Paper 2019/148

On the efficiency of pairing-based proofs under the d-PKE

Ariel Gabizon

Abstract

We investigate the minimal number of group elements and prover running time in a zk-SNARK when using only a symmetric ``linear'' knowledge assumption, like the $d$-Power Knowledge of Exponent assumption, rather than a ``quadratic'' one as implicitly happens in the most efficient known construction by Groth [Groth16]. The proofs of [Groth16] contain only 3 group elements. We present 4 element proofs for quadratic arithmetic programs/rank 1 constraint systems under the $d$-PKE with very similar prover running time to [Groth16]. Central to our construction is a simple lemma for ``batching'' knowledge checks, which allows us to save one proof element.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
zk-SNARKsKnowledge Assumptions
Contact author(s)
ariel gabizon @ gmail com
History
2019-03-18: last of 3 revisions
2019-02-20: received
See all versions
Short URL
https://ia.cr/2019/148
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2019/148,
      author = {Ariel Gabizon},
      title = {On the efficiency of pairing-based proofs under the d-{PKE}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/148},
      year = {2019},
      url = {https://eprint.iacr.org/2019/148}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.