Skip to main content
SpringerLink
Log in

Aurora: Transparent Succinct Arguments for R1CS

  • Conference paper
  • First Online:
Advances in Cryptology – EUROCRYPT 2019 (EUROCRYPT 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11476))

Abstract

We design, implement, and evaluate a zero knowledge succinct non-interactive argument (SNARG) for Rank-1 Constraint Satisfaction (R1CS), a widely-deployed NP language undergoing standardization. Our SNARG has a transparent setup, is plausibly post-quantum secure, and uses lightweight cryptography. A proof attesting to the satisfiability of n constraints has size \(O(\log ^2 n)\); it can be produced with \(O(n \log n)\) field operations and verified with O(n). At 128 bits of security, proofs are less than \({250}\,\mathrm{kB}\) even for several million constraints, more than \(10{\times }\) shorter than prior SNARGs with similar features.

A key ingredient of our construction is a new Interactive Oracle Proof (IOP) for solving a univariate analogue of the classical sumcheck problem [LFKN92], originally studied for multivariate polynomials. Our protocol verifies the sum of entries of a Reed–Solomon codeword over any subgroup of a field.

We also provide \(\texttt {libiop}\), a library for writing IOP-based arguments, in which a toolchain of transformations enables programmers to write new arguments by writing simple IOP sub-components. We have used this library to specify our construction and prior ones, and plan to open-source it.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 99.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 129.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    We omit a discussion of prior works without implementations, or that study non-transparent SNARGs; we refer the reader to the survey of Walfish and Blumberg [80] for an overview of sublinear argument systems. We also note that recent work [11] has used lattice cryptography to achieve sublinear zero knowledge arguments that are plausibly post-quantum secure, which raises the exciting question of whether these recent protocols can lead to efficient implementations.

  2. 2.

    Some cryptographic hash functions, such as BLAKE2, can process almost 1 GB/s [8].

  3. 3.

    Throughout, we assume that \(\mathbb {F}\) is “friendly” to FFT algorithms, i.e., \(\mathbb {F}\) is a binary field or its multiplicative group is smooth.

  4. 4.

    The reader may be familiar with a standard arithmetization of circuit satisfaction (used, e.g., in the inner PCP of [5]). Given an arithmetic circuit with \(m\) gates and \(n\) wires, each addition gate \(x_i \leftarrow x_j + x_k\) is mapped to the linear constraint \(x_i = x_j + x_k\) and each product gate \(x_i \leftarrow x_j \cdot x_k\) is mapped to the quadratic constraint \(x_i = x_j \cdot x_k\). The resulting system of equations can be written as \(A \cdot ((1,x) \otimes (1,x)) = b\) for suitable \(A \in \mathbb {F}^{m\times (n+1)^2}\) and \(b \in \mathbb {F}^{m}\). However, this reduction results in a quadratic blowup in the instance size. There is an alternative reduction due to [45, 62] that avoids this.

  5. 5.

    Polishchuk and Spielman [68] reduce boolean circuit satisfaction to a trivariate algebraic coloring problem with “low-degree” neighbor relations, by routing the circuit’s wires over an arithmetized routing network. Ben-Sasson and Sudan [27] reduce nondeterministic machine computations to a univariate algebraic satisfaction problem by routing the machine’s memory accesses over another arithmetized routing network. Routing is again a crucial component in the linear-size sublinear-query PCPs of [24].

  6. 6.

    The number of variables \(n\) also affects performance, but it is usually close to \(m\) and so we take \(n\approx m\) in our experiments. The number of inputs \(k\) in an R1CS instance is at most \(n\), and in typical applications it is much smaller than \(n\), so we do not focus on it.

