Paper 2017/602

A multi-party protocol for constructing the public parameters of the Pinocchio zk-SNARK

Sean Bowe, Ariel Gabizon, and Matthew D. Green

Abstract

Recent efficient constructions of zero-knowledge Succinct Non-interactive Arguments of Knowledge (zk-SNARKs), require a setup phase in which a common-reference string (CRS) with a certain structure is generated. This CRS is sometimes referred to as the public parameters of the system, and is used for constructing and verifying proofs. A drawback of these constructions is that whomever runs the setup phase subsequently possesses trapdoor information enabling them to produce fraudulent pseudoproofs. Building on a work of Ben-Sasson, Chiesa, Green, Tromer and Virza [BCGTV15], we construct a multi-party protocol for generating the CRS of the Pinocchio zk-SNARK [PHGR16], such that as long as at least one participating party is not malicious, no party can later construct fraudulent proofs except with negligible probability. The protocol also provides a strong zero-knowledge guarantee even in the case that all participants are malicious. This method has been used in practice to generate the required CRS for the Zcash cryptocurrency blockchain.

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Keywords
SNARKszero-knowledgecryptocurrenciesmulti-party computation
Contact author(s)
ariel @ z cash
History
2017-06-25: revised
2017-06-23: received
See all versions
Short URL
https://ia.cr/2017/602
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/602,
      author = {Sean Bowe and Ariel Gabizon and Matthew D.  Green},
      title = {A multi-party protocol for constructing the public parameters of the Pinocchio zk-SNARK},
      howpublished = {Cryptology ePrint Archive, Paper 2017/602},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/602}},
      url = {https://eprint.iacr.org/2017/602}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.