Cryptology ePrint Archive: Report 2019/586

Simulation-Extractable zk-SNARK with a Single Verification

Jihye Kim and Jiwon Lee and Hyunok Oh

Abstract: The simulation-extractable zk-SNARK (SE-SNARK) introduces a security notion of non-malleability. The existing pairing-based zk-SNARKs designed from linear encoding are known to be vulnerable to algebraic manipulation of the proof. The latest SE-SNARKs check the proof consistency by increasing the proof size and the verification cost. In particular, the number of pairings increases almost doubles due to further verification.

In this paper, we propose two novel SE-SNARK constructions with a single verification. The consistency check is subsumed in a single verification through employing a hash function. The proof size and verification time of the proposed SE-SNARK schemes are minimal in that it is the same as the state-of-the-art zk-SNARK without non-malleability.

The proof in our SE-SNARK constructions comprises only three group elements (type III) in the QAP-based scheme and two group elements (type I) in the SAP-based scheme. The verification time in both requires only 3 pairings. The soundness of the proposed schemes is proven under the hash-algebraic knowledge (HAK) assumption and the (linear) collision-resistant hash assumption.

Category / Keywords: cryptographic protocols / pairing-based zk-SNARK, simulation-extractability, quadratic arithmetic program, square arithmetic program

Date: received 28 May 2019, last revised 22 Apr 2020

Contact author: jihyek at kookmin ac kr,jiwonlee@hanyang ac kr,hoh@hanyang ac kr

Available format(s): PDF | BibTeX Citation

Version: 20200422:080046 (All versions of this report)

Short URL: ia.cr/2019/586


[ Cryptology ePrint archive ]