Recursive composition and bootstrapping for SNARKS and proof-carrying data

Authors:
Nir Bitansky;Ran Canetti;Alessandro Chiesa;Eran Tromer
Affiliations:
Tel Aviv University, Tel Aviv, Israel;Boston University and Tel Aviv University, Boston, USA;MIT, Cambridge, USA;Tel Aviv University, Tel Aviv, Israel
Venue:
Proceedings of the forty-fifth annual ACM symposium on Theory of computing
Year:
2013

Citing 26
Cited 1

How to play ANY mental game

STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
Does co-NP have short interactive proofs?

Information Processing Letters
Minimum disclosure proofs of knowledge

Journal of Computer and System Sciences - 27th IEEE Conference on Foundations of Computer Science October 27-29, 1986
Completeness theorems for non-cryptographic fault-tolerant distributed computation

STOC '88 Proceedings of the twentieth annual ACM symposium on Theory of computing
The knowledge complexity of interactive proof systems

SIAM Journal on Computing
Checking computations in polylogarithmic time

STOC '91 Proceedings of the twenty-third annual ACM symposium on Theory of computing
Checking the correctness of memories

SFCS '91 Proceedings of the 32nd annual symposium on Foundations of computer science
A note on efficient zero-knowledge proofs and arguments (extended abstract)

STOC '92 Proceedings of the twenty-fourth annual ACM symposium on Theory of computing
Impossibility of distributed consensus with one faulty process

Journal of the ACM (JACM)
On the complexity of interactive proofs with bounded communication

Information Processing Letters
Computationally Sound Proofs

SIAM Journal on Computing
Fast Verification of Any Remote Procedure Call: Short Witness-Indistinguishable One-Round Proofs for NP

ICALP '00 Proceedings of the 27th International Colloquium on Automata, Languages and Programming
On interactive proofs with a laconic prover

Computational Complexity
Succinct NP Proofs from an Extractability Assumption

CiE '08 Proceedings of the 4th conference on Computability in Europe: Logic and Theory of Algorithms
Fully homomorphic encryption using ideal lattices

Proceedings of the forty-first annual ACM symposium on Theory of computing
Are PCPs Inherent in Efficient Arguments?

CCC '09 Proceedings of the 2009 24th Annual IEEE Conference on Computational Complexity
Universal Arguments and their Applications

SIAM Journal on Computing
Incrementally verifiable computation or proofs of knowledge imply time/space efficiency

TCC'08 Proceedings of the 5th conference on Theory of cryptography
Separating succinct non-interactive arguments from all falsifiable assumptions

Proceedings of the forty-third annual ACM symposium on Theory of computing
From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again

Proceedings of the 3rd Innovations in Theoretical Computer Science Conference
Targeted malleability: homomorphic encryption for restricted computations

Proceedings of the 3rd Innovations in Theoretical Computer Science Conference
On round-efficient argument systems

ICALP'05 Proceedings of the 32nd international conference on Automata, Languages and Programming
Progression-free sets and sublinear pairing-based non-interactive zero-knowledge arguments

TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
Fast reductions from RAMs to delegatable succinct constraint satisfaction problems: extended abstract

Proceedings of the 4th conference on Innovations in Theoretical Computer Science
Succinct non-interactive arguments via linear interactive proofs

TCC'13 Proceedings of the 10th theory of cryptography conference on Theory of Cryptography
On the concrete efficiency of probabilistically-checkable proofs

Proceedings of the forty-fifth annual ACM symposium on Theory of computing

On the concrete efficiency of probabilistically-checkable proofs

Proceedings of the forty-fifth annual ACM symposium on Theory of computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

Succinct non-interactive arguments of knowledge (SNARKs) enable verifying NP statements with complexity that is essentially independent of that required for classical NP verification. In particular, they provide strong solutions to the problem of verifiably delegating computation. We construct the first fully-succinct publicly-verifiable SNARK. To do that, we first show how to "bootstrap" any SNARK that requires expensive preprocessing to obtain a SNARK that does not, while preserving public verifiability. We then apply this transformation to known SNARKs with preprocessing. Moreover, the SNARK we construct only requires of the prover time and space that are essentially the same as that required for classical NP verification. Our transformation assumes only collision-resistant hashing; curiously, it does not rely on PCPs. We also show an analogous transformation for privately-verifiable SNARKs, assuming fully-homomorphic encryption. At the heart of our transformations is a technique for recursive composition of SNARKs. This technique uses in an essential way the proof-carrying data (PCD) framework, which extends SNARKs to the setting of distributed networks of provers and verifiers. Concretely, to bootstrap a given SNARK, we recursively compose the SNARK to obtain a "weak" PCD system for shallow distributed computations, and then use the PCD framework to attain stronger notions of SNARKs and PCD systems.