Mary Maller scite author profile

Abstract. We construct a pairing based simulation-extractable SNARK (SE-SNARK) that consists of only 3 group elements and has highly efficient verification. By formally linking SE-SNARKs to signatures of knowledge, we then obtain a succinct signature of knowledge consisting of only 3 group elements. SE-SNARKs enable a prover to give a proof that they know a witness to an instance in a manner which is: (1) succinct -proofs are short and verifier computation is small; (2) zero-knowledge -proofs do not reveal the witness; (3) simulation-extractable -it is only possible to prove instances to which you know a witness, even when you have already seen a number of simulated proofs. We also prove that any pairing based signature of knowledge or SE-NIZK argument must have at least 3 group elements and 2 verification equations. Since our constructions match these lower bounds, we have the smallest size signature of knowledge and the smallest size SE-SNARK possible.

show abstract

Marlin: Preprocessing zkSNARKs with Universal and Updatable SRS

Chiesa

Maller³

et al. 2020

159

View full text Add to dashboard Cite

Updatable and Universal Common Reference Strings with Applications to zk-SNARKs

Groth

Kohlweiss

Maller

et al. 2018

View full text Add to dashboard Cite

By design, existing (pre-processing) zk-SNARKs embed a secret trapdoor in a relation-dependent common reference strings (CRS). The trapdoor is exploited by a (hypothetical) simulator to prove the scheme is zero knowledge, and the secret-dependent structure facilitates a linear-size CRS and linear-time prover computation. If known by a real party, however, the trapdoor can be used to subvert the security of the system. The structured CRS that makes zk-SNARKs practical also makes deploying zk-SNARKS problematic, as it is difficult to argue why the trapdoor would not be available to the entity responsible for generating the CRS. Moreover, for pre-processing zk-SNARKs a new trusted CRS needs to be computed every time the relation is changed. In this paper, we address both issues by proposing a model where a number of users can update a universal CRS. The updatable CRS model guarantees security if at least one of the users updating the CRS is honest. We provide both a negative result, by showing that zk-SNARKs with private secret-dependent polynomials in the CRS cannot be updatable, and a positive result by constructing a zk-SNARK based on a CRS consisting only of secret-dependent monomials. The CRS is of quadratic size, is updatable, and is universal in the sense that it can be specialized into one or more relation-dependent CRS of linear size with linear-time prover computation.

show abstract

Egalitarian Society or Benevolent Dictatorship: The State of Cryptocurrency Governance

Azouvi

Maller

Meiklejohn

2019

View full text Add to dashboard Cite

In this paper we initiate a quantitative study of the decentralization of the governance structures of Bitcoin and Ethereum. In particular, we scraped the open-source repositories associated with their respective codebases and improvement proposals to find the number of people contributing to the code itself and to the overall discussion. We then present different metrics to quantify decentralization, both in each of the cryptocurrencies and, for comparison, in two popular open-source programming languages: Clojure and Rust. We find that for both cryptocurrencies and programming languages, there is usually a handful of people that accounts for most of the discussion. We also look into the effect of forks in Bitcoin and Ethereum, and find that there is little intersection between the communities of the original currencies and those of the forks.

show abstract

Proofs for Inner Pairing Products and Applications

Bünz

Maller²,

Mishra

et al. 2021

View full text Add to dashboard Cite

Reaching Consensus for Asynchronous Distributed Key Generation

Abraham

Jovanovic

Maller³

et al. 2021

View full text Add to dashboard Cite

We give a protocol for Asynchronous Distributed Key Generation (A-DKG) that is optimally resilient (can withstand < 3 faulty parties), has a constant expected number of rounds, has˜( 3 ) expected communication complexity, and assumes only the existence of a PKI. Prior to our work, the best A-DKG protocols required Ω( ) expected number of rounds, and Ω( 4 ) expected communication.Our A-DKG protocol relies on several building blocks that are of independent interest. We define and design a Proposal Election (PE) protocol that allows parties to retrospectively agree on a valid proposal after enough proposals have been sent from different parties.With constant probability the elected proposal was proposed by a nonfaulty party. In building our PE protocol, we design a Verifiable Gather protocol which allows parties to communicate which proposals they have and have not seen in a verifiable manner. The final building block to our A-DKG is a Validated Asynchronous Byzantine Agreement (VABA) protocol. We use our PE protocol to construct a VABA protocol that does not require leaders or an asynchronous DKG setup. Our VABA protocol can be used more generally when it is not possible to use threshold signatures. CCS CONCEPTS• Theory of computation → Distributed algorithms; Cryptographic protocols.

show abstract

Aggregatable Distributed Key Generation

Gurkan¹,

Jovanovic

Maller³

et al. 2021

View full text Add to dashboard Cite

In this paper, we introduce a distributed key generation (DKG) protocol with aggregatable and publicly-verifiable transcripts. Compared with prior publicly-verifiable approaches, our DKG reduces the size of the final transcript and the time to verify it from O(n 2 ) to O(n log n), where n denotes the number of parties. As compared with prior non-publicly-verifiable approaches, our DKG leverages gossip rather than all-to-all communication to reduce verification and communication complexity. We also revisit existing DKG security definitions, which are quite strong, and propose new and natural relaxations. As a result, we can prove the security of our aggregatable DKG as well as that of several existing DKGs, including the popular Pedersen variant. We show that, under these new definitions, these existing DKGs can be used to yield secure threshold variants of popular cryptosystems such as El-Gamal encryption and BLS signatures. We also prove that our DKG can be securely combined with a new efficient verifiable unpredictable function (VUF), whose security we prove in the random oracle model. Finally, we experimentally evaluate our DKG and show that the perparty overheads scale linearly and are practical. For 64 parties, it takes 71 ms to share and 359 ms to verify the overall transcript, while for 8192 parties, it takes 8 s and 42.2 s respectively. cLabs, Ethereum Foundation.

show abstract

Déjà Q All Over Again: Tighter and Broader Reductions of q-Type Assumptions

Chase

Maller

Meiklejohn

2016

View full text Add to dashboard Cite

In this paper, we demonstrate that various cryptographic constructions-including ones for broadcast, attribute-based, and hierarchical identity-based encryption-can rely for security on only the static subgroup hiding assumption when instantiated in composite-order bilinear groups, as opposed to the dynamic q-type assumptions on which their security previously was based. This specific goal is accomplished by more generally extending the recent Déjà Q framework (Chase and Meiklejohn, Eurocrypt 2014) in two main directions. First, by teasing out common properties of existing reductions, we expand the q-type assumptions that can be covered by the framework; i.e., we demonstrate broader classes of assumptions that can be reduced to subgroup hiding. Second, while the original framework applied only to asymmetric composite-order bilinear groups, we provide a reduction to subgroup hiding that works in symmetric (as well as asymmetric) composite-order groups. As a bonus, our new reduction achieves a tightness of log(q) rather than q.

show abstract

12 3

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Mary Maller

Snarky Signatures: Minimal Signatures of Knowledge from Simulation-Extractable SNARKs

Marlin: Preprocessing zkSNARKs with Universal and Updatable SRS

Updatable and Universal Common Reference Strings with Applications to zk-SNARKs

Egalitarian Society or Benevolent Dictatorship: The State of Cryptocurrency Governance

Proofs for Inner Pairing Products and Applications

Reaching Consensus for Asynchronous Distributed Key Generation

Aggregatable Distributed Key Generation

Déjà Q All Over Again: Tighter and Broader Reductions of q-Type Assumptions

Contact Info

Product

Resources

About