## Cryptology ePrint Archive: Report 2020/1318

Poppins: A Direct Construction for Asymptotically Optimal zkSNARKs

Abhiram Kothapalli and Elisaweta Masserova and Bryan Parno

Abstract: We present Poppins, a direct construction of a zero-knowledge argument system for general computation that features an $O_{\lambda}(n)$ time prover and an $O_{\lambda}(1)$ time verifier (after a single $O_{\lambda}(n)$ public setup) for computations of size $n$. Our scheme utilizes a universal linear-size structured reference string (SRS) that allows a single trusted setup to be used across all computation instances of a bounded size. Concretely, for computations of size $n$, our prover's cost is dominated by $35$ multi-exponentiations of size $n$ and our verifier's cost is dominated by $34$ pairings. To achieve the stated asymptotics, we first construct a nearly-optimal zkSNARK with a logarithmic verifier in the random oracle model. We then show how to achieve a constant-time verifier using (single-layer) proof composition. Along the way we design (1) a new polynomial commitment scheme for evaluation-based representations of polynomials, (2) an asymptotically optimal inner-product argument system, (3) an asymptotically optimal multi-Hadamard-product argument system, and (4)~a new constraint system for NP that is particularly well-suited for our bundle of techniques.

Category / Keywords: cryptographic protocols / verifiable computation, zero knowledge, zkSNARKs

Date: received 21 Oct 2020, last revised 4 Mar 2021

Contact author: akothapa at andrew cmu edu,elisawem@andrew cmu edu,parno@cmu edu

Available format(s): PDF | BibTeX Citation

Short URL: ia.cr/2020/1318

[ Cryptology ePrint archive ]