### Scalable Multi-party Computation for zk-SNARK Parameters in the Random Beacon Model

Sean Bowe, Ariel Gabizon, and Ian Miers

##### Abstract

Zero-knowledge succinct non-interactive arguments of knowledge (zk-SNARKs) have emerged as a valuable tool for verifiable computation and privacy preserving protocols. Currently practical schemes require a common reference string (CRS) to be constructed in a one-time setup for each statement. Ben-Sasson, Chiesa, Green, Tromer and Virza devised a multi-party protocol to securely compute such a CRS, and an adaptation of this protocol was used to construct the CRS for the Zcash cryptocurrency. The scalability of these protocols is obstructed by the need for a "precommitment round" which forces participants to be defined in advance and requires them to secure their secret randomness throughout the duration of the protocol. Our primary contribution is a more scalable multi-party computation (MPC) protocol, secure in the random beacon model, which omits the precommitment round. We show that security holds even if an adversary has limited influence on the beacon. Next, we apply our main result to obtain a two-round protocol for computing an extended version of the CRS of Groth's SNARK. We show that knowledge soundness is maintained in the generic group model when using this CRS. We also contribute a more secure pairing-friendly elliptic curve construction and implementation, tuned for use in zk-SNARKs, in light of recent optimizations to the Number Field Sieve algorithm which reduced the security estimates of existing pairing-friendly curves used in zk-SNARK applications.

Available format(s)
Category
Cryptographic protocols
Publication info
Preprint. Minor revision.
Keywords
SNARKszero-knowledgemulti-party computation
Contact author(s)
sean @ z cash
ariel gabizon @ gmail com
History
2019-09-03: last of 2 revisions
See all versions
Short URL
https://ia.cr/2017/1050

CC BY

BibTeX

@misc{cryptoeprint:2017/1050,
author = {Sean Bowe and Ariel Gabizon and Ian Miers},
title = {Scalable Multi-party Computation for zk-SNARK Parameters in the Random Beacon Model},
howpublished = {Cryptology ePrint Archive, Paper 2017/1050},
year = {2017},
note = {\url{https://eprint.iacr.org/2017/1050}},
url = {https://eprint.iacr.org/2017/1050}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.