Cryptology ePrint Archive: Report 2017/602

A multi-party protocol for constructing the public parameters of the Pinocchio zk-SNARK

Sean Bowe and Ariel Gabizon and Matthew D. Green

Abstract: Recent efficient constructions of zero-knowledge Succinct Non-interactive Arguments of Knowledge (zk-SNARKs), require a setup phase in which a common-reference string (CRS) with a certain structure is generated. This CRS is sometimes referred to as the public parameters of the system, and is used for constructing and verifying proofs. A drawback of these constructions is that whomever runs the setup phase subsequently possesses trapdoor information enabling them to produce fraudulent pseudoproofs.

Building on a work of Ben-Sasson, Chiesa, Green, Tromer and Virza [BCGTV15], we construct a multi-party protocol for generating the CRS of the Pinocchio zk-SNARK [PHGR16], such that as long as at least one participating party is not malicious, no party can later construct fraudulent proofs except with negligible probability. The protocol also provides a strong zero-knowledge guarantee even in the case that all participants are malicious. This method has been used in practice to generate the required CRS for the Zcash cryptocurrency blockchain.

Category / Keywords: SNARKs, zero-knowledge, cryptocurrencies, multi-party computation

Date: received 21 Jun 2017, last revised 25 Jun 2017

Contact author: ariel at z cash

Available format(s): PDF | BibTeX Citation

Version: 20170625:085943 (All versions of this report)

Short URL: ia.cr/2017/602

Discussion forum: Show discussion | Start new discussion