## Cryptology ePrint Archive: Report 2017/013

Pinocchio-Based Adaptive zk-SNARKs and Secure/Correct Adaptive Function Evaluation

Meilof Veeningen

Abstract: Pinocchio is a practical zk-SNARK that allows a prover to perform cryptographically verifiable computations with verification effort sometimes less than performing the computation itself. A recent proposal showed how to make Pinocchio adaptive (or hash-and-prove''), i.e., to enable proofs with respect to computation-independent commitments. This enables computations to be chosen after the commitments have been produced, and for data to be shared in different computations in a flexible way. Unfortunately, this proposal is not zero-knowledge. In particular, it cannot be combined with Trinocchio, a system in which Pinocchio is outsourced to three workers that do not learn the inputs thanks to multi-party computation (MPC). In this paper, we show how to make Pinocchio adaptive in a zero-knowledge way; apply it to make Trinocchio work on computation-independent commitments; present tooling to easily program fleible verifiable computations (with or without MPC); and use it to build a prototype in a medical research case study.

Category / Keywords: cryptographic protocols / multi-party computation, verifiable computation

Original Publication (with minor differences): Proceedings AFRICACRYPT 2017

Date: received 9 Jan 2017, last revised 21 Jun 2017

Contact author: meilof veeningen at philips com

Available format(s): PDF | BibTeX Citation

Short URL: ia.cr/2017/013

[ Cryptology ePrint archive ]