Cryptology ePrint Archive: Report 2019/1021

Recursive Proof Composition without a Trusted Setup

Sean Bowe and Jack Grigg and Daira Hopwood

Abstract: Non-interactive arguments of knowledge are powerful cryptographic tools that can be used to demonstrate the faithful execution of arbitrary computations with publicly verifiable proofs. Increasingly efficient protocols have been described in recent years, with verification time and/or communication complexity that is sublinear in the size of the computation being described. These efficiencies can be exploited to realize recursive proof composition: the concept of proofs that attest to the correctness of other instances of themselves, thereby allowing large computational effort to be incrementally verified. All previously known realizations of recursive proof composition have required a trusted setup and cycles of expensive pairing-friendly elliptic curves. We obtain and implement Halo, the first practical example of recursive proof composition without a trusted setup, using the discrete log assumption over normal cycles of elliptic curves. In the process we develop several novel techniques that may be of independent interest.

Category / Keywords: cryptographic protocols / recursive proofs, incrementally verifiable computation, zero knowledge

Date: received 10 Sep 2019, last revised 17 Feb 2020

Contact author: sean at electriccoin co

Available format(s): PDF | BibTeX Citation

Version: 20200218:011907 (All versions of this report)

Short URL: ia.cr/2019/1021


[ Cryptology ePrint archive ]