Cryptology ePrint Archive: Report 2019/471

UC-Secure CRS Generation for SNARKs

Behzad Abdolmaleki and Karim Baghery and Helger Lipmaa and Janno Siim and Michal Zajac

Abstract: Zero-knowledge SNARKs (zk-SNARKs) have recently found various applications in verifiable computation and blockchain applications (Zerocash), but unfortunately they rely on a common reference string (CRS) that has to be generated by a trusted party. A standard suggestion, pursued by Ben Sasson et al. [IEEE S&P, 2015], is to generate CRS via a multi-party protocol. We enhance their CRS-generation protocol to achieve UC-security. This allows to safely compose the CRS-generation protocol with the zk-SNARK in a black-box manner with the insurance that the security of the zk-SNARK is not influenced. Differently from the previous work, the new CRS-generation protocol also avoids the random oracle model which is typically not required by zk-SNARKs themselves. As a case study, we apply the protocol to the state-of-the-art zk-SNARK by Groth [EUROCRYPT, 2016].

Category / Keywords: CRS model, SNARK, subversion-security, UC security

Original Publication (with minor differences): AFRICACRYPT 2019

Date: received 8 May 2019

Contact author: jannosiim at gmail com,helger lipmaa@ut ee,karim baghery@ut ee,behzad abdolmaleki@ut ee,m p zajac@gmail com

Available format(s): PDF | BibTeX Citation

Version: 20190510:124148 (All versions of this report)

Short URL: ia.cr/2019/471


[ Cryptology ePrint archive ]