SNARKs for C: Verifying Program Executions Succinctly and in Zero Knowledge

An argument system for NP is a proof system that allows efficient verification of NP statements, given proofs produced by an untrusted yet computationally-bounded prover. Such a system is non-interactive and publicly-verifiable if, after a trusted party publishes a proving key and a verification key, anyone can use the proving key to generate non-interactive proofs for adaptively-chosen NP statements, and proofs can be verified by anyone by using the verification key.

[1]  Edsger W. Dijkstra,et al.  A note on two problems in connexion with graphs , 1959, Numerische Mathematik.

[2]  V. Benes,et al.  Mathematical Theory of Connecting Networks and Telephone Traffic. , 1966 .

[3]  Abraham Waksman,et al.  A Permutation Network , 1968, JACM.

[4]  Master Gardener,et al.  Mathematical games: the fantastic combinations of john conway's new solitaire game "life , 1970 .

[5]  D. C. Opferman,et al.  On a class of rearrangeable switching networks part I: Control algorithm , 1971 .

[6]  Stephen A. Cook,et al.  Time-bounded random access machines , 1972, J. Comput. Syst. Sci..

[7]  Leslie G. Valiant,et al.  Fast probabilistic algorithms for hamiltonian circuits and matchings , 1977, STOC '77.

[8]  Claus-Peter Schnorr Satisfiability Is Quasilinear Complete in NQL , 1978, JACM.

[9]  Sartaj Sahni,et al.  Parallel Algorithms to Set Up the Benes Permutation Network , 1982, IEEE Transactions on Computers.

[10]  J. Ernvall,et al.  NP-completeness of the hamming salesman problem , 1985 .

[11]  Stathis Zachos,et al.  Does co-NP Have Short Interactive Proofs? , 1987, Inf. Process. Lett..

[12]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[13]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[14]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[15]  Matthijs J. Coster,et al.  Addition Chain Heuristics , 1989, CRYPTO.

[16]  Saharon Shelah,et al.  Nearly Linear Time , 1989, Logic at Botik.

[17]  John Michael Robson,et al.  An O (T log T) Reduction from RAM Computations to Satisfiability , 1991, Theor. Comput. Sci..

[18]  Ivan Damgård,et al.  Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks , 1991, CRYPTO.

[19]  Leonid A. Levin,et al.  Checking computations in polylogarithmic time , 1991, STOC '91.

[20]  F. Leighton,et al.  Introduction to Parallel Algorithms and Architectures: Arrays, Trees, Hypercubes , 1991 .

[21]  A. Atkin,et al.  ELLIPTIC CURVES AND PRIMALITY PROVING , 1993 .

[22]  G. Frey,et al.  A remark concerning m -divisibility and the discrete logarithm in the divisor class group of curves , 1994 .

[23]  R. Cramer,et al.  Linear Zero-Knowledgde. A Note on Efficient Zero-Knowledge Proofs and Arguments , 1996 .

[24]  Jovan Dj. Golic,et al.  Linear Statistical Weakness of Alleged RC4 Keystream Generator , 1997, EUROCRYPT.

[25]  Oded Goldreich,et al.  On the Complexity of Interactive Proofs with Bounded Communication , 1998, Inf. Process. Lett..

[26]  Toshiaki Tanaka,et al.  On the Existence of 3-Round Zero-Knowledge Protocols , 1998, CRYPTO.

[27]  N. Smart The Algorithmic Resolution of Diophantine Equations: S -unit equations , 1998 .

[28]  Gerhard Frey,et al.  The Tate pairing and the discrete logarithm applied to elliptic curve cryptosystems , 1999, IEEE Trans. Inf. Theory.

[29]  Silvio Micali,et al.  Computationally Sound Proofs , 2000, SIAM J. Comput..

[30]  Jonathan Katz,et al.  Cryptographic Counters and Applications to Electronic Voting , 2001, EUROCRYPT.

[31]  A. Miyaji,et al.  New Explicit Conditions of Elliptic Curve Traces for FR-Reduction , 2001 .

[32]  Avi Wigderson,et al.  On interactive proofs with a laconic prover , 2001, computational complexity.

[33]  Daniel J. Bernstein,et al.  Pippenger's Exponentiation Algorithm , 2002 .

[34]  Mihir Bellare,et al.  The Knowledge-of-Exponent Assumptions and 3-Round Zero-Knowledge Protocols , 2004, CRYPTO.

