Paper 2024/721
Real-world Universal zkSNARKs are non-malleable
, EURECOM, IMDEA Software, EURECOMAbstract
Simulation extractability is a strong security notion of zkSNARKs that guarantees that an attacker who produces a valid proof must know the corresponding witness, even if the attacker had prior access to proofs generated by other users. Notably, simulation extractability implies that proofs are non-malleable and is of fundamental importance for applications of zkSNARKs in distributed systems. In this work, we study sufficient and necessary conditions for constructing simulation-extractable universal zkSNARKs via the popular design approach based on compiling polynomial interactive oracle proofs (PIOP). Our main result is the first security proof that popular universal zkSNARKs, such as PLONK and Marlin, as deployed in the real world, are simulation-extractable. Our result fills a gap left from previous work (Faonio et al. TCC’23, and Kohlweiss et al. TCC’23) which could only prove the simulation extractability of the “textbook” versions of these schemes and does not capture their optimized variants, with all the popular optimization tricks in place, that are eventually implemented and deployed in software libraries.
Metadata
- Available format(s)
-
PDF
- Category
- Cryptographic protocols
- Publication info
- Preprint.
- Keywords
- polynomial commitmentsnon-malleabilitysimulation-extractabilityzero-knowledgecommit-and-proveIOP
- Contact author(s)
-
antonio faonio @ eurecom fr
dario fiore @ imdea org
russol @ eurecom fr - History
- 2024-05-11: approved
- 2024-05-10: received
- See all versions
- Short URL
- https://ia.cr/2024/721
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/721,
author = {Antonio Faonio and Dario Fiore and Luigi Russo},
title = {Real-world Universal {zkSNARKs} are non-malleable},
howpublished = {Cryptology {ePrint} Archive, Paper 2024/721},
year = {2024},
url = {https://eprint.iacr.org/2024/721}
}
