Paper 2024/854
Simulation-Extractable KZG Polynomial Commitments and Applications to HyperPlonk
, Zama, FranceAbstract
HyperPlonk is a recent SNARK proposal (Eurocrypt'23) that features a linear-time prover and supports custom gates of larger degree than Plonk. For the time being, its instantiations are only proven to be knowledge-sound (meaning that soundness is only guaranteed when the prover runs in isolation) while many applications motivate the stronger notion of simulation-extractability (SE). Unfortunately, the most efficient SE compilers are not immediately applicable to multivariate polynomial interactive oracle proofs. To address this problem, we provide an instantiation of HyperPlonk for which we can prove simulation-extractability in a strong sense. As a crucial building block, we describe KZG-based commitments to multivariate polynomials that also provide simulation-extractability while remaining as efficient as malleable ones. Our proofs stand in the combined algebraic group and random oracle model and ensure straight-line extractability (i.e., without rewinding).
Metadata
- Available format(s)
-
PDF
- Category
- Cryptographic protocols
- Publication info
- A major revision of an IACR publication in PKC 2024
- DOI
- 10.1007/978-3-031-57722-2\_3
- Keywords
- Polynomial commitmentsSNARKszero-knowledgesimulation-extractability
- Contact author(s)
- benoit libert @ zama ai
- History
- 2024-05-31: approved
- 2024-05-30: received
- See all versions
- Short URL
- https://ia.cr/2024/854
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/854,
author = {Benoit Libert},
title = {Simulation-Extractable {KZG} Polynomial Commitments and Applications to {HyperPlonk}},
howpublished = {Cryptology ePrint Archive, Paper 2024/854},
year = {2024},
doi = {10.1007/978-3-031-57722-2\_3},
note = {\url{https://eprint.iacr.org/2024/854}},
url = {https://eprint.iacr.org/2024/854}
}
