Square Span Programs with Applications to Succinct NIZK Arguments

@inproceedings{Danezis2014SquareSP,
  title={Square Span Programs with Applications to Succinct NIZK Arguments},
  author={George Danezis and C{\'e}dric Fournet and Jens Groth and Markulf Kohlweiss},
  booktitle={ASIACRYPT},
  year={2014}
}
We propose a new characterization of NP using square span programs (SSPs). We first characterize NP as affine map constraints on small vectors. We then relate this characterization to SSPs, which are similar but simpler than Quadratic Span Programs (QSPs) and Quadratic Arithmetic Programs (QAPs) since they use a single series of polynomials rather than 2 or 3. 

Tables from this paper

Lattice-Based Zero-Knowledge SNARGs for Arithmetic Circuits
TLDR
This work constructs a zero-knowledge SNARG candidate that relies only on lattice-based assumptions which are claimed to hold even in the presence of quantum computers.
Marlin: Preprocessing zkSNARKs with Universal and Updatable SRS
TLDR
A methodology to construct preprocessing zkSNARKs where the structured reference string (SRS) is universal and updatable and fast verification is achieved provided the statement being checked is given in encoded form.
Proposal: Rinocchio: SNARKs for Ring Arithmetic
  • Computer Science, Mathematics
  • 2021
TLDR
This work constructs the first designated-verifier SNARK for statements which are represented as circuits over a broader kind of commutative rings, namely those containing big enough exceptional sets, and introduces Quadratic Ring Programs (QRPs) as a characterization of NP where the arithmetic is over a ring.
Subvector Commitments with Application to Succinct Arguments
We put forward the notion of subvector commitments (SVC): An SVC allows one to open a committed vector at a set of positions, where the opening size is independent of length of the committed vector
Subvector Commitments with Application to Succinct Arguments ( Full Version )
TLDR
A compiler that turns any (linear, resp.) PCP into a non-interactive argument, using exclusively SVCs (LMCs, resp.), is proposed.
Rinocchio: SNARKs for Ring Arithmetic
TLDR
This work constructs the first designated-verifier SNARK for statements which are represented as circuits over a broader kind of commutative rings, namely those containing big enough exceptional sets, and introduces Quadratic Ring Programs as a characterization of NP where the arithmetic is over a ring.
On Succinct Arguments and Witness Encryption from Groups
TLDR
The state-of-the-art in succinctness is due to Groth (Eurocrypt 2016) who constructed a SNARG from bilinear maps where the proof consists of just 3 group elements.
Shorter Quadratic QA-NIZK Proofs
TLDR
This work addresses the problem of aggregating NIZK proofs using techniques derived from the interactive setting and recent constructions of SNARKs and reduces the proof size and the common reference string from quadratic to linear, at the price of using less standard computational assumptions.
On the efficiency of pairing-based proofs under the d-PKE
  • Ariel Gabizon
  • Mathematics, Computer Science
    IACR Cryptol. ePrint Arch.
  • 2019
We investigate the minimal number of group elements and prover running time in a zkSNARK when using only a symmetric “linear” knowledge assumption, like the d-Power Knowledge of Exponent assumption,
An Efficient Pairing-Based Shuffle Argument
We construct the most efficient known pairing-based NIZK shuffle argument. It consists of three subarguments that were carefully chosen to obtain optimal efficiency of the shuffle argument: 1.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 25 REFERENCES
Quadratic Span Programs and Succinct NIZKs without PCPs
We introduce a new characterization of the NP complexity class, called Quadratic Span Programs (QSPs), which is a natural extension of span programs defined by Karchmer and Wigderson. Our main
Succinct Non-Interactive Zero Knowledge Arguments from Span Programs and Linear Error-Correcting Codes
  • H. Lipmaa
  • Computer Science
    IACR Cryptol. ePrint Arch.
  • 2013
TLDR
A new linear PCP is proposed for the Circuit-SAT, based on a combination of standard span programs that verify the correctness of every individual gate and high-distance linear error-correcting codes that check the consistency of wire assignments.
On span programs
  • Mauricio Karchmer, A. Wigderson
  • Computer Science, Mathematics
    [1993] Proceedings of the Eigth Annual Structure in Complexity Theory Conference
  • 1993
TLDR
A linear algebraic model of computation the span program, a variant of Razborov's general approximation method, is introduced, and several upper and lower bounds on it are proved.
Universal circuits (Preliminary Report)
  • L. Valiant
  • Computer Science, Mathematics
    STOC '76
  • 1976
We show that there is a combinational (acyclic) Boolean circuit of complexity 0(slog s), that can be made to compute any Boolean function of complexity s by setting its specially designated set of
Indistinguishability Obfuscation vs. Auxiliary-Input Extractable Functions: One Must Fall
TLDR
If there exist indistinguishability obfuscators for all circuits then there do not exist auxiliary-input extractable one-way functions, and the knowledge of exponent assumption with respect to adversaries with auxiliary input is false.
Pinocchio coin: building zerocoin from a succinct pairing-based proof system
TLDR
This work shows a variant of the Zerocoin protocol using instead elliptic curves and bilinear pairings, which makes use of modern techniques based on quadratic arithmetic programs resulting in smaller proofs and quicker verification.
Perfect NIZK with Adaptive Soundness
TLDR
This paper presents a very simple and efficient adaptively-sound perfect NIZK argument system for any NP-language, based on a strong non-standard assumption, an extended version of the so-called Knowledge-of-Exponent Assumption (KEA) over bilinear groups.
On the (Im)possibility of Obfuscating Programs
TLDR
It is proved that obfuscation is impossible, by constructing a family of functions F that are inherently unobfuscatable in the following sense: there is a property π : F → {0, 1} such that given any program that computes a function f ∈ F, the value π(f) can be efficiently computed.
New Techniques for Noninteractive Zero-Knowledge
TLDR
A non-interactive zap for all NP is constructed, which is the first that is based on a standard cryptographic security assumption and allows for dramatic reduction in the length of the common reference string and the size of the proofs.
Short Pairing-Based Non-interactive Zero-Knowledge Arguments
  • Jens Groth
  • Mathematics, Computer Science
    ASIACRYPT
  • 2010
TLDR
This work constructs non-interactive zero-knowledge arguments for circuit satisfiability with perfect completeness, perfect zero- knowledge and computational soundness and security is based on two new cryptographic assumptions.
...
1
2
3
...