Paper 2024/818

The Brave New World of Global Generic Groups and UC-Secure Zero-Overhead SNARKs

Jan Bobolz, University of Edinburgh
Pooya Farshim, Durham University, IOG
Markulf Kohlweiss, University of Edinburgh, IOG
Akira Takahashi
Abstract

The universal composability (UC) model provides strong security guarantees for protocols used in arbitrary contexts. While these guarantees are highly desirable, in practice, schemes with a standalone proof of security, such as the Groth16 proof system, are preferred. This is because UC security typically comes with undesirable overhead, sometimes making UC-secure schemes significantly less efficient than their standalone counterparts. We establish the UC security of Groth16 without any significant overhead. In the spirit of global random oracles, we design a global (restricted) observable generic group functionality that models a natural notion of observability: computations that trace back to group elements derived from generators of other sessions are observable. This notion turns out to be surprisingly subtle to formalize. We provide a general framework for proving protocols secure in the presence of global generic groups, which we then apply to Groth16.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
Generic Group ModelGroth16Universal Composability
Contact author(s)
jan bobolz @ ed ac uk
pooya farshim @ gmail com
markulf kohlweiss @ ed ac uk
takahashi akira 58s @ gmail com
History
2024-05-27: approved
2024-05-26: received
See all versions
Short URL
https://ia.cr/2024/818
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/818,
      author = {Jan Bobolz and Pooya Farshim and Markulf Kohlweiss and Akira Takahashi},
      title = {The Brave New World of Global Generic Groups and {UC}-Secure Zero-Overhead {SNARKs}},
      howpublished = {Cryptology ePrint Archive, Paper 2024/818},
      year = {2024},
      note = {\url{https://eprint.iacr.org/2024/818}},
      url = {https://eprint.iacr.org/2024/818}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.