[35]  Benny Pinkas,et al.  Fairplay - Secure Two-Party Computation System , 2004, USENIX Security Symposium.

[36]  Eli Ben-Sasson,et al.  Short PCPs verifiable in polylogarithmic time , 2005, 20th Annual IEEE Conference on Computational Complexity (CCC'05).

[37]  Rafail Ostrovsky,et al.  Perfect Non-Interactive Zero Knowledge for NP , 2006, IACR Cryptol. ePrint Arch..

[38]  Jens Groth,et al.  Non-interactive Zero-Knowledge Arguments for Voting , 2005, ACNS.

[39]  Hoeteck Wee,et al.  On Round-Efficient Argument Systems , 2005, ICALP.

[40]  Irit Dinur,et al.  The PCP theorem by gap amplification , 2006, STOC.

[41]  Dan Suciu,et al.  Journal of the ACM , 2006 .

[42]  Jens Groth,et al.  Simulation-Sound NIZK Proofs for a Practical Language and Constant Size Group Signatures , 2006, ASIACRYPT.

[43]  Rafail Ostrovsky,et al.  Non-interactive Zaps and New Techniques for NIZK , 2006, CRYPTO.

[44]  U. Feige,et al.  Making Games Short , 2006 .

[45]  Brent Waters,et al.  Compact Group Signatures Without Random Oracles , 2006, EUROCRYPT.

[46]  Serge Fehr,et al.  Perfect NIZK with Adaptive Soundness , 2007, TCC.

[47]  Tanja Lange,et al.  Faster Addition and Doubling on Elliptic Curves , 2007, ASIACRYPT.

[48]  Steven D. Galbraith,et al.  Ordinary abelian varieties having small embedding degree , 2007, Finite Fields Their Appl..

[49]  H. Edwards A normal form for elliptic curves , 2007 .

[50]  Rafail Ostrovsky,et al.  Efficient Arguments without Short PCPs , 2007, Twenty-Second Annual IEEE Conference on Computational Complexity (CCC'07).

[51]  Markulf Kohlweiss,et al.  P-signatures and Noninteractive Anonymous Credentials , 2008, TCC.

[52]  Ran Raz,et al.  Two Query PCP with Sub-Constant Error , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[53]  Oded Goldreich,et al.  Universal Arguments and their Applications , 2008, SIAM J. Comput..

[54]  Tanja Lange,et al.  Twisted Edwards Curves , 2008, AFRICACRYPT.

[55]  Eli Ben-Sasson,et al.  Short PCPs with Polylog Query Complexity , 2008, SIAM J. Comput..

[56]  K. Fernow New York , 1896, American Potato Journal.

[57]  Benny Pinkas,et al.  FairplayMP: a system for secure multi-party computation , 2008, CCS.

[58]  Mason Chang,et al.  Trace-based just-in-time type specialization for dynamic languages , 2009, PLDI '09.

[59]  Jens Groth,et al.  Linear Algebra with Sub-linear Zero-Knowledge Arguments , 2009, CRYPTO.

[60]  Sunil Arya,et al.  Space-time tradeoffs for approximate nearest neighbor searching , 2009, JACM.

[61]  Hovav Shacham,et al.  Randomizable Proofs and Delegatable Anonymous Credentials , 2009, CRYPTO.

[62]  Tanja Lange,et al.  Faster Computation of the Tate Pairing , 2009, IACR Cryptol. ePrint Arch..

[63]  Stephan Krenn Bringing Zero-Knowledge Proofs of Knowledge to Practice , 2009, Security Protocols Workshop.

[64]  Michael Scott,et al.  A Taxonomy of Pairing-Friendly Elliptic Curves , 2010, Journal of Cryptology.

[65]  Yael Tauman Kalai,et al.  Probabilistically Checkable Arguments , 2009, CRYPTO.

[66]  Jens Groth,et al.  Short Pairing-Based Non-interactive Zero-Knowledge Arguments , 2010, ASIACRYPT.

[67]  Eran Tromer,et al.  Proof-Carrying Data and Hearsay Arguments from Signature Cards , 2010, ICS.

[68]  Yuval Ishai,et al.  From Secrecy to Soundness: Efficient Verification via Secure Computation , 2010, ICALP.

[69]  Yael Tauman Kalai,et al.  Improved Delegation of Computation using Fully Homomorphic Encryption , 2010, IACR Cryptol. ePrint Arch..

[70]  Jens Groth,et al.  Short Non-interactive Zero-Knowledge Proofs , 2010, ASIACRYPT.

