Ligero: lightweight sublinear arguments without a trusted setup

Scott Ames, Carmit Hazay, Yuval Ishai, Muthuramakrishnan Venkitasubramaniam

Research output: Contribution to journalArticlepeer-review

2 Scopus citations

Abstract

We design and implement a simple zero-knowledge argument protocol for NP whose communication complexity is proportional to the square-root of the verification circuit size. The protocol can be based on any collision-resistant hash function. Alternatively, it can be made non-interactive in the random oracle model, yielding concretely efficient zk-SNARKs that do not require a trusted setup or public-key cryptography. Our protocol is obtained by applying an optimized version of the general transformation of Ishai et al. (in: STOC, pp. 21–30, 2007) to a variant of the protocol for secure multiparty computation of Damgård and Ishai (in: CRYPTO, pp. 501–520, 2006). It can be viewed as a simple zero-knowledge interactive PCP based on “interleaved” Reed-Solomon codes. This paper is an extended version of the paper published in CCS 2017 and features a tighter analysis, better implementation along with formal proofs. For large verification circuits, the Ligero prover remains competitive against subsequent works with respect to the prover’s running time, where our efficiency advantages become even bigger in an amortized setting, where several instances need to be proven simultaneously. Our protocol is attractive not only for very large verification circuits but also for moderately large circuits that arise in applications. For instance, for verifying a SHA-256 preimage with 2 - 40 soundness error, the communication complexity is roughly 35KB. The communication complexity of our protocol is independent of the circuit structure and depends only on the number of gates. For 2 - 40 soundness error, the communication becomes smaller than the circuit size for circuits containing roughly 3 million gates or more. With our refined analysis the Ligero system’s proof lengths and prover’s running times are better than subsequent post-quantum ZK-SNARKs for small to moderately large circuits.

Original languageEnglish
Pages (from-to)3379-3424
Number of pages46
JournalDesigns, Codes, and Cryptography
Volume91
Issue number11
DOIs
StatePublished - Nov 2023

Bibliographical note

Publisher Copyright:
© 2023, The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature.

Funding

We thank Eli Ben-Sasson, Swastik Kopparty, abhi shelat, and Salil Vadhan for useful discussions and pointers, the anonymous CCS reviewers for helpful comments, and Victor Shoup for his assistance with the NTL library. The first and last authors were supported by Google Faculty Research Grant and NSF Awards CNS-1526377 and CNS-1618884. The second author was supported by the European Research Council under the ERC consolidators grant agreement n. 615172 (HIPS), and by the BIU Center for Research in Applied Cryptography and Cyber Security in conjunction with the Israel National Cyber Bureau in the Prime Minister’s Office. The third author was supported by a DARPA/ARL SAFEWARE award, DARPA Brandeis program under Contract N66001-15-C-4065, NSF Frontier Award 1413955, NSF grants 1619348, 1228984, 1136174, and 1065276, ERC grant 742754, NSF-BSF grant 2015782, ISF grant 1709/14, BSF grant 2012378, a Xerox Faculty Research Award, a Google Faculty Research Award, an equipment grant from Intel, and an Okawa Foundation Research Grant. This material is based upon work supported by the Defense Advanced Research Projects Agency through the ARL under Contract W911NF-15-C-0205. The views expressed are those of the authors and do not reflect the official policy or position of Google, the Department of Defense, the National Science Foundation, or the U.S. Government. We thank Eli Ben-Sasson, Swastik Kopparty, abhi shelat, and Salil Vadhan for useful discussions and pointers, the anonymous CCS reviewers for helpful comments, and Victor Shoup for his assistance with the NTL library. The first and last authors were supported by Google Faculty Research Grant and NSF Awards CNS-1526377 and CNS-1618884. The second author was supported by the European Research Council under the ERC consolidators grant agreement n. 615172 (HIPS), and by the BIU Center for Research in Applied Cryptography and Cyber Security in conjunction with the Israel National Cyber Bureau in the Prime Minister’s Office. The third author was supported by a DARPA/ARL SAFEWARE award, DARPA Brandeis program under Contract N66001-15-C-4065, NSF Frontier Award 1413955, NSF grants 1619348, 1228984, 1136174, and 1065276, ERC grant 742754, NSF-BSF grant 2015782, ISF grant 1709/14, BSF grant 2012378, a Xerox Faculty Research Award, a Google Faculty Research Award, an equipment grant from Intel, and an Okawa Foundation Research Grant. This material is based upon work supported by the Defense Advanced Research Projects Agency through the ARL under Contract W911NF-15-C-0205. The views expressed are those of the authors and do not reflect the official policy or position of Google, the Department of Defense, the National Science Foundation, or the U.S. Government.

FundersFunder number
NSF-BSF2015782
National Science FoundationCNS-1618884, CNS-1526377
U.S. Department of Defense
Defense Advanced Research Projects AgencyW911NF-15-C-0205
Bloom's Syndrome Foundation2012378
Intel Corporation
Army Research Laboratory1228984, 1413955, 1065276, 1136174, N66001-15-C-4065, 1619348, 742754
Google
Iowa Science Foundation1709/14
Engineering Research Centers615172
European Commission
Okawa Foundation for Information and Telecommunications

    Keywords

    • MPC-in-the-head
    • Post-quantum
    • Sublinear ZK arguments

    Fingerprint

    Dive into the research topics of 'Ligero: lightweight sublinear arguments without a trusted setup'. Together they form a unique fingerprint.

    Cite this