Updatable and Universal Common Reference Strings with Applications to zk-SNARKs

Groth, Jens; Kohlweiss, Markulf; Maller, Mary; Meiklejohn, Sarah; Miers, Ian

doi:10.1007/978-3-319-96878-0_24

Cited by 104 publications

(44 citation statements)

References 44 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In addition, in general the CRS cannot be reused if the computation changes. However, there are emerging models well suited for blockchain applications that address these issues by maintaining a CRS that can be updated [40]. If only public randomness can be used, the scheme is called transparent.…”

Section: A Non-interactive Zero-knowledge Argumentsmentioning

confidence: 99%

Non-Interactive Zero-Knowledge for Blockchain: A Survey

2020

View full text Add to dashboard Cite

We survey the state-of-the-art non-interactive zero-knowledge argument schemes and their applications in confidential transactions and private smart contracts on blockchain. The main goal of this paper is to serve as a reference for blockchain application developers in finding the most suitable scheme for a particular use case. We give an overview and compare the state-of-the-art protocols for confidential transactions and private smart contracts regarding the protection of the transaction graph and amounts, data and functionality. However, our main focus is on state-of-the-art zero-knowledge argument schemes. We briefly describe their backgrounds, proof lengths and computational complexities and discuss their cryptographic security models. Our focus is on seminal, otherwise notable and, especially, implemented methods that are ready to be applied in practice. We also survey the existing implementations of transforming computations into circuit representations required by those methods. We note that the existing schemes have different strengths and drawbacks regarding usability, setup, proof length and proving and verification costs.

show abstract

Section: A Non-interactive Zero-knowledge Argumentsmentioning

confidence: 99%

Non-Interactive Zero-Knowledge for Blockchain: A Survey

2020

View full text Add to dashboard Cite

show abstract

“…Recently, updatable SRS schemes have been introduced to allow for the updating of EK and VK [55]- [57], where null vector computation and a polynomial commitment are utilized. In the updatable SRS schemes, a universal circuitindependent SRS is generated and can be updated by any user multiple times.…”

Section: A Cryptographic Approachesmentioning

confidence: 99%

Practical Verifiable Computation by Using a Hardware-Based Correct Execution Environment

et al. 2020

View full text Add to dashboard Cite

The verifiable computation paradigm has been studied extensively as a means to verifying the result of outsourced computation. In said scheme, the verifier requests computation from the prover and verifies the result by checking the output and proof received from the prover. Although they have great potential for various critical applications, verifiable computations have not been widely used in practice, because of their significant performance overhead. Existing cryptography-based approaches incur significant overhead, because a cryptography-based mathematical frame needs to be constructed, which prevents deviation from the correct computation. The proposed approach is to reduce the overhead by trusting the computing hardware platform where the computation is outsourced. If one trusts the hardware to do the computation, the hardware can take the place of the cryptographic computing frame, thereby guaranteeing correct computation. The key challenge of this approach is to define what exactly the hardware should guarantee for verifiable computation. For this, we introduce the concept of Correct Execution Environment (CEE), which guarantees instruction correctness and state preservation. We prove that these two requirements are satisfactory conditions for a correct output. By employing a CEE, the verifiable computation scheme can be simplified, and its overhead can be reduced drastically. The presented experimental results demonstrate that the execution time is approximately 1.7 million times faster and the verification time over 50 times faster than a state-of-the-art cryptographic approach.

show abstract

“…For this reason, an SRS that contains only hidden monomial evaluations suffices for committing to the instance. Groth et al [46] showed that an SRS that contains monomials is updatable. The second polynomial that is determined by the constraints is known to the verifier.…”

Section: Our Techniquesmentioning

confidence: 99%

“…Groth et al [46] introduced the notion of updatability for structured reference strings and built a zk-SNARK from an updatable and universal string. They achieved these results by including a null space argument to show that a quadratic arithmetic circuit is satisfied.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Sonic

Maller

Bowe²,

Kohlweiss

et al. 2019

Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

Self Cite

179

View full text Add to dashboard Cite

Ever since their introduction, zero-knowledge proofs have become an important tool for addressing privacy and scalability concerns in a variety of applications. In many systems each client downloads and verifies every new proof, and so proofs must be small and cheap to verify. The most practical schemes require either a trusted setup, as in (pre-processing) zk-SNARKs, or verification complexity that scales linearly with the complexity of the relation, as in Bulletproofs. The structured reference strings required by most zk-SNARK schemes can be constructed with multi-party computation protocols, but the resulting parameters are specific to an individual relation. Groth et al. discovered a zk-SNARK protocol with a universal structured reference string that is also updatable, but the string scales quadratically in the size of the supported relations.Here we describe a zero-knowledge SNARK, Sonic, which supports a universal and continually updatable structured reference string that scales linearly in size. We also describe a generally useful technique in which untrusted "helpers" can compute advice that allows batches of proofs to be verified more efficiently. Sonic proofs are constant size, and in the "helped" batch verification context the marginal cost of verification is comparable with the most efficient SNARKs in the literature.

show abstract

Updatable and Universal Common Reference Strings with Applications to zk-SNARKs

Cited by 104 publications

References 44 publications

Non-Interactive Zero-Knowledge for Blockchain: A Survey

Non-Interactive Zero-Knowledge for Blockchain: A Survey

Practical Verifiable Computation by Using a Hardware-Based Correct Execution Environment

Sonic

Contact Info

Product

Resources

About