Cryptology ePrint Archive: Report 2014/396

Prover-Efficient Commit-And-Prove Zero-Knowledge SNARKs

Helger Lipmaa

Abstract: Zk-SNARKs (succinct non-interactive zero-knowledge arguments of knowledge) are needed in many applications. Unfortunately, all previous zk-SNARKs for interesting languages are either inefficient for prover, or are non-adaptive and based on an commitment scheme that does depend both on the prover's input and on the language, i.e., they are not commit-and-prove (CaP) SNARKs. We propose a proof-friendly extractable commitment scheme, and use it to construct prover-efficient adaptive CaP succinct zk-SNARKs for different languages, that can all reuse committed data. In new zk-SNARKs, the prover computation is dominated by a linear number of cryptographic operations. We use batch-verification to decrease the verifier's computation.

Category / Keywords: cryptographic protocols/Commit-and-prove, CRS, NIZK, numerical NP-complete languages, range proof, SUBSETSUM, zk-SNARK

Date: received 30 May 2014, last revised 16 Nov 2015

Contact author: helger lipmaa at gmail com

Available format(s): PDF | BibTeX Citation

Note: Third eprint version (16.11.2015) has been reworded in the language of commit-and-prove SNARKs. Includes batch verification, and minimal comparison with Costello

Second eprint version (28.09.2014) is thoroughly updated, and includes several new results

Version: 20151116:142214 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]