Paper 2019/333

Key-and-Argument-Updatable QA-NIZKs

Helger Lipmaa

Abstract

There are several new efficient approaches to decreasing trust in the CRS creators for NIZK proofs in the CRS model. Recently, Groth et al. (CRYPTO 2018) defined the notion of NIZK with updatable CRS (updatable NIZK) and described an updatable SNARK. We consider the same problem in the case of QA-NIZKs. We also define an important new property: we require that after updating the CRS, one should be able to update a previously generated argument to a new argument that is valid with the new CRS. We propose a general definitional framework for key-and-argument-updatable QA-NIZKs. After that, we describe a key-and-argument-updatable version of the most efficient known QA-NIZK for linear subspaces by Kiltz and Wee. Importantly, for obtaining soundness, it suffices to update a universal public key that just consists of a matrix drawn from a KerMDH-hard distribution and thus can be shared by any pairing-based application that relies on the same hardness assumption. After specializing the universal public key to the concrete language parameter, one can use the proposed key-and-argument updating algorithms to continue updating to strengthen the soundness guarantee.

Note: The first version of this paper was written in April 2018, and in an updated form, posted to eprint in early 2019. This version corresponds to the publication at SCN 2020 with additional appendices. Compared to the 2019 version, it takes into account the new version of [ALSZ20] (that defines Sub-ZK QA-NIZK) that was significantly modified inbetween.