Paper 2019/471

UC-Secure CRS Generation for SNARKs

Behzad Abdolmaleki, Karim Baghery, Helger Lipmaa, Janno Siim, and Michal Zajac

Abstract

Zero-knowledge SNARKs (zk-SNARKs) have recently found various applications in verifiable computation and blockchain applications (Zerocash), but unfortunately they rely on a common reference string (CRS) that has to be generated by a trusted party. A standard suggestion, pursued by Ben Sasson et al. [IEEE S&P, 2015], is to generate CRS via a multi-party protocol. We enhance their CRS-generation protocol to achieve UC-security. This allows to safely compose the CRS-generation protocol with the zk-SNARK in a black-box manner with the insurance that the security of the zk-SNARK is not influenced. Differently from the previous work, the new CRS-generation protocol also avoids the random oracle model which is typically not required by zk-SNARKs themselves. As a case study, we apply the protocol to the state-of-the-art zk-SNARK by Groth [EUROCRYPT, 2016].

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. MINOR revision.AFRICACRYPT 2019
Keywords
CRS modelSNARKsubversion-securityUC security
Contact author(s)
jannosiim @ gmail com
helger lipmaa @ ut ee
karim baghery @ ut ee
behzad abdolmaleki @ ut ee
m p zajac @ gmail com
History
2019-05-10: received
Short URL
https://ia.cr/2019/471
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/471,
      author = {Behzad Abdolmaleki and Karim Baghery and Helger Lipmaa and Janno Siim and Michal Zajac},
      title = {UC-Secure CRS Generation for SNARKs},
      howpublished = {Cryptology ePrint Archive, Paper 2019/471},
      year = {2019},
      note = {\url{https://eprint.iacr.org/2019/471}},
      url = {https://eprint.iacr.org/2019/471}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.