Security Bounds for Proof-Carrying Data from Straightline Extractors

Alessandro Chiesa; Ziyi Guan; Shahar Samocha; Eylon Yogev

doi:10.1007/978-3-031-78017-2_16

Security Bounds for Proof-Carrying Data from Straightline Extractors

Alessandro Chiesa, Ziyi Guan, Shahar Samocha, Eylon Yogev

Department of Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Proof-carrying data (PCD) is a powerful cryptographic primitive that allows mutually distrustful parties to perform distributed computation in an efficiently verifiable manner. Real-world deployments of PCD have sparked keen interest within the applied community and industry. Known constructions of PCD are obtained by recursively-composing SNARKs or related primitives. Unfortunately, known security analyses incur expensive blowups, which practitioners have disregarded as the analyses would lead to setting parameters that are prohibitively expensive. In this work we study the concrete security of recursive composition, with the goal of better understanding how to reasonably set parameters for certain PCD constructions of practical interest. Our main result is that PCD obtained from SNARKs with straightline knowledge soundness has essentially the same security as the underlying SNARK (i.e., recursive composition incurs essentially no security loss). We describe how straightline knowledge soundness is achieved by SNARKs in several oracle models, which results in a highly efficient security analysis of PCD that makes black-box use of the SNARK’s oracle (there is no need to instantiated the oracle to carry out the security reduction). As a notable application, our work offers an idealized model that provides new, albeit heuristic, insights for the concrete security of recursive STARKs used in blockchain systems. Our work could be viewed as partial evidence justifying the parameter choices for recursive STARKs made by practitioners.

Original language	English
Title of host publication	Theory of Cryptography - 22nd International Conference, TCC 2024, Proceedings
Editors	Elette Boyle, Elette Boyle, Mohammad Mahmoody
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	464-496
Number of pages	33
ISBN (Print)	9783031780165
DOIs	https://doi.org/10.1007/978-3-031-78017-2_16
State	Published - 2025
Event	22nd Theory of Cryptography Conference, TCC 2024 - Milan, Italy Duration: 2 Dec 2024 → 6 Dec 2024

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	15365 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	22nd Theory of Cryptography Conference, TCC 2024
Country/Territory	Italy
City	Milan
Period	2/12/24 → 6/12/24

Bibliographical note

Publisher Copyright:
© International Association for Cryptologic Research 2025.

Keywords

concrete security
proof-carrying data
relativization
succinct non-interactive arguments

Access to Document

10.1007/978-3-031-78017-2_16

Cite this

Chiesa, A., Guan, Z., Samocha, S., & Yogev, E. (2025). Security Bounds for Proof-Carrying Data from Straightline Extractors. In E. Boyle, E. Boyle, & M. Mahmoody (Eds.), Theory of Cryptography - 22nd International Conference, TCC 2024, Proceedings (pp. 464-496). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 15365 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-78017-2_16

Chiesa, Alessandro ; Guan, Ziyi ; Samocha, Shahar et al. / Security Bounds for Proof-Carrying Data from Straightline Extractors. Theory of Cryptography - 22nd International Conference, TCC 2024, Proceedings. editor / Elette Boyle ; Elette Boyle ; Mohammad Mahmoody. Springer Science and Business Media Deutschland GmbH, 2025. pp. 464-496 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{9a9839b589c64addb09ab09917c44850,

title = "Security Bounds for Proof-Carrying Data from Straightline Extractors",

abstract = "Proof-carrying data (PCD) is a powerful cryptographic primitive that allows mutually distrustful parties to perform distributed computation in an efficiently verifiable manner. Real-world deployments of PCD have sparked keen interest within the applied community and industry. Known constructions of PCD are obtained by recursively-composing SNARKs or related primitives. Unfortunately, known security analyses incur expensive blowups, which practitioners have disregarded as the analyses would lead to setting parameters that are prohibitively expensive. In this work we study the concrete security of recursive composition, with the goal of better understanding how to reasonably set parameters for certain PCD constructions of practical interest. Our main result is that PCD obtained from SNARKs with straightline knowledge soundness has essentially the same security as the underlying SNARK (i.e., recursive composition incurs essentially no security loss). We describe how straightline knowledge soundness is achieved by SNARKs in several oracle models, which results in a highly efficient security analysis of PCD that makes black-box use of the SNARK{\textquoteright}s oracle (there is no need to instantiated the oracle to carry out the security reduction). As a notable application, our work offers an idealized model that provides new, albeit heuristic, insights for the concrete security of recursive STARKs used in blockchain systems. Our work could be viewed as partial evidence justifying the parameter choices for recursive STARKs made by practitioners.",

keywords = "concrete security, proof-carrying data, relativization, succinct non-interactive arguments",

author = "Alessandro Chiesa and Ziyi Guan and Shahar Samocha and Eylon Yogev",

note = "Publisher Copyright: {\textcopyright} International Association for Cryptologic Research 2025.; 22nd Theory of Cryptography Conference, TCC 2024 ; Conference date: 02-12-2024 Through 06-12-2024",

