Skip to main content

Lattice-Based Zero-Knowledge SNARGs for Arithmetic Circuits

Part of the Lecture Notes in Computer Science book series (LNSC,volume 11774)

Abstract

Succinct non-interactive arguments (SNARGs) enable verifying NP computations with substantially lower complexity than that required for classical NP verification. In this work, we construct a zero-knowledge SNARG candidate that relies only on lattice-based assumptions which are claimed to hold even in the presence of quantum computers.

Central to our construction is the notion of linear-targeted malleability introduced by Bitansky et al. (TCC 2013) and the conjecture that variants of Regev encryption satisfy this property. Then, using the efficient characterization of NP languages as Square Arithmetic Programs we build the first quantum-resilient zk-SNARG for arithmetic circuits with a constant-size proof consisting of only 2 lattice-based ciphertexts.

Our protocol is designated-verifier, achieves zero-knowledge and has shorter proofs and shorter CRS than the previous such schemes, e.g. Boneh et al. (Eurocrypt 2017).

Keywords

  • Lattice-based
  • Zero-knowledge
  • SNARG
  • Post-quantum

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-30530-7_11
  • Chapter length: 20 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   59.99
Price excludes VAT (USA)
  • ISBN: 978-3-030-30530-7
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   79.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.
Fig. 3.

Notes

  1. 1.

    This is the first scheme where the prover does not have to compute a cryptographic group operation for each wire of the circuit, which is instead true e.g., in QSP-based protocols.

  2. 2.

    Quasi-optimal succinctness refers to schemes where the argument size is quasilinear in the security parameter.

References

  1. Ajtai, M.: Generating hard instances of lattice problems (extended abstract). In: Miller, G.L. (ed.) STOC, pp. 99–108. ACM (1996). http://dblp.uni-trier.de/db/conf/stoc/stoc1996.html#Ajtai96

  2. Asharov, G., Jain, A., López-Alt, A., Tromer, E., Vaikuntanathan, V., Wichs, D.: Multiparty computation with low communication, computation and interaction via threshold FHE. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 483–501. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_29

    CrossRef  Google Scholar 

  3. Banaszczyk, W.: Inequalities for convex bodies and polar reciprocal lattices inRn. Discret. Comput. Geom. 13(2), 217–231 (1995)

    CrossRef  Google Scholar 

  4. Banerjee, A., Peikert, C., Rosen, A.: Pseudorandom functions and lattices. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 719–737. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_42

    CrossRef  Google Scholar 

  5. Baum, C., Bootle, J., Cerulli, A., del Pino, R., Groth, J., Lyubashevsky, V.: Sub-linear lattice-based zero-knowledge arguments for arithmetic circuits. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 669–699. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96881-0_23

    CrossRef  Google Scholar 

  6. Ben-Sasson, E., Bentov, I., Horesh, Y., Riabzev, M.: Scalable, transparent, and post-quantum secure computational integrity. Cryptology ePrint Archive, Report 2018/046 (2018). https://eprint.iacr.org/2018/046

  7. Bitansky, N., et al.: The hunting of the SNARK. Cryptology ePrint Archive, Report 2014/580 (2014). http://eprint.iacr.org/2014/580

  8. Bitansky, N., Canetti, R., Chiesa, A., Tromer, E.: From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again, pp. 326–349 (2012). https://doi.org/10.1145/2090236.2090263

  9. Bitansky, N., Chiesa, A., Ishai, Y., Paneth, O., Ostrovsky, R.: Succinct non-interactive arguments via linear interactive proofs. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 315–333. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36594-2_18

    CrossRef  Google Scholar 

  10. Boneh, D., Ishai, Y., Sahai, A., Wu, D.J.: Lattice-based SNARGs and their application to more efficient obfuscation, pp. 247–277 (2017). https://doi.org/10.1007/978-3-319-56617-79

  11. Boneh, D., Ishai, Y., Sahai, A., Wu, D.J.: Quasi-optimal SNARGs via linear multi-prover interactive proofs. Cryptology ePrint Archive, Report 2018/133 (2018). https://eprint.iacr.org/2018/133

  12. Boneh, D., Segev, G., Waters, B.: Targeted malleability: homomorphic encryption for restricted computations, pp. 350–366 (2012). https://doi.org/10.1145/2090236.2090264

  13. Boppana, R.B., Hastad, J., Zachos, S.: Does co-np have short interactive proofs? Inf. Process. Lett. 25(2), 127–132 (1987). https://doi.org/10.1016/0020-0190(87)90232-8

    MathSciNet  CrossRef  MATH  Google Scholar 

  14. Brakerski, Z., Vaikuntanathan, V.: Efficient fully homomorphic encryption from (standard) LWE, pp. 97–106 (2011). https://doi.org/10.1109/FOCS.2011.12

  15. Brassard, G., Chaum, D., Crépeau, C.: Minimum disclosure proofs of knowledge. J. Comput. Syst. Sci. 37(2), 156–189 (1988). https://doi.org/10.1016/0022-0000(88)90005-0

    MathSciNet  CrossRef  MATH  Google Scholar 

  16. Danezis, G., Fournet, C., Groth, J., Kohlweiss, M.: Square span programs with applications to succinct NIZK arguments, pp. 532–550 (2014). https://doi.org/10.1007/978-3-662-45611-828

  17. Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987). https://doi.org/10.1007/3-540-47721-7_12

    CrossRef  Google Scholar 

  18. Fuchsbauer, G.: Subversion-zero-knowledge SNARKs. In: Abdalla, M., Dahab, R. (eds.) PKC 2018. LNCS, vol. 10769, pp. 315–347. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-76578-5_11

