Authors: Helger Lipmaa
Addresses: Institute of Computer Science, University of Tartu, Estonia
Abstract: Succinct non-interactive zero-knowledge arguments of knowledge (Zk-SNARKs) are needed in many applications. Unfortunately, all previous zk-SNARKs for interesting languages are either inefficient for the prover, or are non-adaptive and based on a commitment scheme that depends both on the prover's input and on the language, i.e., they are not commit-and-prove (CaP) SNARKs. We propose a proof-friendly extractable commitment scheme, and use it to construct prover-efficient adaptive CaP succinct zk-SNARKs for different languages, that can all reuse committed data. In new zk-SNARKs, the prover computation is dominated by a linear number of cryptographic operations. We use batch-verification to decrease the verifier's computation; importantly, batch-verification can be used also in QAP-based zk-SNARKs.
Keywords: batch verification; commit-and-prove; CaP; common reference string; CRS; non-interactive zero knowledge; NIZK; numerical NP-complete languages; range proof; Subset-Sum; zk-SNARK.
International Journal of Applied Cryptography, 2017 Vol.3 No.4, pp.344 - 362
Available online: 12 Jan 2018 *Full-text access for editors Access for subscribers Purchase this article Comment on this article