First, we formalize the question of extraction in the presence of oracles by proposing a suitable proof of knowledge definition for this setting. We call SNARKs satisfying this definition O-SNARKs. Second, we show how to use O-SNARKs to obtain formal and intuitive security proofs for three applications (homomorphic signatures, succinct functional signatures, and SNARKs on authenticated data) where we recognize an issue while doing the proof under the standard proof of knowledge definition of SNARKs. Third, we study whether O-SNARKs exist, providing both negative and positive results. On the negative side, we show that, assuming one way functions, there do not exist O-SNARKs in the standard model for every signing oracle family (and thus for general oracle families as well). On the positive side, we show that when considering signature schemes with appropriate restrictions on the message length O-SNARKs for the corresponding signing oracles exist, based on classical SNARKs and assuming extraction with respect to specific distributions of auxiliary input.
Category / Keywords: foundations / succinct non-interactive arguments, knowledge extraction, digital signatures Original Publication (with major differences): IACR-TCC-2016 Date: received 10 Feb 2016, last revised 23 Aug 2016 Contact author: dario fiore at imdea org Available format(s): PDF | BibTeX Citation Version: 20160823:070001 (All versions of this report) Short URL: ia.cr/2016/112 Discussion forum: Show discussion | Start new discussion