    CrossRef  Google Scholar 

  19. Gennaro, R., Gentry, C., Parno, B., Raykova, M.: Quadratic span programs and succinct NIZKs without PCPs. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 626–645. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_37

    CrossRef  Google Scholar 

  20. Gennaro, R., Minelli, M., Nitulescu, A., Orrù, M.: Lattice-based zk-SNARKs from square span programs. In: Lie, D., Mannan, M., Backes, M., Wang, X. (eds.) ACM Conference on Computer and Communications Security, pp. 556–573. ACM (2018). http://dblp.uni-trier.de/db/conf/ccs/ccs2018.html#GennaroMNO18

  21. Gentry, C.: Fully homomorphic encryption using ideal lattices, pp. 169–178 (2009). https://doi.org/10.1145/1536414.1536440

  22. Gentry, C., Wichs, D.: Separating succinct non-interactive arguments from all falsifiable assumptions, pp. 99–108 (2011). https://doi.org/10.1145/1993636.1993651

  23. Goldreich, O., Håstad, J.: On the complexity of interactive proofs with bounded communication. Inf. Process. Lett. 67(4), 205–214 (1998). https://doi.org/10.1016/S0020-0190(98)00116-1

    MathSciNet  CrossRef  MATH  Google Scholar 

  24. Goldreich, O., Vadhan, S., Wigderson, A.: On interactive proofs with a laconic prover. Comput. Complex. 11(1–2), 1–53 (2002). https://doi.org/10.1007/s00037-002-0169-0

    MathSciNet  CrossRef  Google Scholar 

  25. Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186–208 (1989)

    MathSciNet  CrossRef  Google Scholar 

  26. Groth, J.: Short pairing-based non-interactive zero-knowledge arguments. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 321–340. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17373-8_19

    CrossRef  Google Scholar 

  27. Groth, J.: On the size of pairing-based non-interactive arguments. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 305–326. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49896-5_11

    CrossRef  Google Scholar 

  28. Groth, J., Maller, M.: Snarky signatures: minimal signatures of knowledge from simulation-extractable SNARKs. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 581–612. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63715-0_20

    CrossRef  Google Scholar 

  29. Håstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999)

    MathSciNet  CrossRef  Google Scholar 

  30. Kilian, J.: A note on efficient zero-knowledge proofs and arguments (extended abstract), pp. 723–732 (1992). https://doi.org/10.1145/129712.129782

  31. Kim, S., Wu, D.J.: Multi-theorem preprocessing NIZKs from lattices. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 733–765. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96881-0_25

    CrossRef  Google Scholar 

  32. Libert, B., Ling, S., Nguyen, K., Wang, H.: Lattice-based zero-knowledge arguments for integer relations. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 700–732. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96881-0_24

    CrossRef  Google Scholar 

  33. Lipmaa, H.: Progression-free sets and sublinear pairing-based non-interactive zero-knowledge arguments. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 169–189. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28914-9_10

    CrossRef  Google Scholar 

  34. Lipmaa, H.: Succinct non-interactive zero knowledge arguments from span programs and linear error-correcting codes. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8269, pp. 41–60. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-42033-7_3

    CrossRef  Google Scholar 

  35. Micali, S.: CS proofs (extended abstracts), pp. 436–453 (1994). https://doi.org/10.1109/SFCS.1994.365746

  36. Micciancio, D., Peikert, C.: Hardness of SIS and LWE with small parameters. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 21–39. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40041-4_2

    CrossRef  Google Scholar 

  37. Micciancio, D., Regev, O.: Worst-case to average-case reductions based on Gaussian measures, pp. 372–381 (2004). https://doi.org/10.1109/FOCS.2004.72

  38. Naor, M.: On cryptographic assumptions and challenges (invited talk), pp. 96–109 (2003). https://doi.org/10.1007/978-3-540-45146-46

  39. Parno, B., Howell, J., Gentry, C., Raykova, M.: Pinocchio: nearly practical verifiable computation, pp. 238–252 (2013). https://doi.org/10.1109/SP.2013.47

  40. Regev, O.: On lattices, learning with errors, random linear codes, and cryptography, pp. 84–93 (2005). https://doi.org/10.1145/1060590.1060603

  41. Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM Rev. 41(2), 303–332 (1999). http://dblp.uni-trier.de/db/journals/siamrev/siamrev41.html#Shor99

    MathSciNet  CrossRef  Google Scholar 

  42. Wee, H.: On round-efficient argument systems. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 140–152. Springer, Heidelberg (2005). https://doi.org/10.1007/11523468_12

    CrossRef  Google Scholar 

Download references

Acknowledgements

Research founded by: the European Research Council (ERC) under the European Unions’s Horizon 2020 research and innovation programme under grant agreement No 803096 (SPEC); the Danish Independent Research Council under Grant-ID DDF-6108-00169 (FoCC).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Anca Nitulescu .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Nitulescu, A. (2019). Lattice-Based Zero-Knowledge SNARGs for Arithmetic Circuits. In: Schwabe, P., Thériault, N. (eds) Progress in Cryptology – LATINCRYPT 2019. LATINCRYPT 2019. Lecture Notes in Computer Science(), vol 11774. Springer, Cham. https://doi.org/10.1007/978-3-030-30530-7_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-30530-7_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-30529-1

  • Online ISBN: 978-3-030-30530-7

  • eBook Packages: Computer ScienceComputer Science (R0)