Universally Composable SNARKs with Transparent Setup without Programmable Random Oracle

Christian Badertscher; Matteo Campanelli; Michele Ciampi; Luigi Russo; Luisa Siniscalchi

Paper 2024/1549

Universally Composable SNARKs with Transparent Setup without Programmable Random Oracle

Christian Badertscher

, Zurich University of Applied Sciences and IOG

Matteo Campanelli

, Offchain Labs

Michele Ciampi

, The University of Edinburgh

Luigi Russo

, EURECOM

Luisa Siniscalchi

, Technical University of Denmark

Abstract

Non-interactive zero-knowledge (NIZK) proofs enable a prover to convince a verifier of an NP statement’s validity using a single message, without disclosing any additional information. These proofs are widely studied and deployed, especially in their succinct form, where proof length is sublinear in the size of the NP relation. However, efficient succinct NIZKs typically require an idealized setup, such as a a common reference string, which complicates real-world deployment. A key challenge is developing NIZKs with simpler, more transparent setups. A promising approach is the random-oracle (RO) methodology, which idealizes hash functions as public random functions. It is commonly believed that UC NIZKs cannot be realized using a non-programmable global RO—the simplest incarnation of the RO as a form of setup—since existing techniques depend on the ability to program the oracle. We challenge this belief and present a methodology to build UC-secure NIZKs based solely on a global, non-programmable RO. By applying our framework we are able to construct a NIZK that achieves witness-succinct proofs of logarithmic size, breaking both the programmability barrier and polylogarithmic proof size limitations for UC-secure NIZKs with transparent setups. We further observe that among existing global RO formalizations put forth by Camenisch et al. (Eurocrypt 2018), our choice of setup is necessary to achieve this result. From the technical standpoint, our contributions span both modeling and construction. We leverage the shielded (super-poly) oracle model introduced by Broadnax et al. (Eurocrypt 2017) to define a UC NIZK functionality that can serve as a drop-in replacement for its standard variant—it preserves the usual soundness and zero-knowledge properties while ensuring its compositional guarantees remain intact. To instantiate this functionality under a non-programmable RO setup, we follow the framework of Ganesh et al. (Eurocrypt 2023) and provide new building blocks for it, around which are some of our core technical contributions: a novel polynomial encoding technique and the leakage analysis of its companion polynomial commitment, based on Bulletproofs-style folding. We also provide a second construction, based on a recent work by Chiesa and Fenzi (TCC 2024), and show that it achieves a slightly weaker version of the NIZK functionality.

Metadata

Available format(s): PDF
Category: Cryptographic protocols
Publication info: Preprint.
Keywords: zero knowledge random oracle transparent SNARK NIZK
Contact author(s): christian badertscher @ iohk io
binarywhalesinternaryseas @ gmail com
mciampi @ ed ac uk
russol @ eurecom fr
luisi @ dtu dk
History: 2025-03-04: last of 2 revisions; 2024-10-03: received; See all versions
Short URL: https://ia.cr/2024/1549
License: CC BY

BibTeX

@misc{cryptoeprint:2024/1549,
      author = {Christian Badertscher and Matteo Campanelli and Michele Ciampi and Luigi Russo and Luisa Siniscalchi},
      title = {Universally Composable {SNARKs} with Transparent Setup without Programmable Random Oracle},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1549},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1549}
}