Shorter Pairing-based Arguments under Standard Assumptions
Alonso Gonzalez and Carla Rafols
Abstract
This paper constructs efficient non-interactive arguments for correct evaluation of arithmetic and boolean circuits with proof size group elements, where is the multiplicative depth of the circuit, under falsifiable assumptions. This is achieved by combining techniques from SNARKs and QA-NIZK arguments of membership in linear spaces.
The first construction is very efficient (the proof size is group elements and the verification cost is pairings and exponentiations, where is the size of the input and of the output) but one type of attack can only be ruled out assuming the knowledge soundness of QA-NIZK arguments of membership in linear spaces. We give an alternative construction which replaces this assumption with a decisional assumption in bilinear groups at the cost of approximately doubling the proof size. The construction for boolean circuits can be made zero-knowledge with Groth-Sahai proofs, resulting in a NIZK argument for circuit satisfiability based on falsifiable assumptions in bilinear groups of proof size .
Our main technical tool is what we call an ``argument of knowledge transfer''. Given a commitment and an opening , such an argument allows to prove that some other commitment opens to , for some function , even if is not extractable. We construct very short, constant-size, pairing-based arguments of knowledge transfer with constant-time verification for any linear function and also for Hadamard products. These allow to transfer the knowledge of the input to lower levels of the circuit.
@misc{cryptoeprint:2019/326,
author = {Alonso Gonzalez and Carla Rafols},
title = {Shorter Pairing-based Arguments under Standard Assumptions},
howpublished = {Cryptology {ePrint} Archive, Paper 2019/326},
year = {2019},
url = {https://eprint.iacr.org/2019/326}
}
Note: In order to protect the privacy of readers, eprint.iacr.org
does not use cookies or embedded third party content.