References

  1. ZCash Company (2014). https://z.cash/

  2. The Zcash Ceremony (2016). https://z.cash/blog/the-design-of-the-ceremony.html

  3. Zero knowledge proof standardization (2017). https://zkproof.org/

  4. Ames, S., Hazay, C., Ishai, Y., Venkitasubramaniam, M.: Ligero: lightweight sublinear arguments without a trusted setup. In: Proceedings of the 24th ACM Conference on Computer and Communications Security, CCS 2017, pp. 2087–2104 (2017)

    Google Scholar 

  5. Arora, S., Lund, C., Motwani, R., Sudan, M., Szegedy, M.: Proof verification and the hardness of approximation problems. J. ACM 45(3), 501–555 (1998). Preliminary version in FOCS 1992

    Article  MathSciNet  Google Scholar 

  6. Arora, S., Safra, S.: Probabilistic checking of proofs: a new characterization of NP. J. ACM 45(1), 70–122 (1998). Preliminary version in FOCS 1992

    Article  MathSciNet  Google Scholar 

  7. Aumasson, J.-P., Meier, W., Phan, R.C.-W., Henzen, L.: The Hash Function BLAKE. ISC. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44757-4

    Book  MATH  Google Scholar 

  8. Aumasson, J.P., Neves, S., Wilcox-O’Hearn, Z., Winnerlein, C.: BLAKE2: simpler, smaller, fast as MD5 (2013). https://blake2.net/blake2.pdf

    Chapter  Google Scholar 

  9. Babai, L., Fortnow, L., Levin, L.A., Szegedy, M.: Checking computations in polylogarithmic time. In: Proceedings of the 23rd Annual ACM Symposium on Theory of Computing, STOC 1991, pp. 21–32 (1991)

    Google Scholar 

  10. Babai, L., Fortnow, L., Lund, C.: Non-deterministic exponential time has two-prover interactive protocols. Comput. Complex. 1, 3–40 (1991). Preliminary version appeared in FOCS 1990

    Article  Google Scholar 

  11. Baum, C., Bootle, J., Cerulli, A., del Pino, R., Groth, J., Lyubashevsky, V.: Sub-linear lattice-based zero-knowledge arguments for arithmetic circuits. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 669–699. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96881-0_23

    Chapter  Google Scholar 

  12. Ben-Sasson, E., et al.: Computational integrity with a public random string from quasi-linear PCPs. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10212, pp. 551–579. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56617-7_19

    Chapter  Google Scholar 

  13. Ben-Sasson, E., Bentov, I., Horesh, Y., Riabzev, M.: Scalable, transparent, and post-quantum secure computational integrity. Cryptology ePrint Archive, Report 2018/046 (2018)

    Google Scholar 

  14. Ben-Sasson, E., Bentov, I., Horesh, Y., Riabzev, M.: Fast Reed-Solomon interactive Oracle proofs of proximity. In: Proceedings of the 45th International Colloquium on Automata, Languages and Programming, ICALP 2018, pp. 14:1–14:17 (2018)

    Google Scholar 

  15. Ben-Sasson, E., Chiesa, A., Forbes, M.A., Gabizon, A., Riabzev, M., Spooner, N.: Zero knowledge protocols from succinct constraint detection. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017. LNCS, vol. 10678, pp. 172–206. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70503-3_6

    Chapter  Google Scholar 

  16. Ben-Sasson, E., Chiesa, A., Gabizon, A., Riabzev, M., Spooner, N.: Interactive Oracle Proofs with constant rate and query complexity. In: Proceedings of the 44th International Colloquium on Automata, Languages and Programming, ICALP 2017, pp. 40:1–40:15 (2017)

    Google Scholar 

  17. Ben-Sasson, E., Chiesa, A., Gabizon, A., Virza, M.: Quasi-linear size zero knowledge from linear-algebraic PCPs. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016-A. LNCS, vol. 9563, pp. 33–64. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49099-0_2

    Chapter  Google Scholar 

  18. Ben-Sasson, E., et al.: Zerocash: decentralized anonymous payments from Bitcoin. In: Proceedings of the 2014 IEEE Symposium on Security and Privacy, SP 2014, pp. 459–474 (2014)

