You are looking at a specific version 20170620:153555 of this paper. See the latest version.

Paper 2017/587

Subversion-zero-knowledge SNARKs

Georg Fuchsbauer

Abstract

At Asiacrypt 2016 Bellare, Fuchsbauer and Scafuro introduced the notion of subversion zero knowledge for non-interactive proof systems, demanding that zero knowledge (ZK) is maintained even when the common reference string is chosen maliciously. Succinct non-interactive arguments of knowledge (SNARKs) are proof systems with short and efficiently verifiable proofs, which were introduced for verifiable computation. They are deployed in cryptocurrencies such as Zcash, which guarantees user anonymity assuming zero-knowledge SNARKs. We show that under a plausible hardness assumption, the most efficient SNARK schemes proposed in the literature, including the one underlying Zcash, satisfy subversion ZK or can be made to at very little cost. We argue that Zcash is thus anonymous even if its parameters were set up maliciously.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
SNARKssubversion-resistancezero knowledgeZcash
Contact author(s)
fuchsbau @ di ens fr
History
2020-05-16: last of 4 revisions
2017-06-20: received
See all versions
Short URL
https://ia.cr/2017/587
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.