SNARGs for P from LWE

We provide the €rst construction of a succinct non-interactive argument (SNARG) for all polynomial time deterministic computations based on standard assumptions. For ) steps of computation, the size of the proof and the common random string (CRS) as well as the veri€cation time are poly-logarithmic in ) . ‘e security of our scheme relies on the hardness of the Learning with Errors (LWE) problem against polynomial-time adversaries. Previously, SNARGs based on standard assumptions could support bounded-depth computations and required sub-exponential hardness assumptions [Jawale-Kalai-Khurana-Zhang, STOC’21]. Along the way, we also provide the €rst construction of non-interactive batch arguments for NP based solely on the LWE assumption.

[1]  Ron Rothblum,et al.  Delegating Computations with (Almost) Minimal Time and Space Overhead , 2018, 2018 IEEE 59th Annual Symposium on Foundations of Computer Science (FOCS).

[2]  Daniel Wichs,et al.  On the Communication Complexity of Secure Function Evaluation with Long Output , 2015, IACR Cryptol. ePrint Arch..

[3]  Srinath T. V. Setty,et al.  Spartan: Efficient and general-purpose zkSNARKs without trusted setup , 2020, IACR Cryptol. ePrint Arch..

[4]  Chris Peikert,et al.  Noninteractive Zero Knowledge for NP from (Plain) Learning With Errors , 2019, IACR Cryptol. ePrint Arch..

[5]  RegevOded On lattices, learning with errors, random linear codes, and cryptography , 2009 .

[6]  Yael Tauman Kalai,et al.  Succinct delegation for low-space non-deterministic computation , 2018, STOC.

[7]  Damien Stehlé,et al.  Classical hardness of learning with errors , 2013, STOC '13.

[8]  Ron Rothblum,et al.  Batch Verification and Proofs of Proximity with Polylog Overhead , 2020, Electron. Colloquium Comput. Complex..

[9]  Arka Rai Choudhuri,et al.  Non-Interactive Batch Arguments for NP from Standard Assumptions , 2021, IACR Cryptol. ePrint Arch..

[10]  Allison Bishop,et al.  Indistinguishability Obfuscation for Turing Machines with Unbounded Memory , 2015, IACR Cryptol. ePrint Arch..

[11]  Ron Rothblum,et al.  Fiat-Shamir: from practice to theory , 2019, STOC.

[12]  Carla Ràfols,et al.  Shorter Pairing-Based Arguments Under Standard Assumptions , 2019, ASIACRYPT.

[13]  Alex Lombardi,et al.  Cryptographic Hashing from Strong One-Way Functions (Or: One-Way Product Functions and Their Applications) , 2018, 2018 IEEE 59th Annual Symposium on Foundations of Computer Science (FOCS).

[14]  Nir Bitansky,et al.  Succinct Randomized Encodings and their Applications , 2015, IACR Cryptol. ePrint Arch..

[15]  Zvika Brakerski,et al.  Witness Indistinguishability for Any Single-Round Argument with Applications to Access Control , 2020, Public Key Cryptography.

[16]  Kai-Min Chung,et al.  Cryptography for Parallel RAM from Indistinguishability Obfuscation , 2016, ITCS.

[17]  Zvika Brakerski,et al.  NIZK from LPN and Trapdoor Hash via Correlation Intractability for Approximable Relations , 2020, IACR Cryptol. ePrint Arch..

[18]  Boaz Barak,et al.  How to go beyond the black-box simulation barrier , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[19]  Omer Paneth,et al.  On Zero-Testable Homomorphic Encryption and Publicly Verifiable Non-interactive Arguments , 2017, TCC.

[20]  Yael Tauman Kalai,et al.  SNARGs for bounded depth computations and PPAD hardness from sub-exponential LWE , 2020, IACR Cryptol. ePrint Arch..

[21]  Yael Tauman Kalai,et al.  Multi-collision resistance: a paradigm for keyless hash functions , 2018, IACR Cryptol. ePrint Arch..

[22]  Ralph C. Merkle,et al.  A Digital Signature Based on a Conventional Encryption Function , 1987, CRYPTO.

[23]  Shuichi Katsumata,et al.  Non-interactive Zero-Knowledge in Pairing-Free Groups from Weaker Assumptions , 2020, EUROCRYPT.

[24]  Yael Tauman Kalai,et al.  From Obfuscation to the Security of Fiat-Shamir for Proofs , 2017, CRYPTO.

[25]  James Bartusek,et al.  On the (In)security of Kilian-Based SNARGs , 2019, IACR Cryptol. ePrint Arch..

