Skip to main content

Recursive Proof Composition from Accumulation Schemes

Part of the Lecture Notes in Computer Science book series (LNSC,volume 12551)

Abstract

Recursive proof composition has been shown to lead to powerful primitives such as incrementally-verifiable computation (IVC) and proof-carrying data (PCD). All existing approaches to recursive composition take a succinct non-interactive argument of knowledge (SNARK) and use it to prove a statement about its own verifier. This technique requires that the verifier run in time sublinear in the size of the statement it is checking, a strong requirement that restricts the class of SNARKs from which PCD can be built. This in turn restricts the efficiency and security properties of the resulting scheme.

Bowe, Grigg, and Hopwood (ePrint 2019/1021) outlined a novel approach to recursive composition, and applied it to a particular SNARK construction which does not have a sublinear-time verifier. However, they omit details about this approach and do not prove that it satisfies any security property. Nonetheless, schemes based on their ideas have already been implemented in software.

In this work we present a collection of results that establish the theoretical foundations for a generalization of the above approach. We define an accumulation scheme for a non-interactive argument, and show that this suffices to construct PCD, even if the argument itself does not have a sublinear-time verifier. Moreover we give constructions of accumulation schemes for SNARKs, which yield PCD schemes with novel efficiency and security features.

Keywords

  • Succinct arguments
  • Proof-carrying data
  • Recursive proof composition

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-64378-2_1
  • Chapter length: 18 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   84.99
Price excludes VAT (USA)
  • ISBN: 978-3-030-64378-2
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   109.99
Price excludes VAT (USA)

Notes

  1. 1.

    We remark that the notion of an accumulation scheme is distinct from the notion of a cryptographic accumulator for a set (e.g., an RSA accumulator), which provides a succinct representation of a large set while supporting membership queries.

  2. 2.

    This is not precisely the case, because the verifier is required to reject immediately if it ever makes a query \(\mathsf {q}\) with \(\varPhi _\circ (\mathsf {q}) = 0\).

References

  1. Scott, A., Carmit, H., Yuval, I., Muthuramakrishnan, V.: Ligero: Lightweight sublinear arguments without a trusted setup. In: Proceedings of the 24th ACM Conference on Computer and Communications Security, CCS 2017, pp. 2087–2104 (2017)

    Google Scholar 

  2. Bünz, B., Jonathan, B., Dan, B., Andrew, P., Pieter, W., Greg, M.: Bulletproofs: short proofs for confidential transactions and more. In: Proceedings of the 39th IEEE Symposium on Security and Privacy, S&P 2018, pp. 315–334 (2018)

    Google Scholar 

  3. Bootle, J., Cerulli, A., Chaidos, P., Groth, J., Petit, C.: Efficient zero-knowledge arguments for arithmetic circuits in the discrete log setting. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 327–357. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49896-5_12

    CrossRef  MATH  Google Scholar 

  4. Bitansky, N., Canetti, R., Chiesa, A. and Tromer, E.: Recursive composition and bootstrapping for SNARKs and proof-carrying data. In: Proceedings of the 45th ACM Symposium on the Theory of Computing. STOC 2013, pp. 111–120 (2013)

    Google Scholar 

  5. Bootle, J., Cerulli, A., Ghadafi, E., Groth, J., Hajiabadi, M., Jakobsen, S.K.: Linear-time zero-knowledge proofs for arithmetic circuit satisfiability. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10626, pp. 336–365. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70700-6_12

    CrossRef  Google Scholar 

  6. Ben-Sasson, E., Chiesa, A., Riabzev, M., Spooner, N., Virza, M., Ward, N.P.: Aurora: transparent succinct arguments for R1CS. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11476, pp. 103–128. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17653-2_4

    CrossRef  Google Scholar 

  7. Ben-Sasson, E., Chiesa, A., Tromer, E.: Scalable zero knowledge via cycles of elliptic curves. In: Proceedings of the 34th Annual International Cryptology Conference, CRYPTO 2014, pp. 276–294, (2014)

    Google Scholar 

  8. Sean, B., Jack, G., Daira, H.: Halo: Recursive proof composition without a trusted setup. ePrint Report 2019/1021 (2019)

    Google Scholar 

  9. Bonneau, J., Meckler, I., Rao, V., Shapiro, E.: Coda: Decentralized cryptocurrency at scale. ePrint Report 2020/352 (2020)

    Google Scholar 

  10. Chiesa, A.: Chua, Lynn, Weidner, Matthew: On cycles of pairing-friendly elliptic curves. SIAM J. Appl. Algebra Geo. 3(2), 175–192 (2019)

    CrossRef  Google Scholar 

  11. Chiesa, A., Hu, Y., Maller, M., Mishra, P., Vesely, N., Ward, N.: Marlin: preprocessing zksnarks with universal and updatable SRS. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12105, pp. 738–768. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45721-1_26

