In this paper we show how to obtain PCD without relying on SNARKs. We construct a PCD scheme given any non-interactive argument of knowledge (e.g., with linear-size proofs) that has a *split accumulation scheme*, which is a weak form of accumulation that we introduce.
We additionally construct a transparent non-interactive argument of knowledge for R1CS whose accumulation is verifiable via a *constant number of group and field operations*. This leads, via the random oracle heuristic and our result above, to efficiency improvements for PCD. Along the way, we construct a split accumulation scheme for a simple polynomial commitment scheme based on Pedersen commitments.
Our results are supported by a modular and efficient implementation.
Category / Keywords: foundations / proof-carrying data; accumulation schemes; recursive proof composition Date: received 31 Dec 2020 Contact author: benedikt at cs stanford edu,alexch@berkeley edu,pratyush@berkeley edu,nspooner@bu edu Available format(s): PDF | BibTeX Citation Version: 20201231:095317 (All versions of this report) Short URL: ia.cr/2020/1618