Paper 2017/013

Pinocchio-Based Adaptive zk-SNARKs and Secure/Correct Adaptive Function Evaluation

Meilof Veeningen

Abstract

Pinocchio is a practical zk-SNARK that allows a prover to perform cryptographically verifiable computations with verification effort sometimes less than performing the computation itself. A recent proposal showed how to make Pinocchio adaptive (or ``hash-and-prove''), i.e., to enable proofs with respect to computation-independent commitments. This enables computations to be chosen after the commitments have been produced, and for data to be shared in different computations in a flexible way. Unfortunately, this proposal is not zero-knowledge. In particular, it cannot be combined with Trinocchio, a system in which Pinocchio is outsourced to three workers that do not learn the inputs thanks to multi-party computation (MPC). In this paper, we show how to make Pinocchio adaptive in a zero-knowledge way; apply it to make Trinocchio work on computation-independent commitments; present tooling to easily program fleible verifiable computations (with or without MPC); and use it to build a prototype in a medical research case study.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Minor revision. Proceedings AFRICACRYPT 2017
Keywords
multi-party computationverifiable computation
Contact author(s)
meilof veeningen @ philips com
History
2017-06-21: last of 2 revisions
2017-01-11: received
See all versions
Short URL
https://ia.cr/2017/013
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/013,
      author = {Meilof Veeningen},
      title = {Pinocchio-Based Adaptive zk-SNARKs and Secure/Correct Adaptive Function Evaluation},
      howpublished = {Cryptology ePrint Archive, Paper 2017/013},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/013}},
      url = {https://eprint.iacr.org/2017/013}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.