Subquadratic SNARGs in the Random Oracle Model

Alessandro Chiesa, Eylon Yogev

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

3 Scopus citations

Abstract

In a seminal work, Micali (FOCS 1994) gave the first succinct non-interactive argument (SNARG) in the random oracle model (ROM). The construction combines a PCP and a cryptographic commitment, and has several attractive features: it is plausibly post-quantum; it can be heuristically instantiated via lightweight cryptography; and it has a transparent (public-coin) parameter setup. However, it also has a significant drawback: a large argument size. In this work, we provide a new construction that achieves a smaller argument size. This is the first progress on the Micali construction since it was introduced over 25 years ago. A SNARG in the ROM is (t, ϵ) -secure if every t -query malicious prover can convince the verifier of a false statement with probability at most ϵ. For (t, ϵ) -security, the argument size of all known SNARGs in the ROM (including Micali’s) is O~ ((log (t/ ϵ) ) 2) bits, even if one were to rely on conjectured probabilistic proofs well beyond current techniques. In practice, these costs lead to SNARGs that are much larger than constructions based on other (pre-quantum and costly) tools. This has led many to believe that SNARGs in the ROM are inherently quadratic. We show that this is not the case. We present a SNARG in the ROM with a sub-quadratic argument size: O~ (log (t/ ϵ) · log t). Our construction relies on a strong soundness notion for PCPs and a weak binding notion for commitments. We hope that our work paves the way for understanding if a linear argument size, that is O(log (t/ ϵ) ), is achievable in the ROM.

Original languageEnglish
Title of host publicationAdvances in Cryptology – CRYPTO 2021 - 41st Annual International Cryptology Conference, CRYPTO 2021, Proceedings
EditorsTal Malkin, Chris Peikert
PublisherSpringer Science and Business Media Deutschland GmbH
Pages711-741
Number of pages31
ISBN (Print)9783030842413
DOIs
StatePublished - 2021
Event41st Annual International Cryptology Conference, CRYPTO 2021 - Virtual, Online
Duration: 16 Aug 202120 Aug 2021

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12825 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference41st Annual International Cryptology Conference, CRYPTO 2021
CityVirtual, Online
Period16/08/2120/08/21

Bibliographical note

Publisher Copyright:
© 2021, International Association for Cryptologic Research.

Funding

Eylon Yogev is funded by the ISF grants 484/18, 1789/19, Len Blavatnik and the Blavatnik Foundation, The Blavatnik Interdisciplinary Cyber Research Center at Tel Aviv University, and The Raymond and Beverly Sackler Post-Doctoral Scholarship. This work was done (in part) while the second author was visiting the Simons Institute for the Theory of Computing. Acknowledgments. Alessandro Chiesa is funded by the Ethereum Foundation and

FundersFunder number
Blavatnik Foundation
Israel Science Foundation1789/19, 484/18
Tel Aviv University
Ethereum Foundation

    Keywords

    • Probabilistically checkable proofs
    • Random oracle
    • Succinct arguments

    Fingerprint

    Dive into the research topics of 'Subquadratic SNARGs in the Random Oracle Model'. Together they form a unique fingerprint.

    Cite this