year = "2025",

doi = "10.1007/978-3-031-78017-2_16",

language = "אנגלית",

isbn = "9783031780165",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "464--496",

editor = "Elette Boyle and Elette Boyle and Mohammad Mahmoody",

booktitle = "Theory of Cryptography - 22nd International Conference, TCC 2024, Proceedings",

address = "גרמניה",

}

Chiesa, A, Guan, Z, Samocha, S & Yogev, E 2025, Security Bounds for Proof-Carrying Data from Straightline Extractors. in E Boyle, E Boyle & M Mahmoody (eds), Theory of Cryptography - 22nd International Conference, TCC 2024, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 15365 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 464-496, 22nd Theory of Cryptography Conference, TCC 2024, Milan, Italy, 2/12/24. https://doi.org/10.1007/978-3-031-78017-2_16

Security Bounds for Proof-Carrying Data from Straightline Extractors. / Chiesa, Alessandro; Guan, Ziyi; Samocha, Shahar et al.
Theory of Cryptography - 22nd International Conference, TCC 2024, Proceedings. ed. / Elette Boyle; Elette Boyle; Mohammad Mahmoody. Springer Science and Business Media Deutschland GmbH, 2025. p. 464-496 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 15365 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Security Bounds for Proof-Carrying Data from Straightline Extractors

AU - Chiesa, Alessandro

AU - Guan, Ziyi

AU - Samocha, Shahar

AU - Yogev, Eylon

N1 - Publisher Copyright: © International Association for Cryptologic Research 2025.

PY - 2025

Y1 - 2025

N2 - Proof-carrying data (PCD) is a powerful cryptographic primitive that allows mutually distrustful parties to perform distributed computation in an efficiently verifiable manner. Real-world deployments of PCD have sparked keen interest within the applied community and industry. Known constructions of PCD are obtained by recursively-composing SNARKs or related primitives. Unfortunately, known security analyses incur expensive blowups, which practitioners have disregarded as the analyses would lead to setting parameters that are prohibitively expensive. In this work we study the concrete security of recursive composition, with the goal of better understanding how to reasonably set parameters for certain PCD constructions of practical interest. Our main result is that PCD obtained from SNARKs with straightline knowledge soundness has essentially the same security as the underlying SNARK (i.e., recursive composition incurs essentially no security loss). We describe how straightline knowledge soundness is achieved by SNARKs in several oracle models, which results in a highly efficient security analysis of PCD that makes black-box use of the SNARK’s oracle (there is no need to instantiated the oracle to carry out the security reduction). As a notable application, our work offers an idealized model that provides new, albeit heuristic, insights for the concrete security of recursive STARKs used in blockchain systems. Our work could be viewed as partial evidence justifying the parameter choices for recursive STARKs made by practitioners.

AB - Proof-carrying data (PCD) is a powerful cryptographic primitive that allows mutually distrustful parties to perform distributed computation in an efficiently verifiable manner. Real-world deployments of PCD have sparked keen interest within the applied community and industry. Known constructions of PCD are obtained by recursively-composing SNARKs or related primitives. Unfortunately, known security analyses incur expensive blowups, which practitioners have disregarded as the analyses would lead to setting parameters that are prohibitively expensive. In this work we study the concrete security of recursive composition, with the goal of better understanding how to reasonably set parameters for certain PCD constructions of practical interest. Our main result is that PCD obtained from SNARKs with straightline knowledge soundness has essentially the same security as the underlying SNARK (i.e., recursive composition incurs essentially no security loss). We describe how straightline knowledge soundness is achieved by SNARKs in several oracle models, which results in a highly efficient security analysis of PCD that makes black-box use of the SNARK’s oracle (there is no need to instantiated the oracle to carry out the security reduction). As a notable application, our work offers an idealized model that provides new, albeit heuristic, insights for the concrete security of recursive STARKs used in blockchain systems. Our work could be viewed as partial evidence justifying the parameter choices for recursive STARKs made by practitioners.

KW - concrete security

KW - proof-carrying data

KW - relativization

KW - succinct non-interactive arguments

UR - http://www.scopus.com/inward/record.url?scp=85211441965&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-78017-2_16

DO - 10.1007/978-3-031-78017-2_16

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:85211441965

SN - 9783031780165

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 464

EP - 496

BT - Theory of Cryptography - 22nd International Conference, TCC 2024, Proceedings

A2 - Boyle, Elette

A2 - Mahmoody, Mohammad

PB - Springer Science and Business Media Deutschland GmbH

T2 - 22nd Theory of Cryptography Conference, TCC 2024

Y2 - 2 December 2024 through 6 December 2024

ER -

Chiesa A, Guan Z, Samocha S, Yogev E. Security Bounds for Proof-Carrying Data from Straightline Extractors. In Boyle E, Boyle E, Mahmoody M, editors, Theory of Cryptography - 22nd International Conference, TCC 2024, Proceedings. Springer Science and Business Media Deutschland GmbH. 2025. p. 464-496. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-78017-2_16