In this paper,we propose the concept of delegable zero knowledge succinct non-interactive arguments of knowledge(zk-SNARKs).The delegable zk-SNARKKis parameterized by(u,k,k',k").The delegable property of zk-S...In this paper,we propose the concept of delegable zero knowledge succinct non-interactive arguments of knowledge(zk-SNARKs).The delegable zk-SNARKKis parameterized by(u,k,k',k").The delegable property of zk-SNARKs allows the prover to delegate its proving ability toμproxies.Any k honest proxies are able to generate the correct proof for a statement,but the collusion of less than k proxies does not obtain information about the witness of the statement.We also define k'-soundness and k"-zero knowledge by taking into consider of multi-proxies.We propose a construction of(μ,2t+1,t,t)-delegable zk-SNARK for the NPC language of arithmetic circuit satisfiability.Our delegable zk-SNARK stems from Groth's zk-SNARK scheme(Groth16).We take advantage of the additive and multiplicative properties of polynomial-based secret sharing schemes to achieve delegation for zk-SNARK.Our secret sharing scheme works well with the pairing groups so that the nice succinct properties of Groth's zk-SNARK scheme are preserved,while augmenting the delegable property and keeping soundness and zero-knowledge in the scenario of multi-proxies.展开更多
基金Shengli Liu and Jinrui Sha were partially sponsored by the National Key R&D Program of China(No.2022YFB2701503)the National Natural Science Foundation of China(Grant No.61925207)Guangdong Major Project of Basic and Applied Basic Research(No.2019B030302008).
文摘In this paper,we propose the concept of delegable zero knowledge succinct non-interactive arguments of knowledge(zk-SNARKs).The delegable zk-SNARKKis parameterized by(u,k,k',k").The delegable property of zk-SNARKs allows the prover to delegate its proving ability toμproxies.Any k honest proxies are able to generate the correct proof for a statement,but the collusion of less than k proxies does not obtain information about the witness of the statement.We also define k'-soundness and k"-zero knowledge by taking into consider of multi-proxies.We propose a construction of(μ,2t+1,t,t)-delegable zk-SNARK for the NPC language of arithmetic circuit satisfiability.Our delegable zk-SNARK stems from Groth's zk-SNARK scheme(Groth16).We take advantage of the additive and multiplicative properties of polynomial-based secret sharing schemes to achieve delegation for zk-SNARK.Our secret sharing scheme works well with the pairing groups so that the nice succinct properties of Groth's zk-SNARK scheme are preserved,while augmenting the delegable property and keeping soundness and zero-knowledge in the scenario of multi-proxies.
