Welcome to the resource topic for 2021/281
Title:
Subquadratic SNARGs in the Random Oracle Model
Authors: Alessandro Chiesa, Eylon Yogev
Abstract:In a seminal work, Micali (FOCS 1994) gave the first succinct non-interactive argument (SNARG) in the random oracle model (ROM). The construction combines a PCP and a cryptographic commitment, and has several attractive features: it is plausibly post-quantum; it can be heuristically instantiated via lightweight cryptography; and it has a transparent (public-coin) parameter setup. However, it also has a significant drawback: a large argument size. In this work, we provide a new construction that achieves a smaller argument size. This is the first progress on the Micali construction since it was introduced over 25 years ago. A SNARG in the ROM is (t,\epsilon)-secure if every t-query malicious prover can convince the verifier of a false statement with probability at most ε. For (t,\epsilon)-security, the argument size of all known SNARGs in the ROM (including Micali’s) is \tilde{O}((\log (t/\epsilon))^2) bits, even if one were to rely on conjectured probabilistic proofs well beyond current techniques. In practice, these costs lead to SNARGs that are much larger than constructions based on other (pre-quantum and costly) tools. This has led many to believe that SNARGs in the ROM are inherently quadratic. We show that this is not the case. We present a SNARG in the ROM with a sub-quadratic argument size: \tilde{O}(\log (t/\epsilon) \cdot \log t). Our construction relies on a strong soundness notion for PCPs and a weak binding notion for commitments. We hope that our work paves the way for understanding if a linear argument size, that is O(\log (t/\epsilon)), is achievable in the ROM.
ePrint: https://eprint.iacr.org/2021/281
Talk: https://www.youtube.com/watch?v=HtSp5m8HQWc
Slides: https://iacr.org/submit/files/slides/2021/crypto/crypto2021/61/slides.pptx
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .