Snarky Signatures: Minimal Signatures of Knowledge from Simulation-Extractable SNARKs

Groth, Jens; Maller, Mary

doi:10.1007/978-3-319-63715-0_20

Cited by 97 publications

(82 citation statements)

References 51 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…NIZKs can be used for signature-like behaviour by embedding the messages that are to be signed in the statements of simulation-extractable NIZKs, constructing in this way a signature of knowledge [16] (SoK). In particular, we note that witnesses used to generate proofs in Ouroboros Crypsinous will contain the party's secret key, and the proved statement commits to the party's public key.…”

Section: Non-interactive Zero Knowledgementioning

confidence: 99%

“…A proof of lead gives the former two properties, and a notion of authenticity that is different to F KES , but sufficient for how it is used in [1]. Nonmalleable NIZKs, such as the ones used in our construction, can be interpreted as "signing" their public inputs with the knowledge of a witness [16]. In particular, if the witness itself contains a secret key known only to one party, a NIZK over such a witness effectively acts as a signature.…”

Section: Security Analysismentioning

confidence: 99%

“…14: Let path 1 and path 2 be paths to cm c 1 , and cm c 2 in the same Merkle tree, respectively, or, if pk coin c 2 = ⊥, and v 2 = 0, let path 2 be empty. 15: if either are not found in the Merkle tree then return 16:…”

Section: A Hybrid World Functionalitiesmentioning

confidence: 99%

See 2 more Smart Citations

Ouroboros Crypsinous: Privacy-Preserving Proof-of-Stake

Kerber

Kiayias

Kohlweiss

et al. 2019

2019 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

We present Ouroboros Crypsinous, the first formally analysed privacy-preserving proof-ofstake (PoS) blockchain protocol. To model its security we give a thorough treatment of private ledgers in the universal composition (UC) setting that might be of independent interest. To prove our protocol secure against adaptive attacks, which are particularly critical in the PoS setting, we introduce a new coin evolution technique that relies on a SNARKs mechanism and key-private forward secure encryption. The latter primitive-and the associated constructioncan be of independent interest. We stress that existing approaches to private blockchains, such as the proof-of-work-based Zerocash are analyzed only against static corruptions. *

show abstract

Section: Non-interactive Zero Knowledgementioning

confidence: 99%

Section: Security Analysismentioning

confidence: 99%

See 1 more Smart Citation

Ouroboros Crypsinous: Privacy-Preserving Proof-of-Stake

Kerber

Kiayias

Kohlweiss

et al. 2019

2019 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

show abstract

“…In terms of zk-SNARKs, some of the most efficient constructions in the literature [Lip13,PHGR13,BCTV14,DFGK14,Gro16,GM17] use the quadratic span program (QSP) or quadratic arithmetic program (QAP) approach of Gennaro et al [GGPR13]. The issue with this approach when it comes to updatability is that it requires embedding arbitrary polynomials in the exponents of group elements in the common reference string.…”

Section: Related Workmentioning

confidence: 99%

“…The following multi-variate computational assumption is closely related to the uni-variate q-bilinear gap assumption of Ghadafi and Groth [GG17] and is implied by the computational polynomial assumption of Groth and Maller [GM17].…”

Section: Knowledge and Computational Assumptionsmentioning

confidence: 99%

Updatable and Universal Common Reference Strings with Applications to zk-SNARKs

Groth

Kohlweiss

Maller

et al. 2018

Lecture Notes in Computer Science

Self Cite

102

View full text Add to dashboard Cite

By design, existing (pre-processing) zk-SNARKs embed a secret trapdoor in a relation-dependent common reference strings (CRS). The trapdoor is exploited by a (hypothetical) simulator to prove the scheme is zero knowledge, and the secret-dependent structure facilitates a linear-size CRS and linear-time prover computation. If known by a real party, however, the trapdoor can be used to subvert the security of the system. The structured CRS that makes zk-SNARKs practical also makes deploying zk-SNARKS problematic, as it is difficult to argue why the trapdoor would not be available to the entity responsible for generating the CRS. Moreover, for pre-processing zk-SNARKs a new trusted CRS needs to be computed every time the relation is changed. In this paper, we address both issues by proposing a model where a number of users can update a universal CRS. The updatable CRS model guarantees security if at least one of the users updating the CRS is honest. We provide both a negative result, by showing that zk-SNARKs with private secret-dependent polynomials in the CRS cannot be updatable, and a positive result by constructing a zk-SNARK based on a CRS consisting only of secret-dependent monomials. The CRS is of quadratic size, is updatable, and is universal in the sense that it can be specialized into one or more relation-dependent CRS of linear size with linear-time prover computation.

show abstract

Hardware acceleration of number theoretic transform for zk‐SNARK

Zhao

Ding

Wang

et al. 2023

Engineering Reports

View full text Add to dashboard Cite

Zk‐SNARK unleashes the great potential of ZKP (zero‐knowledge proof) in the blockchain, distributed storage, and so forth. However, the proof‐generation of zk‐SNARK is excessively time intensive, making it a challenge to deploy a high‐performance zk‐SNARK in most real applications. As a result, NTT (Number Theoretic Transform), one of the most time‐consuming parts in proof‐generation, needs to be accelerated significantly. To address this issue, we propose a novel and efficient “data reordering" technique to enable a highly pipelined architecture, on which an FPGA‐based hardware accelerator is designed to support the large‐bitwidth and large‐scale NTT tasks in zk‐SNARK. This two‐level pipelined architecture can effectively reduce the data dependency and memory access requirements, meanwhile, can be flexibly scaled to different scales of FPGAs. To balance computing efficiency and flexibility, the OpenCL equipped with HLS is used to implement the heterogeneous acceleration system. We prototype the accelerator on the AMD‐Xilinx Alveo U50 card (UltraScale+ XCU50 FPGA). The evaluation results show that (1) our accelerator shows high scalability for different scales of FPGAs with a stable performance improvement; (2) it performs 1.95 faster than the one in PipeZK; (3) and it achieves 27.98 , 1.74 speedup and 6.9 , 6 energy efficiency improvement than AMD Ryzen 9 5900X single core and 12 cores respectively when integrated into the well‐known ZKP open‐source project, Bellman.

show abstract

Snarky Signatures: Minimal Signatures of Knowledge from Simulation-Extractable SNARKs

Cited by 97 publications

References 51 publications

Ouroboros Crypsinous: Privacy-Preserving Proof-of-Stake

Ouroboros Crypsinous: Privacy-Preserving Proof-of-Stake

Updatable and Universal Common Reference Strings with Applications to zk-SNARKs

Hardware acceleration of number theoretic transform for zk‐SNARK

Contact Info

Product

Resources

About