Paper 2017/587
Subversion-zero-knowledge SNARKs
Georg Fuchsbauer
Abstract
At Asiacrypt 2016 Bellare, Fuchsbauer and Scafuro introduced the notion of subversion zero knowledge for non-interactive proof systems, demanding that zero knowledge (ZK) is maintained even when the common reference string is chosen maliciously. Succinct non-interactive arguments of knowledge (SNARKs) are proof systems with short and efficiently verifiable proofs, which were introduced for verifiable computation. They are deployed in cryptocurrencies such as Zcash, which guarantees user anonymity assuming zero-knowledge SNARKs. We show that under a plausible hardness assumption, the most efficient SNARK schemes proposed in the literature, including the one underlying Zcash, satisfy subversion ZK or can be made to at very little cost. We argue that Zcash is thus anonymous even if its parameters were set up maliciously.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Preprint. MINOR revision.
- Keywords
- SNARKssubversion-resistancezero knowledgeZcash
- Contact author(s)
- fuchsbau @ di ens fr
- History
- 2020-05-16: last of 4 revisions
- 2017-06-20: received
- See all versions
- Short URL
- https://ia.cr/2017/587
- License
-
CC BY