Corpus ID: 203687293

Updatable CRS Simulation-Extractable zk-SNARKs with a Single Verification

  title={Updatable CRS Simulation-Extractable zk-SNARKs with a Single Verification},
  author={Jihye Kim and Jiwon Lee and Hyunok Oh},
This paper proposes pairing-based simulation-extractable zeroknowledge succinct non-interactive arguments of knowledge (SE-SNARK) schemes for QAP (Quadratic Arithmetic Program). In the proposed schemes, the proof size is 3 group elements for a QAP (Quadratic Arithmetic Program) circuit in asymmetric groups (Type III pairing), and 2 group elements for an SAP (Square Arithmetic Program) circuit in symmetric groups (Type I pairing), respectively. Moreover, the proposed schemes have only a single… Expand
2 Citations

Tables from this paper

SoK: Lifting Transformations for Simulation Extractable Subversion and Updatable SNARKs
Zero-knowledge proofs and in particular succinct non-interactive zero-knowledge proofs (so called zk-SNARKs) are getting increasingly used in real-world applications, with cryptocurrencies being theExpand
Lift-and-Shift: Obtaining Simulation Extractable Subversion and Updatable SNARKs Generically
It is proved that LAMASSU preserves the subversion and in particular updatable properties of the underlying zk-SNARKs, which makes it the first technique to also generically obtain SESubversion and updatable SNARKs. Expand


Simulation-Extractable SNARKs Revisited July
The most efficient SNARKs (e.g., Groth, 2016) have a brittle and difficult-to-verify knowledge-soundness proof in the generic model. This makes it nontrivial to modify such SNARKs to, e.g., satisfyExpand
Updatable and Universal Common Reference Strings with Applications to zk-SNARKs
By design, existing (pre-processing) zk-SNARKs embed a secret trapdoor in a relation-dependent common reference strings (CRS) that facilitates a linear-size CRS and linear-time prover computation. Expand
On the Size of Pairing-Based Non-interactive Arguments
  • Jens Groth
  • Computer Science, Mathematics
  • 2016
It is shown that linear interactive proofs cannot have a linear decision procedure, and it follows that SNARGs where the prover and verifier use generic asymmetric bilinear group operations cannot consist of a single group element. Expand
Making Groth's zk-SNARK Simulation Extractable in the Random Oracle Model
The purpose of this note is to provide a variant of Groth's zk-SNARK that satisfies simulation extractability, which is a strong form of adaptive non-malleability, and a straightforward alteration of the construction gives a succinct Signature of Knowledge (SoK). Expand
Zero-Knowledge SNARKs from Linear-Size Universal and Updateable Structured Reference Strings
Ever since their introduction, zero-knowledge proofs have become an important tool for addressing privacy and scalability concerns in a variety of applications. In many systems each client downloadsExpand
Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture
A system that provides succinct noninteractive zero-knowledge proofs (zk-SNARKs) for program executions on a von Neumann RISC architecture and is the first to be universal: it does not need to know the program, but only a bound on its running time. Expand
ZKBoo: Faster Zero-Knowledge for Boolean Circuits
ZKBoo1 is a proposal for practically efficient zero-knowledge arguments especially tailored for Boolean circuits and a proof-ofconcept implementation is described, which can generate a non-interactive proof for the SHA-1 circuit in approximately 13ms. Expand
A multi-party protocol for constructing the public parameters of the Pinocchio zk-SNARK
Recent efficient constructions of zero-knowledge Succinct Non-interactive Arguments of Knowledge (zk-SNARKs), require a setup phase in which a common-reference string (CRS) with a certain structureExpand
Cinderella: Turning Shabby X.509 Certificates into Elegant Anonymous Credentials with the Magic of Verifiable Computation
This work proposes a novel use of existing X.509 certificates and infrastructure, a drop-in replacement for certificates within TLS, and access control for the Helios voting protocol, and develops new C libraries for RSA-PKCS#1 signatures and ASN.1 parsing, carefully tailored for cryptographic verifiability. Expand
Snarky Signatures: Minimal Signatures of Knowledge from Simulation-Extractable SNARKs
A pairing based simulation-extractable SNARK (SE-SNARK) is constructed that consists of only 3 group elements and has highly efficient verification and a succinct signature of knowledge consisting of only3 group elements is obtained. Expand