Paper 2024/1731

Arc: Accumulation for Reed--Solomon Codes

Benedikt Bünz, New York University
Pratyush Mishra, University of Pennsylvania
Wilson Nguyen, Stanford University
William Wang, New York University
Abstract

Proof-Carrying Data (PCD) is a foundational tool for ensuring the correctness of incremental distributed computations that has found numerous applications in theory and practice. The state-of-the-art PCD constructions are obtained via accumulation or folding schemes. Unfortunately, almost all known constructions of accumulation schemes rely on homomorphic vector commitments (VCs), which results in relatively high computational costs and insecurity in the face of quantum adversaries. A recent work of Bünz, Mishra, Nguyen, and Wang removes the dependence on homomorphic VCs by relying only on the random oracle model, but introduces a bound on the number of consecutive accumulation steps, which in turn bounds the depth of the PCD computation graph and greatly affects prover and verifier efficiency. In this work, we propose Arc, a novel hash-based accumulation scheme that overcomes this restriction and supports an unbounded number of accumulation steps. The core building block underlying Arc is a new accumulation scheme for claims about proximity of claimed codewords to the Reed--Solomon code. Our approach achieves near-optimal efficiency, requiring a small number of Merkle tree openings relative to the code rate, and avoids the efficiency loss associated with bounded accumulation depth. Unlike prior work, our scheme is also able to accumulate claims up to list-decoding radius, resulting in concrete efficiency improvements. We use this accumulation scheme to construct two distinct accumulation schemes, again relying solely on random oracles. The first approach accumulates RS proximity claims and can be used as an almost-drop-in replacement in existing PCD deployments based on IOP-based SNARKs. The second approach directly constructs an accumulation scheme for rank-1 constraint systems (and more generally polynomial constraint systems) that is simpler and more efficient than the former and prior approaches. We introduce the notion of Interactive Oracle Reductions (IORs) to enable a modular and simple security analysis. These extend prior notions of Reductions of Knowledge to the setting of IOPs.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint.
Keywords
PCDSNARKsVerifiable ComputationAccumulationFolding
Contact author(s)
bb @ nyu edu
prat @ upenn edu
wdnguyen @ stanford edu
ww @ priv pub
History
2024-10-25: revised
2024-10-22: received
See all versions
Short URL
https://ia.cr/2024/1731
License
Creative Commons Attribution-NonCommercial
CC BY-NC

BibTeX

@misc{cryptoeprint:2024/1731,
      author = {Benedikt Bünz and Pratyush Mishra and Wilson Nguyen and William Wang},
      title = {Arc: Accumulation for Reed--Solomon Codes},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1731},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1731}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.