    Google Scholar 

  19. Ben-Sasson, E., Chiesa, A., Genkin, D., Tromer, E., Virza, M.: SNARKs for C: verifying program executions succinctly and in zero knowledge. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 90–108. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40084-1_6

    Chapter  MATH  Google Scholar 

  20. Ben-Sasson, E., Chiesa, A., Green, M., Tromer, E., Virza, M.: Secure sampling of public parameters for succinct zero knowledge proofs. In: Proceedings of the 36th IEEE Symposium on Security and Privacy, S&P 2015, pp. 287–304 (2015)

    Google Scholar 

  21. Ben-Sasson, E., Chiesa, A., Spooner, N.: Interactive Oracle proofs. In: Hirt, M., Smith, A. (eds.) TCC 2016-B. LNCS, vol. 9986, pp. 31–60. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53644-5_2

    Chapter  Google Scholar 

  22. Ben-Sasson, E., Chiesa, A., Tromer, E., Virza, M.: Scalable zero knowledge via cycles of elliptic curves. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8617, pp. 276–294. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44381-1_16. Extended version at http://eprint.iacr.org/2014/595

    Chapter  Google Scholar 

  23. Ben-Sasson, E., Chiesa, A., Tromer, E., Virza, M.: Succinct non-interactive zero knowledge for a von Neumann architecture. In: Proceedings of the 23rd USENIX Security Symposium, Security 2014, pp. 781–796 (2014). Extended version at http://eprint.iacr.org/2013/879

  24. Ben-Sasson, E., Kaplan, Y., Kopparty, S., Meir, O., Stichtenoth, H.: Constant rate PCPs for Circuit-SAT with sublinear query complexity. In: Proceedings of the 54th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2013, pp. 320–329 (2013)

    Google Scholar 

  25. Ben-Sasson, E., Kopparty, S., Saraf, S.: Worst-case to average case reductions for the distance to a code. In: Proceedings of the 33rd ACM Conference on Computer and Communications Security, CCS 2018, pp. 24:1–24:23 (2018)

    Google Scholar 

  26. Ben-Sasson, E., Sudan, M.: Robust locally testable codes and products of codes. Random Struct. Algorithms 28(4), 387–402 (2006)

    Article  MathSciNet  Google Scholar 

  27. Ben-Sasson, E., Sudan, M.: Short PCPs with Polylog query complexity. SIAM J. Comput. 38(2), 551–607 (2008). Preliminary version appeared in STOC 2005

    Article  MathSciNet  Google Scholar 

  28. Bernstein, D.J., Chou, T.: Faster binary-field multiplication and faster binary-field MACs. In: Joux, A., Youssef, A. (eds.) SAC 2014. LNCS, vol. 8781, pp. 92–111. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-13051-4_6

    Chapter  Google Scholar 

  29. Bitansky, N., Chiesa, A., Ishai, Y., Paneth, O., Ostrovsky, R.: Succinct non-interactive arguments via linear interactive proofs. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 315–333. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36594-2_18

    Chapter  Google Scholar 

  30. Boneh, D., Ishai, Y., Sahai, A., Wu, D.J.: Lattice-based SNARGs and their application to more efficient obfuscation. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10212, pp. 247–277. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56617-7_9

    Chapter  Google Scholar 

  31. Bootle, J., Cerulli, A., Chaidos, P., Groth, J., Petit, C.: Efficient zero-knowledge arguments for arithmetic circuits in the discrete log setting. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 327–357. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49896-5_12

    Chapter  MATH  Google Scholar 

  32. Bowe, S., Gabizon, A., Green, M.: A multi-party protocol for constructing the public parameters of the Pinocchio zk-SNARK. Cryptology ePrint Archive, Report 2017/602 (2017)

