Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

Prover-efficient commit-and-prove zero-knowledge SNARKs

Prover-efficient commit-and-prove zero-knowledge SNARKs Succinct non-interactive zero-knowledge arguments of knowledge (Zk-SNARKs) are needed in many applications. Unfortunately, all previous zk-SNARKs for interesting languages are either inefficient for the prover, or are non-adaptive and based on a commitment scheme that depends both on the prover's input and on the language, i.e., they are not commit-and-prove (CaP) SNARKs. We propose a proof-friendly extractable commitment scheme, and use it to construct prover-efficient adaptive CaP succinct zk-SNARKs for different languages, that can all reuse committed data. In new zk-SNARKs, the prover computation is dominated by a linear number of cryptographic operations. We use batch-verification to decrease the verifier's computation; importantly, batch-verification can be used also in QAP-based zk-SNARKs. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png International Journal of Applied Cryptography Inderscience Publishers

Prover-efficient commit-and-prove zero-knowledge SNARKs

Download PDF
19 pages

Loading next page...
 
/lp/inderscience-publishers/prover-efficient-commit-and-prove-zero-knowledge-snarks-Ljy15kZILs
Publisher
Inderscience Publishers
Copyright
Copyright © Inderscience Enterprises Ltd
ISSN
1753-0563
eISSN
1753-0571
DOI
10.1504/IJACT.2017.089355
Publisher site
See Article on Publisher Site

Abstract

Succinct non-interactive zero-knowledge arguments of knowledge (Zk-SNARKs) are needed in many applications. Unfortunately, all previous zk-SNARKs for interesting languages are either inefficient for the prover, or are non-adaptive and based on a commitment scheme that depends both on the prover's input and on the language, i.e., they are not commit-and-prove (CaP) SNARKs. We propose a proof-friendly extractable commitment scheme, and use it to construct prover-efficient adaptive CaP succinct zk-SNARKs for different languages, that can all reuse committed data. In new zk-SNARKs, the prover computation is dominated by a linear number of cryptographic operations. We use batch-verification to decrease the verifier's computation; importantly, batch-verification can be used also in QAP-based zk-SNARKs.

Journal

International Journal of Applied CryptographyInderscience Publishers

Published: Jan 1, 2017

There are no references for this article.