Paper 2022/542

On Valiant's Conjecture: Impossibility of Incrementally Verifiable Computation from Random Oracles

Mathias Hall-Andersen and Jesper Buus Nielsen


In his landmark paper at TCC 2008 Paul Valiant introduced the notion of ``incrementally verifiable computation'' which enables a prover to incrementally compute a succinct proof of correct execution of a (potentially) long running process. The paper later won the 2019 TCC test of time award. The construction was proven secure in the random oracle model without any further computational assumptions. However, the overall proof was given using a non-standard version of the random-oracle methodology where sometimes the hash function is a random oracle and sometimes it has a short description as a circuit. Valiant clearly noted that this model is non-standard, but conjectured that the standard random oracle methodology would not suffice. This conjecture has been open for 14 years. We prove that under some mild extra assumptions on the proof system the conjecture is true: the standard random-oracle model does not allow incrementally verifiable computation without making computational assumptions. Two extra assumptions under which we can prove the conjecture are 1) the proof system is also zero-knowledge or 2) when the proof system makes a query to its random oracle it can know with non-negligible probability whether the query is fresh or was made by the proof system earlier in the construction of the proof.

Available format(s)
Publication info
Preprint. MINOR revision.
random oraclesPCPSNARKproof carrying data
Contact author(s)
jbn @ cs au dk
mathias @ hall-andersen dk
2022-05-10: received
Short URL
Creative Commons Attribution


      author = {Mathias Hall-Andersen and Jesper Buus Nielsen},
      title = {On Valiant's Conjecture: Impossibility of Incrementally Verifiable Computation from Random Oracles},
      howpublished = {Cryptology ePrint Archive, Paper 2022/542},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.