    Google Scholar 

  33. Bowe, S., Gabizon, A., Miers, I.: Scalable multi-party computation for zk-SNARK parameters in the random beacon model. Cryptology ePrint Archive, Report 2017/1050 (2017)

    Google Scholar 

  34. Brassard, G., Chaum, D., Crépeau, C.: Minimum disclosure proofs of knowledge. J. Comput. Syst. Sci. 37(2), 156–189 (1988)

    Article  MathSciNet  Google Scholar 

  35. Bünz, B., Bootle, J., Boneh, D., Poelstra, A., Wuille, P., Maxwell, G.: Bulletproofs: short proofs for confidential transactions and more. In: Proceedings of the 39th IEEE Symposium on Security and Privacy, S&P 2018, pp. 315–334 (2018)

    Google Scholar 

  36. Byott, N.P., Chapman, R.J.: Power sums over finite subspaces of a field. Finite Fields Appl. 5(3), 254–265 (1999)

    Article  MathSciNet  Google Scholar 

  37. Cantor, D.G.: On arithmetical algorithms over finite fields. J. Comb. Theor. Series A 50(2), 285–300 (1989)

    Article  MathSciNet  Google Scholar 

  38. Cooley, J.W., Tukey, J.W.: An algorithm for the machine calculation of complex Fourier series. Math. Comput. 19, 297–301 (1965)

    Article  MathSciNet  Google Scholar 

  39. Cormode, G., Mitzenmacher, M., Thaler, J.: Practical verified computation with streaming interactive proofs. In: Proceedings of the 4th Symposium on Innovations in Theoretical Computer Science, ITCS 2012, pp. 90–112 (2012)

    Google Scholar 

  40. Costello, C., et al.: Geppetto: versatile verifiable computation. In: Proceedings of the 36th IEEE Symposium on Security and Privacy, S&P 2015, pp. 250–273 (2015)

    Google Scholar 

  41. Cramer, R., Damgård, I.: Zero-knowledge proofs for finite field arithmetic, or: can zero-knowledge be for free? In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 424–441. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0055745

    Chapter  Google Scholar 

  42. eBACS: ECRYPT Benchmarking of Cryptographic Systems: Measurements of hash functions, indexed by machine (2017). https://bench.cr.yp.to/results-hash.html

  43. Feige, U., Goldwasser, S., Lovász, L., Safra, S., Szegedy, M.: Interactive proofs and the hardness of approximating cliques. J. ACM 43(2), 268–292 (1996). Preliminary version in FOCS 1991

    Article  MathSciNet  Google Scholar 

  44. Gao, S., Mateer, T.: Additive fast Fourier transforms over finite fields. IEEE Trans. Inf. Theory 56(12), 6265–6272 (2010)

    Article  MathSciNet  Google Scholar 

  45. Gennaro, R., Gentry, C., Parno, B., Raykova, M.: Quadratic span programs and succinct NIZKs without PCPs. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 626–645. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_37

    Chapter  Google Scholar 

  46. Gentry, C., Wichs, D.: Separating succinct non-interactive arguments from all falsifiable assumptions. In: Proceedings of the 43rd Annual ACM Symposium on Theory of Computing, STOC 2011, pp. 99–108 (2011)

    Google Scholar 

  47. Goldreich, O., Håstad, J.: On the complexity of interactive proofs with bounded communication. Inf. Process. Lett. 67(4), 205–214 (1998)

    Article  MathSciNet  Google Scholar 

  48. Goldwasser, S., Kalai, Y.T., Rothblum, G.N.: Delegating computation: interactive proofs for Muggles. J. ACM 62(4), 27:1–27:64 (2015)

    Article  MathSciNet  Google Scholar 

  49. Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186–208 (1989). Preliminary version appeared in STOC 1985

    Article  MathSciNet  Google Scholar 

  50. Groth, J.: Short pairing-based non-interactive zero-knowledge arguments. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 321–340. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17373-8_19

