On Subversion-Resistant SNARKs

Behzad Abdolmaleki, Helger Lipmaa, Janno Siim, and Michał Zając

Abstract

While NIZK arguments in the CRS model are widely studied, the question of what happens when the CRS was subverted has received little attention. In ASIACRYPT 2016, Bellare, Fuchsbauer, and Scafuro showed the first negative and positive results in the case of NIZK, proving also that it is impossible to achieve subversion soundness and (even non-subversion) zero-knowledge at the same time. On the positive side, they constructed an involved sound and subversion-zero-knowledge (Sub-ZK) non-succinct NIZK argument for NP. We consider the practically very relevant case of zk-SNARKs. We make Groth's zk-SNARK for \textsc{Circuit-SAT} from EUROCRYPT 2016 computationally knowledge-sound and perfectly composable Sub-ZK with minimal changes. We only require the CRS trapdoor to be extractable and the CRS to be publicly verifiable. To achieve the latter, we add some new elements to the CRS and construct an efficient CRS verification algorithm. We also provide a definitional framework for knowledge-sound and Sub-ZK SNARKs.

Note: This is a (belated) full version of the Asiacrypt 2017 paper of a slightly different subset of co-authors. There have been many smaller and bigger changes; we provided a short overview of them in Appendix A

Available format(s)
Category
Cryptographic protocols
Publication info
A major revision of an IACR publication in ASIACRYPT 2017
Keywords
Common reference stringgeneric group modelnon-interactive zero knowledgesubversion zero knowledgeSNARK
Contact author(s)
abdolmaleki behzad ir @ gmail com
jannosiim @ gmail com
helger lipmaa @ gmail com
m p zajac @ gmail com
History
Short URL
https://ia.cr/2020/668

CC BY

BibTeX

@misc{cryptoeprint:2020/668,
author = {Behzad Abdolmaleki and Helger Lipmaa and Janno Siim and Michał Zając},
title = {On Subversion-Resistant SNARKs},
howpublished = {Cryptology ePrint Archive, Paper 2020/668},
year = {2020},
note = {\url{https://eprint.iacr.org/2020/668}},
url = {https://eprint.iacr.org/2020/668}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.