International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

On Subversion-Resistant SNARKs

Authors:
Behzad Abdolmaleki
Helger Lipmaa
Janno Siim
Michał Zając
Download:
DOI: 10.1007/s00145-021-09379-y
Search ePrint
Search Google
Abstract: While NIZK arguments in the CRS model are widely studied, the question of what happens when the CRS is subverted has received little attention. In ASIACRYPT 2016, Bellare, Fuchsbauer, and Scafuro showed the first negative and positive results, proving also that it is impossible to achieve subversion soundness and (even non-subversion) zero knowledge at the same time. On the positive side, they constructed a sound and subversion-zero knowledge (Sub-ZK) non-succinct NIZK argument for NP. We consider the practically very relevant case of zk-SNARKs. We make Groth’s zk-SNARK for Circuit-SAT from EUROCRYPT 2016 computationally knowledge-sound and perfectly composable Sub-ZK with minimal changes. We only require the CRS trapdoor to be extractable and the CRS to be publicly verifiable. To achieve the latter, we add some new elements to the CRS and construct an efficient CRS verification algorithm. We also provide a definitional framework for knowledge-sound and Sub-ZK SNARKs.
BibTeX
@article{jofc-2021-31776,
  title={On Subversion-Resistant SNARKs},
  journal={Journal of Cryptology},
  publisher={Springer},
  volume={34},
  doi={10.1007/s00145-021-09379-y},
  author={Behzad Abdolmaleki and Helger Lipmaa and Janno Siim and Michał Zając},
  year=2021
}