Paper 2017/599
A Subversion-Resistant SNARK
Behzad Abdolmaleki, Karim Baghery, Helger Lipmaa, and Michal Zajac
Abstract
While succinct non-interactive zero-knowledge arguments of knowledge (zk-SNARKs) are widely studied, the question of what happens when the CRS has been subverted has received little attention. In ASIACRYPT 2016, Bellare, Fuchsbauer and Scafuro showed the first negative and positive results in this direction, proving also that it is impossible to achieve subversion soundness and (even non-subversion) zero knowledge at the same time. On the positive side, they constructed an involved sound and subversion zero-knowledge argument system for NP. We show that Groth's zk-SNARK for \textsc{Circuit-SAT} from EUROCRYPT 2016 can be made computationally knowledge-sound and perfectly composable Sub-ZK with minimal changes. We just require the CRS trapdoor to be extractable and the CRS to be publicly verifiable. To achieve the latter, we add some new elements to the CRS and construct an efficient CRS verification algorithm. We also provide a definitional framework for sound and Sub-ZK SNARKs and describe implementation results of the new Sub-ZK SNARK.
Note: An earlier version of this paper was submitted to Crypto 2017. The current version includes implementation data and readability improvements
Metadata
- Available format(s)
-
PDF
- Category
- Cryptographic protocols
- Publication info
- Preprint. MINOR revision.
- Keywords
- Common reference stringgeneric group modelnon-interactive zero knowledgeSNARKsubversion zero knowledge
- Contact author(s)
- helger lipmaa @ gmail com
- History
- 2017-06-21: received
- Short URL
- https://ia.cr/2017/599
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2017/599,
author = {Behzad Abdolmaleki and Karim Baghery and Helger Lipmaa and Michal Zajac},
title = {A Subversion-Resistant {SNARK}},
howpublished = {Cryptology {ePrint} Archive, Paper 2017/599},
year = {2017},
url = {https://eprint.iacr.org/2017/599}
}
