The famous zero-knowledge succinct non-interactive arguments of knowledge(zk-SNARK) was proposed by Groth in 2016.Typically, the construction is based on quadratic arithmetic programs which are highly efficient concer...The famous zero-knowledge succinct non-interactive arguments of knowledge(zk-SNARK) was proposed by Groth in 2016.Typically, the construction is based on quadratic arithmetic programs which are highly efficient concerning the proof length and the verification complexity. Since then, there has been much progress in designing zk-SNARKs, achieving stronger security,and simulated extractability, which is analogous to non-malleability and has broad applications. In this study, following Groth's pairing-based zk-SNARK, a simulation extractability zk-SNARK under the random oracle model is constructed. Our construction relies on a newly proposed property named target linearly collision-resistant, which is satisfied by random oracles under discrete logarithm assumptions. Compared to the original Groth16 zk-SNARK, in our construction, both parties are allowed to use such a random oracle, aiming to get the same random number. The resulting proof consists of 3 group elements and only 1 pairing equation needs to be verified. Compared to other related works, our construction is shorter in proof length and simpler in verification while preserving simulation extractability. The results also extend to achieve subversion zero-knowledge SNARKs.展开更多
基金supported by the National Key R&D Program of China(Grant No.2019YFB2101703)the National Natural Science Foundation of China(Grant Nos.62272107 and U19A2066)+1 种基金the Innovation Action Plan of Shanghai Science and Technology(Grant No.21511102200)the Key R&D Program of Guangdong Province(Grant No.2020B0101090001)。
文摘The famous zero-knowledge succinct non-interactive arguments of knowledge(zk-SNARK) was proposed by Groth in 2016.Typically, the construction is based on quadratic arithmetic programs which are highly efficient concerning the proof length and the verification complexity. Since then, there has been much progress in designing zk-SNARKs, achieving stronger security,and simulated extractability, which is analogous to non-malleability and has broad applications. In this study, following Groth's pairing-based zk-SNARK, a simulation extractability zk-SNARK under the random oracle model is constructed. Our construction relies on a newly proposed property named target linearly collision-resistant, which is satisfied by random oracles under discrete logarithm assumptions. Compared to the original Groth16 zk-SNARK, in our construction, both parties are allowed to use such a random oracle, aiming to get the same random number. The resulting proof consists of 3 group elements and only 1 pairing equation needs to be verified. Compared to other related works, our construction is shorter in proof length and simpler in verification while preserving simulation extractability. The results also extend to achieve subversion zero-knowledge SNARKs.
