Skip to main content
SpringerLink
Log in

Folding Schemes with Selective Verification

  • Conference paper
  • First Online:
Progress in Cryptology – LATINCRYPT 2023 (LATINCRYPT 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14168))

  • 186 Accesses

Abstract

In settings such as delegation of computation where a prover is doing computation as a service for many verifiers, it is important to amortize the prover’s costs without increasing those of the verifier. We introduce folding schemes with selective verification. Such a scheme allows a prover to aggregate m NP statements \(x_i\in \mathcal {L}\) in a single statement \(x\in \mathcal {L}\). Knowledge of a witness for x implies knowledge of witnesses for all m statements. Furthermore, each statement can be individually verified by asserting the validity of the aggregated statement and an individual proof \(\pi _i\) with size sublinear in the number of aggregated statements. In particular, verification of statement \(x_i\) does not require reading (or even knowing) all the statements aggregated. We demonstrate natural folding schemes for various languages: inner product relations, vector and polynomial commitment openings and relaxed R1CS of NOVA. All these constructions incur a minimal overhead for the prover, comparable to simply reading the statements.

The research leading to this work was funded by Protocol Labs under grant agreement PL-RGP1-2021-048.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 74.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    In fact, both inner product arguments and polynomial commitment folding can be used for either approach but the presentation becomes more natural by using one approach for each.

  2. 2.

    We note that it is also possible to use a different strategy if one changes the statement about the polynomial commitments slightly: the prover can fold statements of the form “I know a polynomial that is a valid opening of a commitment” and fold such statements for each verifier resulting in a claim about a single polynomial commitment. Then, it can prove this statement at a single point which will be the same for all verifiers. The point is derived by hashing the final folded statement. During folding, the transcript of the first protocol rounds is included in the hashing part of the folding. Thus, each verifier can check that its transcript indeed contributed in the sampling of the FS challenge point.

  3. 3.

    The bootstrapping construction can in fact bootstrap any m-folding scheme for \(m\ge 2\). We only present the \(m=2\) case for ease of presentation. All constructions in this work are derived from 2-folding schemes but one could in fact consider \(m>2\) to improve concrete efficiency.

References

  1. Ben-Sasson, E., Chiesa, A., Spooner, N.: Interactive oracle proofs. In: Hirt, M., Smith, A. (eds.) TCC 2016, Part II. LNCS, vol. 9986, pp. 31–60. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53644-5_2

    Chapter  Google Scholar 

  2. Ben-Sasson, E., et al.: Zerocash: decentralized anonymous payments from bitcoin. In: 2014 IEEE Symposium on Security and Privacy, pp. 459–474. IEEE Computer Society Press (2014). https://doi.org/10.1109/SP.2014.36

  3. Bitansky, N., et al.: Recursive composition and bootstrapping for SNARKS and proof-carrying data. In: Boneh, D., Roughgarden, T., Feigenbaum, J. (eds.) 45th ACM STOC, pp. 111–120. ACM Press (2013). https://doi.org/10.1145/2488608.2488623

  4. Boneh, D., Drake, J., Fisch, B., Gabizon, A.: Halo Infinite: proof-carrying data from additive polynomial commitments. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021, Part I. LNCS, vol. 12825, pp. 649–680. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84242-0_23

    Chapter  Google Scholar 

  5. Bootle, J., Chiesa, A., Groth, J.: Linear-time arguments with sublinear verification from tensor codes. In: Pass, R., Pietrzak, K. (eds.) TCC 2020, Part II. LNCS, vol. 12551, pp. 19–46. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64378-2_2

    Chapter  Google Scholar 

  6. Bootle, J., Chiesa, A., Liu, S.: Zero-Knowledge Succinct Arguments with a Linear-Time Prover. In: IACR Cryptology ePrint Archive, p. 1527 (2020). https://eprint.iacr.org/2020/1527

  7. Bootle, J., Cerulli, A., Chaidos, P., Groth, J., Petit, C.: Efficient zero-knowledge arguments for arithmetic circuits in the discrete log setting. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016, Part II. LNCS, vol. 9666, pp. 327–357. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49896-5_12

    Chapter  Google Scholar 

  8. Bootle, J., et al.: Gemini: Elastic SNARKs for Diverse Environments. In: IACR Cryptology ePrint Archive, p. 420 (2022). https://eprint.iacr.org/2022/420

  9. Bowe, S., Grigg, J., Hopwood, D.: Halo: Recursive Proof Composition without a Trusted Setup. Cryptology ePrint Archive, Report 2019/1021 (2019). https://eprint.iacr.org/2019/1021

  10. Bünz, B., et al.: Bulletproofs: short proofs for confidential transactions and more. In: 2018 IEEE Symposium on Security and Privacy, pp. 315–334. IEEE Computer Society Press (2018). https://doi.org/10.1109/SP.2018.00020

  11. Bünz, B., Chiesa, A., Lin, W., Mishra, P., Spooner, N.: Proof-carrying data without succinct arguments. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021, Part I. LNCS, vol. 12825, pp. 681–710. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84242-0_24

    Chapter  Google Scholar 

  12. Bünz, B., Chiesa, A., Mishra, P., Spooner, N.: Recursive proof composition from accumulation schemes. In: Pass, R., Pietrzak, K. (eds.) TCC 2020, Part II. LNCS, vol. 12551, pp. 1–18. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64378-2_1

    Chapter  Google Scholar 

  13. Campanelli, M., et al.: Lunar: a Toolbox for More Efficient Universal and Updatable zkSNARKs and Commit-and-Prove Extensions. Cryptology ePrint Archive, Report 2020/1069 (2020). https://eprint.iacr.org/2020/1069

  14. Catalano, D., Fiore, D.: Vector commitments and their applications. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 55–72. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36362-7_5

    Chapter  Google Scholar 

  15. Chiesa, A., Hu, Y., Maller, M., Mishra, P., Vesely, N., Ward, N.: Marlin: preprocessing zkSNARKs with universal and updatable SRS. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020, Part I. LNCS, vol. 12105, pp. 738–768. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45721-1_26

    Chapter  Google Scholar 

  16. Gabizon, A., Williamson, Z.J., Ciobotaru, O.: PLONK: Permutations over Lagrange-bases for Oecumenical Noninteractive arguments of Knowledge. Cryptology ePrint Archive, Report 2019/953 (2019). https://eprint.iacr.org/2019/953

  17. Goldwasser, S., Kalai, Y.T., Rothblum, G.N.: Delegating computation: interactive proofs for muggles. In: Ladner, R.E., Dwork, C. (eds.) 40th ACM STOC, pp. 113–122. ACM Press (2008). https://doi.org/10.1145/1374376.1374396

  18. Kate, A., Zaverucha, G.M., Goldberg, I.: Constant-size commitments to polynomials and their applications. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 177–194. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17373-8_11

    Chapter  Google Scholar 

  19. Kothapalli, A., Setty, S.: HyperNova: recursive arguments for customizable constraint systems. In: IACR Cryptology ePrint Archive, p. 573 (2023). https://eprint.iacr.org/2023/573

  20. Kothapalli, A., Setty, S., Tzialla, I.: Nova: recursive zero-knowledge arguments from folding schemes. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022. LNCS, vol. 13510, pp. 359–388. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-15985-5_13

    Chapter  Google Scholar 

  21. Mohnblatt, N.: Sangria: A Folding Scheme for PLONK. https://github.com/geometryresearch/technical_notes/blob/main/sangria_folding_plonk.pdf. Accessed 07 Aug 2023

  22. Ràfols, C., Zacharakis, A.: Folding Schemes with Selective Verification. In: IACR Cryptology ePrint Archive, p. 1576 (2022). https://eprint.iacr.org/2022/1576

  23. Ron-Zewi, N., Rothblum, R.: Proving as fast as computing: succinct arguments with constant prover overhead. In: Electronic Colloquium on Computational Complexity, p. 180 (2021). https://eccc.weizmann.ac.il/report/2021/180

  24. Valiant, P.: Incrementally verifiable computation or proofs of knowledge imply time/space efficiency. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 1–18. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78524-8_1

    Chapter  Google Scholar 

  25. Yurek, T., et al.: hbACSS: How to Robustly Share Many Secrets. Cryptology ePrint Archive, Report 2021/159 (2021). https://eprint.iacr.org/2021/159

Download references

Author information

Authors and Affiliations

  1. Pompeu Fabra University, Barcelona, Spain

    Carla Ráfols

  2. Toposware Inc., Tokyo, Japan

    Alexandros Zacharakis

Authors
  1. Carla Ráfols
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alexandros Zacharakis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Carla Ráfols .

Editor information

Editors and Affiliations

  1. Technology Innovation Institute, Abu Dhabi, United Arab Emirates

    Abdelrahaman Aly

  2. NTT Social Informatics Laboratories, Tokyo, Japan

    Mehdi Tibouchi

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ráfols, C., Zacharakis, A. (2023). Folding Schemes with Selective Verification. In: Aly, A., Tibouchi, M. (eds) Progress in Cryptology – LATINCRYPT 2023. LATINCRYPT 2023. Lecture Notes in Computer Science, vol 14168. Springer, Cham. https://doi.org/10.1007/978-3-031-44469-2_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-44469-2_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-44468-5

  • Online ISBN: 978-3-031-44469-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation