On Succinct Arguments and Witness Encryption from Groups

Succinct non-interactive arguments (SNARGs) enable proofs of \(\mathsf {NP} \) statements with very low communication. Recently, there has been significant work in both theory and practice on constructing SNARGs with very short proofs. Currently, the state-of-the-art in succinctness is due to Groth (Eurocrypt 2016) who constructed a SNARG from bilinear maps where the proof consists of just 3 group elements.

[1]  Nir Bitansky,et al.  From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again , 2012, ITCS '12.

[2]  Qi Cheng,et al.  A Deterministic Reduction for the Gap Minimum Distance Problem , 2012, IEEE Transactions on Information Theory.

[3]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[4]  Ran Canetti,et al.  Obfuscating Point Functions with Multibit Output , 2008, EUROCRYPT.

[5]  Amit Sahai,et al.  Indistinguishability obfuscation from well-founded assumptions , 2020, IACR Cryptol. ePrint Arch..

[6]  Vinod Vaikuntanathan,et al.  Multiparty Computation with Low Communication, Computation and Interaction via Threshold FHE , 2012, EUROCRYPT.

[7]  Rafael Pass,et al.  Indistinguishability obfuscation from circular security , 2021, IACR Cryptol. ePrint Arch..

[8]  Zvika Brakerski,et al.  Candidate iO from Homomorphic Encryption Schemes , 2020, Journal of Cryptology.

[9]  Ran Raz,et al.  A parallel repetition theorem , 1995, STOC '95.

[10]  Daniel J. Bernstein,et al.  Curve25519: New Diffie-Hellman Speed Records , 2006, Public Key Cryptography.

[11]  Ran Raz,et al.  Two Query PCP with Sub-Constant Error , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[12]  Yuval Ishai,et al.  Affine Determinant Programs: A Framework for Obfuscation and Witness Encryption , 2020, ITCS.

[13]  Brent Waters,et al.  Lockable Obfuscation , 2017, 2017 IEEE 58th Annual Symposium on Foundations of Computer Science (FOCS).

[14]  Leonid A. Levin,et al.  A hard-core predicate for all one-way functions , 1989, STOC '89.

[15]  Nir Bitansky,et al.  Succinct Non-Interactive Arguments via Linear Interactive Proofs , 2013, Journal of Cryptology.

[16]  Martin E. Hellman,et al.  A cryptanalytic time-memory trade-off , 1980, IEEE Trans. Inf. Theory.

[17]  V. Nechaev Complexity of a determinate algorithm for the discrete logarithm , 1994 .

[18]  Oded Goldreich,et al.  Candidate One-Way Functions Based on Expander Graphs , 2000, Studies in Complexity and Cryptography.

[19]  Nir Bitansky,et al.  Succinct Arguments from Multi-prover Interactive Proofs and Their Efficiency Benefits , 2012, CRYPTO.

[20]  Nir Bitansky,et al.  The Hunting of the SNARK , 2016, Journal of Cryptology.

[21]  J. Pollard,et al.  Monte Carlo methods for index computation () , 1978 .

[22]  Ron Rothblum,et al.  From Laconic Zero-Knowledge to Public-Key Cryptography , 2018, Electron. Colloquium Comput. Complex..

[23]  Madhu Sudan,et al.  Hardness of approximating the minimum distance of a linear code , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[24]  George Danezis,et al.  Square Span Programs with Applications to Succinct NIZK Arguments , 2014, ASIACRYPT.

[25]  Yuval Ishai,et al.  Quasi-Optimal SNARGs via Linear Multi-Prover Interactive Proofs , 2018, IACR Cryptol. ePrint Arch..

[26]  Nir Bitansky,et al.  On the existence of extractable one-way functions , 2014, SIAM J. Comput..

[27]  Zvika Brakerski,et al.  Factoring and Pairings are not Necessary for iO: Circular-Secure LWE Suffices , 2020, IACR Cryptol. ePrint Arch..

[28]  R. Cramer,et al.  Linear Zero-Knowledgde. A Note on Efficient Zero-Knowledge Proofs and Arguments , 1996 .

[29]  Yuval Ishai,et al.  Lattice-Based SNARGs and Their Application to More Efficient Obfuscation , 2017, EUROCRYPT.

[30]  Eli Ben-Sasson,et al.  Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[31]  Brent Waters,et al.  Candidate Indistinguishability Obfuscation and Functional Encryption for all Circuits , 2013, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science.

[32]  Joe Zimmerman,et al.  How to Obfuscate Programs Directly , 2015, EUROCRYPT.

[33]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[34]  Daniel Wichs,et al.  Obfuscating Compute-and-Compare Programs under LWE , 2017, 2017 IEEE 58th Annual Symposium on Foundations of Computer Science (FOCS).

[35]  W. Hoeffding Probability Inequalities for sums of Bounded Random Variables , 1963 .

[36]  Russell Impagliazzo,et al.  Limits on the provable consequences of one-way permutations , 1988, STOC '89.

[37]  Johan Håstad,et al.  Some optimal inapproximability results , 2001, JACM.

[38]  Jens Groth,et al.  On the Size of Pairing-Based Non-interactive Arguments , 2016, EUROCRYPT.

[39]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[40]  David J. Wu,et al.  Function-Hiding Inner Product Encryption is Practical , 2018, IACR Cryptol. ePrint Arch..

[41]  Pierrick Méaux,et al.  On the Concrete Security of Goldreich's Pseudorandom Generator , 2018, ASIACRYPT.

[42]  Subhash Khot,et al.  A Simple Deterministic Reduction for the Gap Minimum Distance of Code Problem , 2014, IEEE Transactions on Information Theory.

[43]  Giovanni Di Crescenzo,et al.  Succinct NP Proofs from an Extractability Assumption , 2008, CiE.

[44]  Periklis A. Papakonstantinou,et al.  How powerful are the DDH hard groups? , 2012, Electron. Colloquium Comput. Complex..

[45]  Michael Backes,et al.  ADSNARK: Nearly Practical and Privacy-Preserving Proofs on Authenticated Data , 2015, 2015 IEEE Symposium on Security and Privacy.

[46]  Abhi Shelat,et al.  A Note on Black-Box Complexity of Indistinguishability Obfuscation , 2016, IACR Cryptol. ePrint Arch..

[47]  David Steurer,et al.  Analytical approach to parallel repetition , 2013, STOC.

[48]  Brent Waters,et al.  Targeted malleability: homomorphic encryption for restricted computations , 2012, ITCS '12.

[49]  Dan Boneh,et al.  Bulletproofs: Short Proofs for Confidential Transactions and More , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[50]  Eli Ben-Sasson,et al.  Scalable Zero Knowledge with No Trusted Setup , 2019, CRYPTO.

[51]  Thilo Mie,et al.  Polylogarithmic two-round argument systems , 2008, J. Math. Cryptol..

[52]  Shweta Agrawal,et al.  Indistinguishability Obfuscation Without Maps: Attacks and Fixes for Noisy Linear FE , 2020, IACR Cryptol. ePrint Arch..

[53]  Eli Ben-Sasson,et al.  SNARKs for C: Verifying Program Executions Succinctly and in Zero Knowledge , 2013, CRYPTO.

[54]  Jens Groth,et al.  Short Pairing-Based Non-interactive Zero-Knowledge Arguments , 2010, ASIACRYPT.

[55]  Carsten Lund,et al.  Proof verification and the hardness of approximation problems , 1998, JACM.

[56]  Hoeteck Wee,et al.  On obfuscating point functions , 2005, STOC '05.

[57]  Rafail Ostrovsky,et al.  Efficient Arguments without Short PCPs , 2007, Twenty-Second Annual IEEE Conference on Computational Complexity (CCC'07).

[58]  Allison Bishop,et al.  Witness Encryption from Instance Independent Assumptions , 2014, IACR Cryptol. ePrint Arch..

[59]  Hoeteck Wee,et al.  Candidate Obfuscation via Oblivious LWE Sampling , 2020, IACR Cryptol. ePrint Arch..

[60]  Amit Sahai,et al.  Indistinguishability Obfuscation from Simple-to-State Hard Problems: New Assumptions, New Techniques, and Simplification , 2020, IACR Cryptol. ePrint Arch..

