You are looking at a specific version 20190911:071840 of this paper. See the latest version.

Paper 2019/1021

Halo: Recursive Proof Composition without a Trusted Setup

Sean Bowe and Jack Grigg and Daira Hopwood

Abstract

Non-interactive proofs of knowledge allow us to publicly demonstrate the faithful execution of arbitrary computations. SNARKs have the additional property of succinctness, meaning that the proofs are short and fast to verify even when the computations involved are large. This property raises the prospect of recursive proof composition: proofs that verify other proofs. All previously known realizations of recursive proof composition have required a trusted setup and cycles of expensive pairing-friendly elliptic curves. We obtain the first practical example of recursive proof composition without a trusted setup, using only ordinary cycles of elliptic curves. Our primary contribution is a novel technique for amortizing away expensive verification procedures from within the proof verification cycle so that we could obtain recursion using a composition of existing protocols and techniques. We devise a technique for amortizing the cost of verifying multiple inner product arguments which may be of independent interest.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
zero knowledgeelliptic curve cryptosystem
Contact author(s)
sean @ electriccoin co
History
2020-02-18: last of 2 revisions
2019-09-11: received
See all versions
Short URL
https://ia.cr/2019/1021
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.