of non-adaptively sound SNARGs (without extractability) and from standard assumptions, it is possible to build SNARKs with black-box extractability for a non-trivial subset of

NP

.

3.

On the other hand, we show that (under some mild assumptions) all

NP

languages cannot have SNARKs with black-box extractability even in the non-adaptive setting.

4.

The Gentry-Wichs result does not account for the preprocessing model, under which fall several efficient constructions. We show that also, in the preprocessing model, it is impossible to construct SNARGs that rely on falsifiable assumptions in a black-box way.

Along the way, we identify a class of non-trivial languages, which we dub “trapdoor languages”, that can bypass these impossibility results.

References

[1]

Agrawal S, Dodis Y, Vaikuntanathan V, and Wichs D Sako K and Sarkar P On continual leakage of discrete log representations Advances in Cryptology - ASIACRYPT 2013 2013 Heidelberg Springer 401-420

[2]

Allender EW Selman AL The complexity of sparse sets in P Structure in Complexity Theory 1986 Heidelberg Springer 1-11

[3]

Alwen J, Dodis Y, and Wichs D Halevi S Leakage-resilient public-key cryptography in the bounded-retrieval model Advances in Cryptology - CRYPTO 2009 2009 Heidelberg Springer 36-54

[4]

Badrinarayanan, S., Kalai, Y.T., Khurana, D., Sahai, A., Wichs, D.: Succinct delegation for low-space non-deterministic computation. In: 50th ACM STOC. ACM Press (2018)

[5]

Baghery K, Kohlweiss M, Siim J, and Volkhov M Borisov N and Diaz C Another look at extraction and randomization of Groth’s zk-SNARK Financial Cryptography and Data Security 2021 Heidelberg Springer 457-475

[6]

Baghery K and Sedaghat M Conti M, Stevens M, and Krenn S Tiramisu: Black-box simulation extractable NIZKs in the updatable CRS model Cryptology and Network Security 2021 Cham Springer 531-551

[7]

Ben-Sasson, E., et al.: Zerocash: decentralized anonymous payments from bitcoin. In: 2014 IEEE Symposium on Security and Privacy. IEEE Computer Society Press (2014)

[8]

Ben-Sasson E, Chiesa A, Genkin D, Tromer E, and Virza M Canetti R and Garay JA SNARKs for C: verifying program executions succinctly and in zero knowledge Advances in Cryptology – CRYPTO 2013 2013 Heidelberg Springer 90-108

[9]

Ben-Sasson, E., Chiesa, A., Tromer, E., Virza, M.: Succinct non-interactive zero knowledge for a von neumann architecture. In: USENIX Security 2014. USENIX Association (2014)

[10]

Bitansky, N., Canetti, R., Chiesa, A., Tromer, E.: Recursive composition and bootstrapping for SNARKS and proof-carrying data. In: 45th ACM STOC. ACM Press (2013)

[11]

Brassard G, Chaum D, and Crépeau C Minimum disclosure proofs of knowledge J. Comput. Syst. Sci. 1988 37 2 156-189

[12]

Bünz, B., Bootle, J., Boneh, D., Poelstra, A., Wuille, P., Maxwell, G.: Bulletproofs: short proofs for confidential transactions and more. In: 2018 IEEE Symposium on Security and Privacy. IEEE Computer Society Press (2018)

[13]

Campanelli, M., Faonio, A., Fiore, D., Querol, A., Rodríguez, H.: Lunar: a toolbox for more efficient universal and updatable zkSNARKs and commit-and-prove extensions. Cryptology ePrint Archive, Report 2020/1069 (2020)

[14]

Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: 42nd FOCS. IEEE Computer Society Press (2001)

[15]

Chase M, Kohlweiss M, Lysyanskaya A, and Meiklejohn S Sahai A Succinct malleable NIZKs and an application to compact shuffles Theory of Cryptography 2013 Heidelberg Springer 100-119

[16]

Chiesa A, Hu Y, Maller M, Mishra P, Vesely N, and Ward N Canteaut A and Ishai Y Marlin: preprocessing zkSNARKs with universal and updatable SRS Advances in Cryptology – EUROCRYPT 2020 2020 Cham Springer 738-768

[17]

Chor, B., Goldreich, O., Kushilevitz, E., Sudan, M.: Private information retrieval. In: 36th FOCS. IEEE Computer Society Press (1995)

[18]

Couteau G and Hartmann D Micciancio D and Ristenpart T Shorter non-interactive zero-knowledge arguments and ZAPs for algebraic languages Advances in Cryptology – CRYPTO 2020 2020 Cham Springer 768-798

[19]

Damgård I Feigenbaum J Towards practical public key systems secure against chosen ciphertext attacks Advances in Cryptology — CRYPTO 1991 1992 Heidelberg Springer 445-456

[20]

Fiat A and Shamir A Odlyzko AM How to prove yourself: practical solutions to identification and signature problems Advances in Cryptology — CRYPTO 1986 1987 Heidelberg Springer 186-194

[21]

Fortnow, L.: The complexity of perfect zero-knowledge (extended abstract). In: 19th ACM STOC. ACM Press (1987)

[22]

Gabizon, A., Williamson, Z.J., Ciobotaru, O.: PLONK: permutations over lagrange-bases for oecumenical noninteractive arguments of knowledge. Cryptology ePrint Archive, Report 2019/953 (2019)

[23]

Gennaro R, Gentry C, Parno B, and Raykova M Johansson T and Nguyen PQ Quadratic span programs and succinct NIZKs without PCPs Advances in Cryptology – EUROCRYPT 2013 2013 Heidelberg Springer 626-645

[24]

Gentry, C., Wichs, D.: Separating succinct non-interactive arguments from all falsifiable assumptions. In: 43rd ACM STOC. ACM Press (2011)

[25]

Goldreich O and Håstad J On the complexity of interactive proofs with bounded communication Inf. Process. Lett. 1998 67 4 205-214

[26]

Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity and a methodology of cryptographic protocol design (extended abstract). In: 27th FOCS. IEEE Computer Society Press (1986)

[27]

Groth J Abe M Short pairing-based non-interactive zero-knowledge arguments Advances in Cryptology - ASIACRYPT 2010 2010 Heidelberg Springer 321-340

[28]

Groth J Fischlin M and Coron J-S On the size of pairing-based non-interactive arguments Advances in Cryptology – EUROCRYPT 2016 2016 Heidelberg Springer 305-326

[29]

Hada S and Tanaka T Krawczyk H On the existence of 3-round zero-knowledge protocols Advances in Cryptology — CRYPTO 1998 1998 Heidelberg Springer 408-423

[30]

HÅstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999).

[31]

Jain, A., Lin, H., Sahai, A.: Indistinguishability obfuscation from well-founded assumptions. In: Proceedings of the 53rd Annual ACM SIGACT Symposium on Theory of Computing, pp. 60–73. STOC 2021, Association for Computing Machinery, New York (2021).

[32]

Jutla CS and Roy A Sako K and Sarkar P Shorter quasi-adaptive NIZK proofs for linear subspaces Advances in Cryptology - ASIACRYPT 2013 2013 Heidelberg Springer 1-20

[33]

Kerber T, Kiayias A, and Kohlweiss M Malkin T and Peikert C Composition with knowledge assumptions Advances in Cryptology – CRYPTO 2021 2021 Cham Springer 364-393

[34]

Kilian, J.: A note on efficient zero-knowledge proofs and arguments. In: Proceedings of the Twenty-Fourth Annual ACM Symposium on Theory of Computing, pp. 723–732 (1992)

[35]

Kiltz E and Wee H Oswald E and Fischlin M Quasi-adaptive NIZK for linear subspaces revisited Advances in Cryptology - EUROCRYPT 2015 2015 Heidelberg Springer 101-128

[36]

Kosba, A., et al.: C

\emptyset

C

\emptyset

: a framework for building composable zero-knowledge proofs. Cryptology ePrint Archive, Report 2015/1093 (2015)

[37]

Libert B, Peters T, Joye M, and Yung M Nguyen PQ and Oswald E Non-malleability from Malleability: simulation-sound quasi-adaptive NIZK proofs and CCA2-secure encryption from homomorphic signatures Advances in Cryptology – EUROCRYPT 2014 2014 Heidelberg Springer 514-532

[38]

Lipmaa H Cramer R Progression-free sets and sublinear pairing-based non-interactive zero-knowledge arguments Theory of Cryptography 2012 Heidelberg Springer 169-189

[39]

Lipmaa H and Pavlyk K Tibouchi M and Wang H Gentry-Wichs is tight: a falsifiable non-adaptively sound SNARG Advances in Cryptology – ASIACRYPT 2021 2021 Cham Springer 34-64

[40]

Micali, S.: CS proofs. In: Proceedings 35th Annual Symposium on Foundations of Computer Science, pp. 436–453. IEEE (1994)

[41]

Naor M Boneh D On cryptographic assumptions and challenges Advances in Cryptology - CRYPTO 2003 2003 Heidelberg Springer 96-109

[42]

Parno, B., Howell, J., Gentry, C., Raykova, M.: Pinocchio: nearly practical verifiable computation. In: 2013 IEEE Symposium on Security and Privacy. IEEE Computer Society Press (2013)

[43]

Pass R Sahai A Unprovable security of perfect NIZK and non-interactive non-malleable commitments Theory of Cryptography 2013 Heidelberg Springer 334-354

[44]

Ràfols C and Zapico A Malkin T and Peikert C An algebraic framework for universal and updatable SNARKs Advances in Cryptology – CRYPTO 2021 2021 Cham Springer 774-804

[45]

Sahai, A., Waters, B.: How to use indistinguishability obfuscation: deniable encryption, and more. In: 46th ACM STOC. ACM Press (2014)

[46]

Waters, B., Wu, D.J.: Batch arguments for np and more from standard bilinear group assumptions. Cryptology ePrint Archive, Paper 2022/336 (2022)

[47]

Wee H Caires L, Italiano GF, Monteiro L, Palamidessi C, and Yung M On round-efficient argument systems Automata, Languages and Programming 2005 Heidelberg Springer 140-152

Cited By

Lipmaa HParisella RSiim J(2024)Constant-Size zk-SNARKs in ROM from Falsifiable AssumptionsAdvances in Cryptology – EUROCRYPT 202410.1007/978-3-031-58751-1_2(34-64)Online publication date: 26-May-2024
https://dl.acm.org/doi/10.1007/978-3-031-58751-1_2
Lipmaa H(2023)On Black-Box Knowledge-Sound Commit-And-Prove SNARKsAdvances in Cryptology – ASIACRYPT 202310.1007/978-981-99-8724-5_2(41-76)Online publication date: 4-Dec-2023
https://dl.acm.org/doi/10.1007/978-981-99-8724-5_2

Recommendations

Impossibility results on weakly black-box hardness amplification
FCT'07: Proceedings of the 16th international conference on Fundamentals of Computation Theory

We study the task of hardness amplification which transforms a hard function into a harder one. It is known that in a high complexity class such as exponential time, one can convert worst-case hardness into average-case hardness. However, in a lower ...
Read More
Adaptively-Sound Succinct Arguments for NP from Indistinguishability Obfuscation
STOC 2024: Proceedings of the 56th Annual ACM Symposium on Theory of Computing

A succinct non-interactive argument (SNARG) for NP allows a prover to convince a verifier that an NP statement x is true with a proof of size o(|x| + |w|), where w is the associated NP witness. A SNARG satisfies adaptive soundness if the malicious prover ...
Read More
Black-box limitations in cryptography
Read More

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

Progress in Cryptology - AFRICACRYPT 2023: 14th International Conference on Cryptology in Africa, Sousse, Tunisia, July 19–21, 2023, Proceedings

Jul 2023

517 pages

ISBN:978-3-031-37678-8

DOI:10.1007/978-3-031-37679-5

Editors:
Nadia El Mrabet
EMSE, Saint-Étienne, France
,
Luca De Feo
IBM Research Europe, Rüschlikon, Switzerland
,
Sylvain Duquesne
Université de Rennes 1, Rennes Cedex, France

© The Author(s), under exclusive license to Springer Nature Switzerland AG 2023.

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 19 July 2023

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Other Metrics

View Author Metrics

Citations

Cited By

Lipmaa HParisella RSiim J(2024)Constant-Size zk-SNARKs in ROM from Falsifiable AssumptionsAdvances in Cryptology – EUROCRYPT 202410.1007/978-3-031-58751-1_2(34-64)Online publication date: 26-May-2024
https://dl.acm.org/doi/10.1007/978-3-031-58751-1_2
Lipmaa H(2023)On Black-Box Knowledge-Sound Commit-And-Prove SNARKsAdvances in Cryptology – ASIACRYPT 202310.1007/978-981-99-8724-5_2(41-76)Online publication date: 4-Dec-2023
https://dl.acm.org/doi/10.1007/978-981-99-8724-5_2

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents