Paper 2019/586

Simulation-Extractable zk-SNARK with a Single Verification

Jihye Kim, Jiwon Lee, and Hyunok Oh


The simulation-extractable zk-SNARK (SE-SNARK) introduces a security notion of non-malleability. The existing pairing-based zk-SNARKs designed from linear encoding are known to be vulnerable to algebraic manipulation of the proof. The latest SE-SNARKs check the proof consistency by increasing the proof size and the verification cost. In particular, the number of pairings increases almost doubles due to further verification. In this paper, we propose two novel SE-SNARK constructions with a single verification. The consistency check is subsumed in a single verification through employing a hash function. The proof size and verification time of the proposed SE-SNARK schemes are minimal in that it is the same as the state-of-the-art zk-SNARK without non-malleability. The proof in our SE-SNARK constructions comprises only three group elements (type III) in the QAP-based scheme and two group elements (type I) in the SAP-based scheme. The verification time in both requires only 3 pairings. The soundness of the proposed schemes is proven under the hash-algebraic knowledge (HAK) assumption and the (linear) collision-resistant hash assumption.

Available format(s)
Cryptographic protocols
Publication info
Preprint. MINOR revision.
pairing-based zk-SNARKsimulation-extractabilityquadratic arithmetic programsquare arithmetic program
Contact author(s)
jihyek @ kookmin ac kr
jiwonlee @ hanyang ac kr
hoh @ hanyang ac kr
2020-04-22: last of 5 revisions
2019-05-30: received
See all versions
Short URL
Creative Commons Attribution


      author = {Jihye Kim and Jiwon Lee and Hyunok Oh},
      title = {Simulation-Extractable zk-SNARK with a Single Verification},
      howpublished = {Cryptology ePrint Archive, Paper 2019/586},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.