Paper 2023/097

Universally Composable NIZKs: Circuit-Succinct, Non-Malleable and CRS-Updatable

Behzad Abdolmaleki, Max Planck Institute for Security and Privacy
Noemi Glaeser, University of Maryland, College Park, Max Planck Institute for Security and Privacy
Sebastian Ramacher, Austrian Institute of Technology
Daniel Slamanig, Austrian Institute of Technology

Non-interactive zero-knowledge proofs (NIZKs) and in particular succinct NIZK arguments of knowledge (so called zk-SNARKs) increasingly see real-world adoption in large and complex systems. A requirement that turns out to be important for NIZKs is ensuring non-malleability of proofs, which can be achieved via the property of simulation extractability (SE). Moreover, many zk-SNARKs require a trusted setup, i.e., a common reference string (CRS), and in practice it is desirable to reduce the trust in the CRS generation. Latter can be achieved via the notions of subversion or updatable CRS. Another important property when deployed in large and complex systems is the secure composition of protocols, e.g., via using the Universal Composability (UC) framework. Relying on the UC frameworks allows to arbitrarily and securely compose protocols in a modular way. In this work, we are interested in whether zk-SNARKs can provide all these desired properties. This is a tricky task as the UC framework rules out several natural techniques for such a construction. Our main result is to show that achieving these properties is indeed possible in a generic and modular way when slightly relaxing the succinctness properties of zk-SNARKs to those of a circuit-succinct NIZK which is not witness-succinct, i.e., by increasing the proof size of the underlying zk-SNARK by the size of the witness $w$. We will argue that for various practical applications of zk-SNARKs this overhead is perfectly tolerable. Our starting point is a framework by Abdolmaleki et al. called Lamassu (ACM CCS'20) which we extend in several directions. Moreover, we implement our compiler on top of Sonic (ACM CCS'19) and provide benchmarks as well as a discussion on the choice of the required primitives.

Available format(s)
Cryptographic protocols
Publication info
non-interactive zero knowledgeUniversal Composabilityupdatable CRS
Contact author(s)
abdolmaleki behzad ir @ gmail com
nglaeser @ umd edu
sebastian ramacher @ ait ac at
daniel slamanig @ ait ac at
2023-01-26: approved
2023-01-26: received
See all versions
Short URL
Creative Commons Attribution


      author = {Behzad Abdolmaleki and Noemi Glaeser and Sebastian Ramacher and Daniel Slamanig},
      title = {Universally Composable NIZKs: Circuit-Succinct, Non-Malleable and CRS-Updatable},
      howpublished = {Cryptology ePrint Archive, Paper 2023/097},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.