    CrossRef  Google Scholar 

  12. Chiesa, A., Liu, S.: On the impossibility of probabilistic proofs in relativized worlds. In: Proceedings of the 11th Innovations in Theoretical Computer Science Conference, ITCS 2020, pp. 1–30 (2020)

    Google Scholar 

  13. O(1) Labs. “Coda Cryptocurrency” (2017) https://codaprotocol.com/

  14. Chiesa, A., Ojha, D., Spooner, N.: Fractal: post-quantum and transparent recursive proofs from holography. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12105, pp. 769–793. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45721-1_27

    CrossRef  Google Scholar 

  15. Chiesa, A. and Tromer, E.: Proof-carrying data and hearsay arguments from signature cards. In: Proceedings of the 1st Symposium on Innovations in Computer Science, ICS 2010, pp. 310–331 (2010)

    Google Scholar 

  16. Stephen, C., Eran, T., Jeffrey, A.V.: Enforcing language semantics using proof-carrying data. ePrint Report 2013/513 (2013)

    Google Scholar 

  17. Chiesa, A., Tromer, E., Virza, M.: Cluster computing in zero knowledge. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 371–403. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_13

    CrossRef  MATH  Google Scholar 

  18. Gentry, C., Wichs, D.: Separating succinct non-interactive arguments from all falsifiable assumptions. In: Proceedings of the 43rd Annual ACM Symposium on Theory of Computing, STOC 2011, pp. 99–108 (2011)

    Google Scholar 

  19. Ariel, G., Zachary, J.W., Oana, C.: PLONK: Permutations over lagrange-bases for oecumenical noninteractive arguments of knowledge. ePrint Report 2019/953 (2019)

    Google Scholar 

  20. Sean, B., Jack, G., Daira, H.: Halo (2019) https://github.com/ebfull/halo

  21. Assimakis, K., Bonneau, J.: Proof of necessary work: Succinct state verification with fairness guarantees. ePrint Report 2020/190 (2020)

    Google Scholar 

  22. Aniket, K., Gregory, M.Z., Ian, G.: Constant-size commitments to polynomials and their applications. In: Proceedings of the 16th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2010, pp. 177–194 (2010)

    Google Scholar 

  23. Maller, M., Bowe, S., Kohlweiss, M., Meiklejohn, S.: Sonic: Zero-knowledge SNARKs from linear-size universal and updateable structured reference strings. In: Proceedings of the 26th ACM Conference on Computer and Communications Security. CCS 2019 (2019)

    Google Scholar 

  24. Moni, N., Omer, P., Guy, N.R.: Incrementally verifiable computation via incremental pcps. In: Proceedings of the 17th International Conference on the Theory of Cryptography, TCC 2019, pp. 552–576 (2019)

    Google Scholar 

  25. Naveh, A., Tromer, E.: PhotoProof: Cryptographic image authentication for any set of permissible transformations. In: Proceedings of the 37th IEEE Symposium on Security and Privacy, S&P 2016, pp. 255–271 (2016)

    Google Scholar 

  26. O(1) Labs. Pickles. https://github.com/o1-labs/marlin

  27. Silverman, J.H., Stange, K.E.: Amicable pairs and aliquot cycles for elliptic curves. Exp. Math. 20(3), 329–357 (2011)

    MathSciNet  CrossRef  Google Scholar 

  28. Paul, V.: Incrementally verifiable computation or proofs of knowledge imply time/space efficiency. In: Proceedings of the 5th Theory of Cryptography Conference, TCC 2008, pp. 1–18 (2008)

    Google Scholar 

  29. Wahby, R.S., Tzialla, I., Shelat, A., Thaler, J., Walfish, M.: Doubly-efficient zkSNARKs without trusted setup. In: Proceedings of the 39th IEEE Symposium on Security and Privacy, S&P 2018, pp. 926–943 (2018)

    Google Scholar 

Download references

Acknowledgements

The authors thank William Lin for pointing out an error in a prior version of the construction of \(\mathsf {PC}_{\scriptscriptstyle \mathsf {DL}}\), and Github user 3for for pointing out errors in a prior version of the construction of \(\mathsf {PC}_{\scriptscriptstyle \mathsf {AGM}}\). This research was supported in part by: the Berkeley Haas Blockchain Initiative and a donation from the Ethereum Foundation. Benedikt Bünz performed part of the work while visiting the Simons Institute for the Theory of Computing.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Pratyush Mishra .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2020 International Association for Cryptologic Research

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Bünz, B., Chiesa, A., Mishra, P., Spooner, N. (2020). Recursive Proof Composition from Accumulation Schemes. In: Pass, R., Pietrzak, K. (eds) Theory of Cryptography. TCC 2020. Lecture Notes in Computer Science(), vol 12551. Springer, Cham. https://doi.org/10.1007/978-3-030-64378-2_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-64378-2_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-64377-5

  • Online ISBN: 978-3-030-64378-2

  • eBook Packages: Computer ScienceComputer Science (R0)