Paper 2017/013

Pinocchio-Based Adaptive zk-SNARKs and Secure/Correct Adaptive Function Evaluation

Meilof Veeningen


Pinocchio is a practical zk-SNARK that allows a prover to perform cryptographically verifiable computations with verification effort sometimes less than performing the computation itself. A recent proposal showed how to make Pinocchio adaptive (or ``hash-and-prove''), i.e., to enable proofs with respect to computation-independent commitments. This enables computations to be chosen after the commitments have been produced, and for data to be shared in different computations in a flexible way. Unfortunately, this proposal is not zero-knowledge. In particular, it cannot be combined with Trinocchio, a system in which Pinocchio is outsourced to three workers that do not learn the inputs thanks to multi-party computation (MPC). In this paper, we show how to make Pinocchio adaptive in a zero-knowledge way; apply it to make Trinocchio work on computation-independent commitments; present tooling to easily program fleible verifiable computations (with or without MPC); and use it to build a prototype in a medical research case study.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. MINOR revision.Proceedings AFRICACRYPT 2017
multi-party computationverifiable computation
Contact author(s)
meilof veeningen @ philips com
2017-06-21: last of 2 revisions
2017-01-11: received
See all versions
Short URL
Creative Commons Attribution


      author = {Meilof Veeningen},
      title = {Pinocchio-Based Adaptive zk-SNARKs and Secure/Correct Adaptive Function Evaluation},
      howpublished = {Cryptology ePrint Archive, Paper 2017/013},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.