[61]  Rafail Ostrovsky,et al.  Secure Computation with Honest-Looking Parties: What If Nobody Is Truly Honest? (Extended Abstract) , 1999, STOC.

[62]  Joe Kilian,et al.  A note on efficient zero-knowledge proofs and arguments (extended abstract) , 1992, STOC '92.

[63]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[64]  Yehuda Lindell,et al.  Security Against Covert Adversaries: Efficient Protocols for Realistic Adversaries , 2007, Journal of Cryptology.

[65]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[66]  Craig Gentry,et al.  Separating succinct non-interactive arguments from all falsifiable assumptions , 2011, STOC '11.

[67]  Avi Wigderson,et al.  On interactive proofs with a laconic prover , 2001, computational complexity.

[68]  Antonio Faonio,et al.  Predictable Arguments of Knowledge , 2017, Public Key Cryptography.

[69]  Ran Canetti,et al.  Towards Realizing Random Oracles: Hash Functions That Hide All Partial Information , 1997, CRYPTO.

[70]  Vinod Vaikuntanathan,et al.  GGH15 Beyond Permutation Branching Programs: Proofs, Attacks, and Candidates , 2018, IACR Cryptol. ePrint Arch..

[71]  Silvio Micali,et al.  Computationally Sound Proofs , 2000, SIAM J. Comput..

[72]  Abhi Shelat,et al.  Lower Bounds on Assumptions Behind Indistinguishability Obfuscation , 2016, TCC.

[73]  Jacob T. Schwartz,et al.  Fast Probabilistic Algorithms for Verification of Polynomial Identities , 1980, J. ACM.

[74]  Subhash Khot,et al.  Improved 3LIN Hardness via Linear Label Cover , 2019, Electron. Colloquium Comput. Complex..

[75]  Jens Groth,et al.  Efficient Zero-Knowledge Arguments for Arithmetic Circuits in the Discrete Log Setting , 2016, EUROCRYPT.

[76]  Craig Gentry,et al.  Quadratic Span Programs and Succinct NIZKs without PCPs , 2013, IACR Cryptol. ePrint Arch..

[77]  Helger Lipmaa,et al.  Progression-Free Sets and Sublinear Pairing-Based Non-Interactive Zero-Knowledge Arguments , 2012, TCC.

[78]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[79]  Brent Waters,et al.  Witness encryption and its applications , 2013, STOC '13.

[80]  Stathis Zachos,et al.  Does co-NP Have Short Interactive Proofs? , 1987, Inf. Process. Lett..

[81]  Oded Goldreich,et al.  On the Complexity of Interactive Proofs with Bounded Communication , 1998, Inf. Process. Lett..

[82]  Craig Gentry,et al.  Pinocchio: Nearly Practical Verifiable Computation , 2013, 2013 IEEE Symposium on Security and Privacy.

[83]  Ran Canetti,et al.  Obfuscation of Hyperplane Membership , 2010, TCC.

[84]  Eike Kiltz,et al.  The Algebraic Group Model and its Applications , 2018, IACR Cryptol. ePrint Arch..

[85]  Hoeteck Wee,et al.  On Round-Efficient Argument Systems , 2005, ICALP.

[86]  Rafail Ostrovsky,et al.  Minimum resource zero knowledge proofs , 1989, 30th Annual Symposium on Foundations of Computer Science.

[87]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[88]  Richard Zippel,et al.  Probabilistic algorithms for sparse polynomials , 1979, EUROSAM.

[89]  Eli Ben-Sasson,et al.  Computational Integrity with a Public Random String from Quasi-Linear PCPs , 2017, EUROCRYPT.

[90]  Yuval Ishai,et al.  Zero-Knowledge Proofs on Secret-Shared Data via Fully Linear PCPs , 2019, CRYPTO.

[91]  Vinod Vaikuntanathan,et al.  Obfuscating Conjunctions under Entropic Ring LWE , 2016, ITCS.

[92]  Nisheeth K. Vishnoi,et al.  2log1-ε n hardness for the closest vector problem with preprocessing , 2012, STOC '12.

[93]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[94]  Ivan Damgård,et al.  Linear zero-knowledge—a note on efficient zero-knowledge proofs and arguments , 1997, STOC '97.