[Resource Topic] 2024/956: SNARGs under LWE via Propositional Proofs

Welcome to the resource topic for 2024/956

SNARGs under LWE via Propositional Proofs

Authors: Zhengzhong Jin, Yael Tauman Kalai, Alex Lombardi, Vinod Vaikuntanathan


We construct a succinct non-interactive argument (SNARG) system for every NP language \mathcal{L} that has a propositional proof of non-membership for each x\notin \mathcal{L}. The soundness of our SNARG system relies on the hardness of the learning with errors (LWE) problem. The common reference string (CRS) in our construction grows with the space required to verify the propositional proof, and the size of the proof grows poly-logarithmically in the length of the propositional proof.

Unlike most of the literature on SNARGs, our result implies SNARGs for languages \mathcal L with proof length shorter than logarithmic in the deterministic time complexity of \mathcal L. Our SNARG improves over prior SNARGs for such ``hard’’ NP languages (Sahai and Waters, STOC 2014, Jain and Jin, FOCS 2022) in several ways:

  • For languages with polynomial-length propositional proofs of non-membership, our SNARGs are based on a single, polynomial-time falsifiable assumption, namely LWE.
  • Our construction handles propositional proofs of super-polynomial length, as long as they have bounded space, under the subexponential LWE assumption.
  • Our SNARGs have a transparent setup, meaning that no private randomness is required to generate the CRS.

Moreover, our approach departs dramatically from these prior works: we show how to design SNARGs for hard languages without publishing a program (in the CRS) that has the power to verify \mathsf{NP} witnesses.

The key new idea in our cryptographic construction is what we call a ``locally unsatisfiable extension’’ of the \mathsf{NP} verification circuit \{C_x\}_x. We say that an \mathsf{NP} verifier has a locally unsatisfiable extension if for every x\not\in \mathcal L, there exists an extension E_x of C_x that is not even locally satisfiable in the sense of a local assignment generator [Paneth-Rothblum, TCC 2017]. Crucially, we allow E_x to be depend arbitrarily on x rather than being efficiently constructible.

In this work, we show – via a ``hash-and-BARG’’ for a hidden, encrypted computation – how to build SNARGs for all languages with locally unsatisfiable extensions. We additionally show that propositional proofs of unsatisfiability generically imply the existence of locally unsatisfiable extensions, which allows us to deduce our main results.

As an illustrative example, our results imply a SNARG for the decisional Diffie-Hellman (DDH) language under the LWE assumption.

ePrint: https://eprint.iacr.org/2024/956

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .