Filters








3,995 Hits in 6.5 sec

Efficient Batch Zero-Knowledge Arguments for Low Degree Polynomials [chapter]

Jonathan Bootle, Jens Groth
2018 Lecture Notes in Computer Science  
(EUROCRYPT 2016) construct an extremely efficient zero-knowledge argument for arithmetic circuit satisfiability in the discrete logarithm setting.  ...  We instantiate our protocol with concrete polynomial relations to construct zero-knowledge arguments for membership proofs, polynomial evaluation proofs, and range proofs.  ...  This technique can be applied more generally to produce efficient batch proofs for the low-degree relations described above.  ... 
doi:10.1007/978-3-319-76581-5_19 fatcat:q2w6c2ppgvevfi6uul6a43clou

Darlin: Recursive Proofs using Marlin [article]

Ulrich Haböck and Alberto Garoffolo and Daniele Di Benedetto
2021 arXiv   pre-print
This document describes Darlin, a succinct zero-knowledge argument of knowledge based on the Marlin SNARK (Chiesa et al., Eurocrypt 2020) and the 'dlog' polynomial commitment scheme from Bootle et al.  ...  Darlin addresses recursive proofs by integrating the amortization technique from Halo (IACR eprint 2019/099) for the non-succinct parts of the dlog verifier, and we adapt their strategy for bivariate circuit  ...  If the opening argument for the polynomial commitment scheme is a perfect honest verifier zero-knowledge argument of knowledge (Definition 5), then the same holds for the batch evaluation protocol.  ... 
arXiv:2107.04315v2 fatcat:halbog6jt5girhq7att3rxceia

Sonic

Mary Maller, Sean Bowe, Markulf Kohlweiss, Sarah Meiklejohn
2019 Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security - CCS '19  
Ever since their introduction, zero-knowledge proofs have become an important tool for addressing privacy and scalability concerns in a variety of applications.  ...  We also describe a generally useful technique in which untrusted "helpers" can compute advice that allows batches of proofs to be verified more efficiently.  ...  ACKNOWLEDGMENTS We thank Daira Hopwood and Ariel Gabizon for helpful discussions. Mary Maller and Sarah Meiklejohn are supported by EPSRC Grant EP/N028104/1.  ... 
doi:10.1145/3319535.3339817 dblp:conf/ccs/MallerBKM19 fatcat:7lgvfqmkwjb4dbhlpua4qg5k5y

Efficient Zero-Knowledge Arguments from Two-Tiered Homomorphic Commitments [chapter]

Jens Groth
2011 Lecture Notes in Computer Science  
We construct practical and efficient zero-knowledge arguments with sublinear communication complexity.  ...  For zero-knowledge arguments the communication complexity can be even lower. Kilian [27] gave a zero-knowledge argument for circuit satisfiability with polylogarithmic communication.  ...  The public coin argument (K, P, V) is a perfect special honest verifier zero-knowledge argument for R if there exists a probabilistic polynomial time simulator S such that for all non-uniform polynomial  ... 
doi:10.1007/978-3-642-25385-0_23 fatcat:exmwjqv2jzdftid3zxialwdzjm

Batching Schnorr Identification Scheme with Applications to Privacy-Preserving Authorization and Low-Bandwidth Communication Devices [chapter]

R. Gennaro, D. Leigh, R. Sundaram, W. Yerazunis
2004 Lecture Notes in Computer Science  
Our scheme uses higher degree polynomials that enable the execution of several Schnorr's protocol at a cost very close to that of a single execution.  ...  We present a batch version of Schnorr's identification scheme.  ...  The prover's response is generalized from a degree one polynomial to a degree d polynomial formed from the d secret keys.  ... 
doi:10.1007/978-3-540-30539-2_20 fatcat:4kuo4uefinatlpe733kmkxizbi

Linear Algebra with Sub-linear Zero-Knowledge Arguments [chapter]

Jens Groth
2009 Lecture Notes in Computer Science  
It has long been known [Kil92] that zero-knowledge arguments (with computational soundness) can have very low communication.  ...  We give zero-knowledge arguments that communicate only ( √ ) elements. In addition, the arguments are computationally efficient for both the prover and the verifier.  ...  The public coin argument ( , , ) is a perfect special honest verifier zero-knowledge argument for if there exists a probabilistic polynomial time simulator such that for all non-uniform polynomial time  ... 
doi:10.1007/978-3-642-03356-8_12 fatcat:p66fragujbcdvn3f6stzhaawju

Succinct Non-interactive Arguments via Linear Interactive Proofs [chapter]

Nir Bitansky, Alessandro Chiesa, Yuval Ishai, Omer Paneth, Rafail Ostrovsky
2013 Lecture Notes in Computer Science  
We also extend our methodology to obtain zero-knowledge LIPs and SNARGs.  ...  We present a general methodology for the construction of preprocessing SNARGs, as well as resulting concrete efficiency improvements.  ...  Zero-Knowledge.  ... 
doi:10.1007/978-3-642-36594-2_18 fatcat:jdnygt3cszazpaubzom77wdyku

A Subversion-Resistant SNARK [chapter]

Behzad Abdolmaleki, Karim Baghery, Helger Lipmaa, Michał Zając
2017 Lecture Notes in Computer Science  
On the positive side, they constructed an involved sound and subversion zero-knowledge argument system for NP.  ...  While succinct non-interactive zero-knowledge arguments of knowledge (zk-SNARKs) are widely studied, the question of what happens when the CRS has been subverted has received little attention.  ...  We would like to thank Janno Siim for his help in the optimization of the batched CV algorithm.  ... 
doi:10.1007/978-3-319-70700-6_1 fatcat:4p5t5xoh4va35iaztgjfh5umea

Zecale: Reconciling Privacy and Scalability on Ethereum [article]

Antoine Rondelet
2020 arXiv   pre-print
Finally, we argue that such scalability solutions for privacy preserving state transitions are paramount to emulate "cash" on blockchain systems.  ...  The probability of this event is N |Fr| which is negligible for low degree polynomials -N r (we note that N r will always be satisfied in applied settings, as carrying out a batch SNARK verification on  ...  use of low embedding degree cycles of elliptic curves 17 .  ... 
arXiv:2008.05958v2 fatcat:7nr2oajen5cv3buu3omgos3yfq

An Approach to the Construction of a Recursive Argument of Polynomial Evaluation in the Discrete Log Setting

Sungwook Kim
2022 Electronics  
Succinct Non-interactive Arguments of Knowledge (SNARks) are receiving a lot of attention as a core privacy-enhancing technology for blockchain applications.  ...  Polynomial commitment schemes are important building blocks for the construction of SNARks.  ...  proving a statement as a set of low-degree polynomials over a finite field F, which is a representation of its witness. (2) The prover sends commitments to low degree polynomials to the verifier, and  ... 
doi:10.3390/electronics11010131 fatcat:j3wly4berffp3lmm75ihoe5olq

Bulletproofs: Short Proofs for Confidential Transactions and More

Benedikt Bunz, Jonathan Bootle, Dan Boneh, Andrew Poelstra, Pieter Wuille, Greg Maxwell
2018 2018 IEEE Symposium on Security and Privacy (SP)  
Our Contributions We present Bulletproofs, a new zero-knowledge argument of knowledge 1 system, to prove that a secret committed 1.  ...  Beyond range proofs, Bulletproofs provide short zero-knowledge proofs for general arithmetic circuits while only relying on the discrete logarithm assumption and without requiring a trusted setup.  ...  We thank Peter Dettmann for pointing out the batch inversion trick. We thank Sean Bowe for various optimizations applicable to arithmetic circuits for Pedersen hash functions.  ... 
doi:10.1109/sp.2018.00020 dblp:conf/sp/BunzBBPWM18 fatcat:eqo5xk6trzgxjb7xumtcstdfw4

Generalized shape constrained spline fitting for qualitative analysis of trends

Kris Villez, Venkat Venkatasubramanian, Raghunathan Rengaswamy
2013 Computers and Chemical Engineering  
We derive upper and lower bounding procedures for the B&B algorithm to efficiently converge to the global optimum.  ...  More specifically, the B&B algorithm searches for optimal argument values in which the sign of the fitted function and/or one or more of its derivatives change.  ...  Papp for his assistance in interpreting his work in [63] .  ... 
doi:10.1016/j.compchemeng.2013.06.005 fatcat:6zuobtggdfau5jpewr5kppssbi

A Verifiable Secret Shuffle of Homomorphic Encryptions

Jens Groth
2010 Journal of Cryptology  
Additionally, we suggest a more efficient honest verifier zero-knowledge argument for a commitment containing a permutation of a set of publicly known messages.  ...  We suggest an honest verifier zero-knowledge argument for the correctness of a shuffle of homomorphic encryptions.  ...  Our goal is to construct efficient honest verifier zero-knowledge (HVZK) arguments for the correctness of a shuffle. Applications of HVZK shuffle arguments.  ... 
doi:10.1007/s00145-010-9067-9 fatcat:vutmo6kvure65c3pawts5jdf2q

Pinocchio

Bryan Parno, Jon Howell, Craig Gentry, Mariana Raykova
2016 Communications of the ACM  
As an additional feature, Pinocchio generalizes to zero-knowledge proofs at a negligible cost over the base protocol.  ...  To this end, we introduce Pinocchio, a built system for efficiently verifying general computations while relying only on cryptographic assumptions.  ...  on compiler development; Rosario Gennaro for valuable discussions; and the anonymous reviewers for their helpful comments.  ... 
doi:10.1145/2856449 fatcat:6tu4lw2vwrg3tjcqx5lijdzxym

Pinocchio: Nearly Practical Verifiable Computation

B. Parno, J. Howell, C. Gentry, M. Raykova
2013 2013 IEEE Symposium on Security and Privacy  
As an additional feature, Pinocchio generalizes to zero-knowledge proofs at a negligible cost over the base protocol.  ...  To this end, we introduce Pinocchio, a built system for efficiently verifying general computations while relying only on cryptographic assumptions.  ...  on compiler development; Rosario Gennaro for valuable discussions; and the anonymous reviewers for their helpful comments.  ... 
doi:10.1109/sp.2013.47 dblp:conf/sp/ParnoHG013 fatcat:ilx75lduibccnek4nfreezyx7q
« Previous Showing results 1 — 15 out of 3,995 results