Ecole d'ingénieur et centre de recherche en Sciences du numérique

Lunar: a toolbox for more efficient universal and updatable zkSNARKs and commit-and-prove extensions

Campanelli, Matteo; Faonio, Antonio; Fiore, Dario; Querol, Anaïs; Rodriguez, Hadrian

Cryptology ePrint Archive, Report 2020/1069, 3 September 2020

We address the problem of constructing zkSNARKs whose SRS is universal—valid for all relations within a size-bound—and updatable—a dynamic set of participants can add secret randomness to it indefinitely thus increasing confidence in the setup. We investigate formal frameworks and techniques to design efficient universal updatable zkSNARKs with linear-size SRS and their commit-and-prove variants. We achieve a collection of zkSNARKs with different tradeoffs. One of our constructions achieves the smallest proof size and proving time compared to the state of art for proofs for arithmetic circuits. The language supported by this scheme is a variant of R1CS, called R1CS-lite, introduced by this work. Another of our constructions supports directly standard R1CS and improves on previous work achieving the fastest proving time for this type of constraint systems. We achieve this result via the combination of different contributions: (1) a new algebraicallyflavored variant of IOPs that we call Polynomial Holographic IOPs (PHPs), (2) a new compiler that combines our PHPs with commit-and-prove zkSNARKs for committed polynomials, (3) pairingbased realizations of these CP-SNARKs for polynomials, (4) constructions of PHPs for R1CS and R1CS-lite, (5) a variant of the compiler that yields a commit-and-prove universal zkSNARK.

Document Bibtex

Titre:Lunar: a toolbox for more efficient universal and updatable zkSNARKs and commit-and-prove extensions
Département:Sécurité numérique
Eurecom ref:6336
Copyright: IACR
Bibtex: @techreport{EURECOM+6336, year = {2020}, title = {{L}unar: a toolbox for more efficient universal and updatable zk{SNARK}s and commit-and-prove extensions}, author = {{C}ampanelli, {M}atteo and {F}aonio, {A}ntonio and {F}iore, {D}ario and {Q}uerol, {A}na{\"i}s and {R}odriguez, {H}adrian}, number = {EURECOM+6336}, month = {09}, institution = {Eurecom}, url = {},, }
Voir aussi: