# Square Span Programs with Applications to Succinct NIZK Arguments

@inproceedings{Danezis2014SquareSP, title={Square Span Programs with Applications to Succinct NIZK Arguments}, author={George Danezis and C{\'e}dric Fournet and Jens Groth and Markulf Kohlweiss}, booktitle={ASIACRYPT}, year={2014} }

We propose a new characterization of NP using square span programs (SSPs). We first characterize NP as affine map constraints on small vectors. We then relate this characterization to SSPs, which are similar but simpler than Quadratic Span Programs (QSPs) and Quadratic Arithmetic Programs (QAPs) since they use a single series of polynomials rather than 2 or 3.

## 103 Citations

Lattice-Based Zero-Knowledge SNARGs for Arithmetic Circuits

- Computer Science, MathematicsLATINCRYPT
- 2019

This work constructs a zero-knowledge SNARG candidate that relies only on lattice-based assumptions which are claimed to hold even in the presence of quantum computers.

Marlin: Preprocessing zkSNARKs with Universal and Updatable SRS

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2019

A methodology to construct preprocessing zkSNARKs where the structured reference string (SRS) is universal and updatable and fast verification is achieved provided the statement being checked is given in encoded form.

Proposal: Rinocchio: SNARKs for Ring Arithmetic

- Computer Science, Mathematics
- 2021

This work constructs the first designated-verifier SNARK for statements which are represented as circuits over a broader kind of commutative rings, namely those containing big enough exceptional sets, and introduces Quadratic Ring Programs (QRPs) as a characterization of NP where the arithmetic is over a ring.

Subvector Commitments with Application to Succinct Arguments

- Mathematics, Computer ScienceCRYPTO
- 2019

We put forward the notion of subvector commitments (SVC): An SVC allows one to open a committed vector at a set of positions, where the opening size is independent of length of the committed vector…

Subvector Commitments with Application to Succinct Arguments ( Full Version )

- Mathematics, Computer Science
- 2019

A compiler that turns any (linear, resp.) PCP into a non-interactive argument, using exclusively SVCs (LMCs, resp.), is proposed.

Rinocchio: SNARKs for Ring Arithmetic

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2021

This work constructs the first designated-verifier SNARK for statements which are represented as circuits over a broader kind of commutative rings, namely those containing big enough exceptional sets, and introduces Quadratic Ring Programs as a characterization of NP where the arithmetic is over a ring.

On Succinct Arguments and Witness Encryption from Groups

- Mathematics, Computer ScienceCRYPTO
- 2020

The state-of-the-art in succinctness is due to Groth (Eurocrypt 2016) who constructed a SNARG from bilinear maps where the proof consists of just 3 group elements.

Shorter Quadratic QA-NIZK Proofs

- Mathematics, Computer ScienceIACR Cryptol. ePrint Arch.
- 2019

This work addresses the problem of aggregating NIZK proofs using techniques derived from the interactive setting and recent constructions of SNARKs and reduces the proof size and the common reference string from quadratic to linear, at the price of using less standard computational assumptions.

On the efficiency of pairing-based proofs under the d-PKE

- Mathematics, Computer ScienceIACR Cryptol. ePrint Arch.
- 2019

We investigate the minimal number of group elements and prover running time in a zkSNARK when using only a symmetric “linear” knowledge assumption, like the d-Power Knowledge of Exponent assumption,…

An Efficient Pairing-Based Shuffle Argument

- MathematicsASIACRYPT
- 2017

We construct the most efficient known pairing-based NIZK shuffle argument. It consists of three subarguments that were carefully chosen to obtain optimal efficiency of the shuffle argument:
1.
…

## References

SHOWING 1-10 OF 25 REFERENCES

Quadratic Span Programs and Succinct NIZKs without PCPs

- MathematicsIACR Cryptol. ePrint Arch.
- 2012

We introduce a new characterization of the NP complexity class, called Quadratic Span Programs (QSPs), which is a natural extension of span programs defined by Karchmer and Wigderson. Our main…

Succinct Non-Interactive Zero Knowledge Arguments from Span Programs and Linear Error-Correcting Codes

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2013

A new linear PCP is proposed for the Circuit-SAT, based on a combination of standard span programs that verify the correctness of every individual gate and high-distance linear error-correcting codes that check the consistency of wire assignments.

On span programs

- Computer Science, Mathematics[1993] Proceedings of the Eigth Annual Structure in Complexity Theory Conference
- 1993

A linear algebraic model of computation the span program, a variant of Razborov's general approximation method, is introduced, and several upper and lower bounds on it are proved.

Universal circuits (Preliminary Report)

- Computer Science, MathematicsSTOC '76
- 1976

We show that there is a combinational (acyclic) Boolean circuit of complexity 0(slog s), that can be made to compute any Boolean function of complexity s by setting its specially designated set of…

Indistinguishability Obfuscation vs. Auxiliary-Input Extractable Functions: One Must Fall

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2013

If there exist indistinguishability obfuscators for all circuits then there do not exist auxiliary-input extractable one-way functions, and the knowledge of exponent assumption with respect to adversaries with auxiliary input is false.

Pinocchio coin: building zerocoin from a succinct pairing-based proof system

- Mathematics, Computer SciencePETShop '13
- 2013

This work shows a variant of the Zerocoin protocol using instead elliptic curves and bilinear pairings, which makes use of modern techniques based on quadratic arithmetic programs resulting in smaller proofs and quicker verification.

Perfect NIZK with Adaptive Soundness

- Mathematics, Computer ScienceTCC
- 2007

This paper presents a very simple and efficient adaptively-sound perfect NIZK argument system for any NP-language, based on a strong non-standard assumption, an extended version of the so-called Knowledge-of-Exponent Assumption (KEA) over bilinear groups.

On the (Im)possibility of Obfuscating Programs

- Computer Science, MathematicsCRYPTO
- 2001

It is proved that obfuscation is impossible, by constructing a family of functions F that are inherently unobfuscatable in the following sense: there is a property π : F → {0, 1} such that given any program that computes a function f ∈ F, the value π(f) can be efficiently computed.

New Techniques for Noninteractive Zero-Knowledge

- Computer Science, MathematicsJACM
- 2012

A non-interactive zap for all NP is constructed, which is the first that is based on a standard cryptographic security assumption and allows for dramatic reduction in the length of the common reference string and the size of the proofs.

Short Pairing-Based Non-interactive Zero-Knowledge Arguments

- Mathematics, Computer ScienceASIACRYPT
- 2010

This work constructs non-interactive zero-knowledge arguments for circuit satisfiability with perfect completeness, perfect zero- knowledge and computational soundness and security is based on two new cryptographic assumptions.