Paper 2024/1548

Fully-Succinct Arguments over the Integers from First Principles

Matteo Campanelli
Mathias Hall-Andersen, ZKSecurity
Abstract

Succinct arguments of knowledge allow an untrusted prover to establish that they know a witness for an NP relation. Many recent efficient constructions of such schemes work over arithmetic computations expressed in finite fields. Several common settings, however, have an extremely simple representation when expressed over the integers (e.g., RSA signatures/accumulators, range checks for committed values, computations over rational numbers). Efficient arguments of knowledge working natively over $\mathbb{Z}$ could be applied to such computations without the overhead from emulating integer arithmetic over a finite field. We propose the first native construction of SNARKs over the integers that is fully succinct, thus resolving an open problem from Towa and Vergnaud (Asiacrypt 2020). By fully succinct, we mean that \textit{both} the proof size and the verifier's running time should be sublinear in both $|\vec w|$—the size of the witness as a vector of integers—and $\log_2 \lVert \vec w \rVert_\infty$—the size in bits of the largest integer in the witness vector (in absolute value). As a stepping stone for our results we provide a general theoretical framework for building succinct arguments over the integers. Its most attractive feature is that it allows to reuse already existing constructions of SNARKs in a modular way and can be used as a starting point for constructions following up our work. We build these systematic foundations by leveraging a common technique in theoretical computer science—fingerprinting—and applying it to a new setting. Our framework consists of two main ingredients: idealized protocols and polynomial commitments such that an object ``committed over the integers'' can however be ``queried modulo $q$'', for a randomly sampled prime $q$. We obtain our final construction, $\mathbb{Z}$aratan, by lifting the $\mathsf{Spartan}$ construction (Setty, CRYPTO 2020) to the integers and applying a form of polynomial commitment based on the techniques from DARK (Bünz et al., Eurocrypt 2020). $\mathbb{Z}$aratan has a transparent setup, is proven secure in the generic group model for groups of unknown order and can be heuristically made non-interactive in the ROM via the Fiat-Shamir transform.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
snarksintegerholographyfingerprintingproofsargumentssuccinct
Contact author(s)
binarywhalesinternaryseas @ gmail com
mathias @ hall-andersen dk
History
2024-10-04: revised
2024-10-03: received
See all versions
Short URL
https://ia.cr/2024/1548
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/1548,
      author = {Matteo Campanelli and Mathias Hall-Andersen},
      title = {Fully-Succinct Arguments over the Integers from First Principles},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1548},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1548}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.