[71]  Craig Gentry,et al.  Non-interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers , 2010, CRYPTO.

[72]  Craig Gentry,et al.  Separating succinct non-interactive arguments from all falsifiable assumptions , 2011, STOC '11.

[73]  Andrew J. Blumberg Toward Practical and Unconditional Verification of Remote Computations , 2011, HotOS.

[74]  Vinod Vaikuntanathan,et al.  How to Delegate and Verify in Public: Verifiable Computation from Attribute-based Encryption , 2012, IACR Cryptol. ePrint Arch..

[75]  Shafi Goldwasser,et al.  Delegation of Computation without Rejection Problem from Designated Verifier CS-Proofs , 2011, IACR Cryptol. ePrint Arch..

[76]  Ran Canetti,et al.  Practical delegation of computation using multiple servers , 2011, CCS '11.

[77]  Helger Lipmaa Two Simple Code-Verification Voting Protocols , 2011, IACR Cryptol. ePrint Arch..

[78]  Ivan Damgård,et al.  Secure Two-Party Computation with Low Communication , 2012, IACR Cryptol. ePrint Arch..

[79]  Ran Canetti,et al.  Two Protocols for Delegation of Computation , 2012, ICITS.

[80]  Benjamin Braun,et al.  Taking Proof-Based Verified Computation a Few Steps Closer to Practicality , 2012, USENIX Security Symposium.

[81]  Nir Bitansky,et al.  Succinct Non-Interactive Arguments via Linear Interactive Proofs , 2013, Journal of Cryptology.

[82]  Helger Lipmaa,et al.  Progression-Free Sets and Sublinear Pairing-Based Non-Interactive Zero-Knowledge Arguments , 2012, TCC.

[83]  Nir Bitansky,et al.  From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again , 2012, ITCS '12.

[84]  Markulf Kohlweiss,et al.  Malleable Proof Systems and Applications , 2012, EUROCRYPT.

[85]  Graham Cormode,et al.  Practical verified computation with streaming interactive proofs , 2011, ITCS '12.

[86]  Hanspeter Pfister,et al.  Verifiable Computation with Massively Parallel Interactive Proofs , 2012, HotCloud.

[87]  Srinath T. V. Setty,et al.  Making argument systems for outsourced computation practical (sometimes) , 2012, NDSS.

[88]  Gilles Barthe,et al.  Full proof cryptography: verifiable compilation of efficient zero-knowledge protocols , 2012, IACR Cryptol. ePrint Arch..

[89]  Nir Bitansky,et al.  Succinct Arguments from Multi-prover Interactive Proofs and Their Efficiency Benefits , 2012, CRYPTO.

[90]  Craig Gentry,et al.  Quadratic Span Programs and Succinct NIZKs without PCPs , 2013, IACR Cryptol. ePrint Arch..

[91]  Yael Tauman Kalai,et al.  Reusable garbled circuits and succinct functional encryption , 2013, STOC '13.

[92]  Craig Gentry,et al.  Pinocchio: Nearly Practical Verifiable Computation , 2013, 2013 IEEE Symposium on Security and Privacy.

[93]  Benjamin Braun,et al.  Resolving the conflict between generality and plausibility in verified computation , 2013, EuroSys '13.

[94]  Eli Ben-Sasson,et al.  Fast reductions from RAMs to delegatable succinct constraint satisfaction problems: extended abstract , 2013, ITCS '13.

[95]  Vinod Vaikuntanathan,et al.  Attribute-based encryption for circuits , 2013, STOC '13.

[96]  Justin Thaler,et al.  Time-Optimal Interactive Proofs for Circuit Evaluation , 2013, CRYPTO.

[97]  Eli Ben-Sasson,et al.  On the concrete efficiency of probabilistically-checkable proofs , 2013, STOC '13.

[98]  Srinath T. V. Setty,et al.  A Hybrid Architecture for Interactive Verifiable Computation , 2013, 2013 IEEE Symposium on Security and Privacy.

[99]  Nir Bitansky,et al.  Recursive composition and bootstrapping for SNARKS and proof-carrying data , 2013, STOC '13.

[100]  Yael Tauman Kalai,et al.  Delegation for bounded space , 2013, STOC '13.

[101]  M. Panella Associate Editor of the Journal of Computer and System Sciences , 2014 .

[102]  Yael Tauman Kalai,et al.  Delegating computation: interactive proofs for muggles , 2008, STOC.