[go: up one dir, main page]

What a lovely hat

Is it made out of tin foil?

Paper 2016/260

On the Size of Pairing-based Non-interactive Arguments

Jens Groth

Abstract

Non-interactive arguments enable a prover to convince a verifier that a statement is true. Recently there has been a lot of progress both in theory and practice on constructing highly efficient non-interactive arguments with small size and low verification complexity, so-called succinct non-interactive arguments (SNARGs) and succinct non-interactive arguments of knowledge (SNARKs). Many constructions of SNARGs rely on pairing-based cryptography. In these constructions a proof consists of a number of group elements and the verification consists of checking a number of pairing product equations. The question we address in this article is how efficient pairing-based SNARGs can be. Our first contribution is a pairing-based (preprocessing) SNARK for arithmetic circuit satisfiability, which is an NP-complete language. In our SNARK we work with asymmetric pairings for higher efficiency, a proof is only 3 group elements, and verification consists of checking a single pairing product equations using 3 pairings in total. Our SNARK is zero-knowledge and does not reveal anything about the witness the prover uses to make the proof. As our second contribution we answer an open question of Bitansky, Chiesa, Ishai, Ostrovsky and Paneth (TCC 2013) by showing that 2-move linear interactive proofs cannot have a linear decision procedure. It follows from this that SNARGs where the prover and verifier use generic asymmetric bilinear group operations cannot consist of a single group element. This gives the first lower bound for pairing-based SNARGs. It remains an intriguing open problem whether this lower bound can be extended to rule out 2 group element SNARGs, which would prove optimality of our 3 element construction.

Metadata
Available format(s)
PDF
Publication info
A minor revision of an IACR publication in EUROCRYPT 2016
Keywords
SNARKsnon-interactive zero-knowledge argumentslinear interactive proofsquadratic arithmetic programsbilinear groups
Contact author(s)
j groth @ ucl ac uk
History
2016-05-31: revised
2016-03-08: received
See all versions
Short URL
https://ia.cr/2016/260
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/260,
      author = {Jens Groth},
      title = {On the Size of Pairing-based Non-interactive Arguments},
      howpublished = {Cryptology {ePrint} Archive, Paper 2016/260},
      year = {2016},
      url = {https://eprint.iacr.org/2016/260}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.