International Association for Cryptologic Research

International Association
for Cryptologic Research


Witness-Succinct Universally-Composable SNARKs

Chaya Ganesh , IISc Bangalore
Yashvanth Kondi , Aarhus University
Claudio Orlandi , Aarhus University
Mahak Pancholi , Aarhus University
Akira Takahashi , University of Edinburgh
Daniel Tschudi , Concordium, Zurich
DOI: 10.1007/978-3-031-30617-4_11 (login may be required)
Search ePrint
Search Google
Presentation: Slides
Conference: EUROCRYPT 2023
Abstract: Zero-knowledge Succinct Non-interactive ARguments of Knowledge (zkSNARKs) are becoming an increasingly fundamental tool in many real-world applications where the proof compactness is of the utmost importance, including blockchains. A proof of security for SNARKs in the Universal Composability (UC) framework (Canetti, FOCS'01) would rule out devastating malleability attacks. To retain security of SNARKs in the UC model, one must show their \emph{simulation-extractability} such that the knowledge extractor is both \emph{black-box} and \emph{straight-line}, which would imply that proofs generated by honest provers are \emph{non-malleable}. However, existing simulation-extractability results on SNARKs either lack some of these properties, or alternatively have to sacrifice \emph{witness succinctness} to prove UC security. In this paper, we provide a compiler lifting any simulation-extractable NIZKAoK into a UC-secure one in the global random oracle model, importantly, while preserving the same level of witness succinctness. Combining this with existing zkSNARKs, we achieve, to the best of our knowledge, the first zkSNARKs simultaneously achieving UC-security and constant sized proofs.
  title={Witness-Succinct Universally-Composable SNARKs},
  author={Chaya Ganesh and Yashvanth Kondi and Claudio Orlandi and Mahak Pancholi and Akira Takahashi and Daniel Tschudi},