[26]  Yael Tauman Kalai,et al.  Delegation for bounded space , 2013, STOC '13.

[27]  Ron Rothblum,et al.  Fiat-Shamir and Correlation Intractability from Strong KDM-Secure Encryption , 2018, IACR Cryptol. ePrint Arch..

[28]  Leonid A. Levin,et al.  Checking computations in polylogarithmic time , 1991, STOC '91.

[29]  Yael Tauman Kalai,et al.  Non-interactive delegation and batch NP verification from standard computational assumptions , 2017, STOC.

[30]  Vinod Vaikuntanathan,et al.  How to Delegate and Verify in Public: Verifiable Computation from Attribute-based Encryption , 2012, IACR Cryptol. ePrint Arch..

[31]  Kai-Min Chung,et al.  Delegating RAM Computations with Adaptive Soundness and Privacy , 2016, TCC.

[32]  Chris Peikert,et al.  Public-key cryptosystems from the worst-case shortest vector problem: extended abstract , 2009, STOC '09.

[33]  Silvio Micali,et al.  CS Proofs (Extended Abstracts) , 1994, FOCS 1994.

[34]  Helger Lipmaa,et al.  Progression-Free Sets and Sublinear Pairing-Based Non-Interactive Zero-Knowledge Arguments , 2012, TCC.

[35]  Eli Ben-Sasson,et al.  Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[36]  R. Raz,et al.  How to delegate computations: the power of no-signaling proofs , 2014, Electron. Colloquium Comput. Complex..

[37]  Craig Gentry,et al.  Quadratic Span Programs and Succinct NIZKs without PCPs , 2013, IACR Cryptol. ePrint Arch..

[38]  Chris Peikert,et al.  Pseudorandomness of ring-LWE for any ring and modulus , 2017, STOC.

[39]  Yael Tauman Kalai,et al.  How to delegate computations publicly , 2019, IACR Cryptol. ePrint Arch..

[40]  Nir Bitansky,et al.  Recursive composition and bootstrapping for SNARKS and proof-carrying data , 2013, STOC '13.

[41]  Yael Tauman Kalai,et al.  Somewhere Statistical Soundness, Post-Quantum Security, and SNARGs for P , 2021, IACR Cryptol. ePrint Arch..

[42]  Guy N. Rothblum,et al.  Constant-Round Interactive Proofs for Delegating Computation , 2016, Electron. Colloquium Comput. Complex..

[43]  Rafail Ostrovsky,et al.  Trapdoor Hash Functions and Their Applications , 2019, IACR Cryptol. ePrint Arch..

[44]  Yael Tauman Kalai,et al.  Delegating RAM Computations , 2016, TCC.

[45]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[46]  Zhengzhong Jin,et al.  Non-Interactive Zero Knowledge from Sub-exponential DDH , 2021, IACR Cryptol. ePrint Arch..

[47]  Yael Tauman Kalai,et al.  Delegating computation: interactive proofs for muggles , 2008, STOC.

[48]  Daniele Venturi,et al.  On Adaptive Security of Delayed-Input Sigma Protocols and Fiat-Shamir NIZKs , 2020, IACR Cryptol. ePrint Arch..

[49]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[50]  Ivan Damgård,et al.  Secure Two-Party Computation with Low Communication , 2012, IACR Cryptol. ePrint Arch..

[51]  Craig Gentry,et al.  Separating succinct non-interactive arguments from all falsifiable assumptions , 2011, STOC '11.

[52]  Joe Kilian,et al.  A note on efficient zero-knowledge proofs and arguments (extended abstract) , 1992, STOC '92.

[53]  Nir Bitansky,et al.  Succinct Non-Interactive Arguments via Linear Interactive Proofs , 2013, Journal of Cryptology.

[54]  Ron D. Rothblum,et al.  Fiat–Shamir via list-recoverable codes (or: parallel repetition of GMW is not zero-knowledge) , 2021, Empir. Softw. Eng..

[55]  Ran Canetti,et al.  Succinct Garbling and Indistinguishability Obfuscation for RAM Programs , 2015, STOC.

[56]  Yael Tauman Kalai,et al.  On the (In)security of the Fiat-Shamir paradigm , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[57]  Jens Groth,et al.  Short Pairing-Based Non-interactive Zero-Knowledge Arguments , 2010, ASIACRYPT.

[58]  Carsten Lund,et al.  Algebraic methods for interactive proof systems , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[59]  Ran Canetti,et al.  Fully Succinct Garbled RAM , 2016, ITCS.