    Chapter  Google Scholar 

  51. Groth, J.: On the size of pairing-based non-interactive arguments. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 305–326. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49896-5_11

    Chapter  Google Scholar 

  52. Groth, J., Maller, M.: Snarky signatures: minimal signatures of knowledge from simulation-extractable SNARKs. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 581–612. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63715-0_20

    Chapter  Google Scholar 

  53. Gueron, S.: Intel carry-less multiplication instruction and its usage for computing the GCM mode (2011). https://software.intel.com/en-us/articles/intel-carry-less-multiplication-instruction-and-its-usage-for-computing-the-gcm-mode

  54. Ishai, Y., Kushilevitz, E., Ostrovsky, R.: Efficient arguments without short PCPs. In: Proceedings of the Twenty-Second Annual IEEE Conference on Computational Complexity, CCC 2007, pp. 278–291 (2007)

    Google Scholar 

  55. Ishai, Y., Mahmoody, M., Sahai, A., Xiao, D.: On zero-knowledge PCPs: limitations, simplifications, and applications (2015). http://www.cs.virginia.edu/~mohammad/files/papers/ZKPCPs-Full.pdf

  56. Kalai, Y.T., Raz, R.: Interactive PCP. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008. LNCS, vol. 5126, pp. 536–547. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70583-3_44

    Chapter  Google Scholar 

  57. Kilian, J.: A note on efficient zero-knowledge proofs and arguments. In: Proceedings of the 24th Annual ACM Symposium on Theory of Computing, STOC 1992, pp. 723–732 (1992)

    Google Scholar 

  58. Lin, S., Al-Naffouri, T.Y., Han, Y.S.: FFT algorithm for binary extension finite fields and its application to Reed-Solomon codes. IEEE Trans. Inf. Theory 62(10), 5343–5358 (2016)

    Article  MathSciNet  Google Scholar 

  59. Lin, S., Chung, W.H., Han, Y.S.: Novel polynomial basis and its application to Reed-Solomon erasure codes. In: Proceedings of the 55th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2014, pp. 316–325 (2014)

    Google Scholar 

  60. Lipmaa, H.: Succinct non-interactive zero knowledge arguments from span programs and linear error-correcting codes. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8269, pp. 41–60. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-42033-7_3

    Chapter  Google Scholar 

  61. Lund, C., Fortnow, L., Karloff, H.J., Nisan, N.: Algebraic methods for interactive proof systems. J. ACM 39(4), 859–868 (1992)

    Article  MathSciNet  Google Scholar 

  62. Meir, O.: Combinatorial PCPs with short proofs. In: Proceedings of the 26th Annual IEEE Conference on Computational Complexity, CCC 2012 (2012)

    Google Scholar 

  63. Micali, S.: Computationally sound proofs. SIAM J. Comput. 30(4), 1253–1298 (2000). Preliminary version appeared in FOCS 1994

    Article  MathSciNet  Google Scholar 

  64. Montgomery, P.L.: Modular multiplication without trial division. Math. Comput. 44(170), 519–521 (1985)

    Article  MathSciNet  Google Scholar 

  65. Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2009). http://www.bitcoin.org/bitcoin.pdf

  66. NIST: Post-quantum cryptography (2016). https://csrc.nist.gov/Projects/Post-Quantum-Cryptography

  67. Parno, B., Gentry, C., Howell, J., Raykova, M.: Pinocchio: Nearly practical verifiable computation. In: 2013 Proceedings of the 34th IEEE Symposium on Security and Privacy, Oakland, pp. 238–252 (2013)

    Google Scholar 

  68. Polishchuk, A., Spielman, D.A.: Nearly-linear size holographic proofs. In: Proceedings of the 26th Annual ACM Symposium on Theory of Computing, STOC 1994, pp. 194–203 (1994)

    Google Scholar 

  69. Reingold, O., Rothblum, R., Rothblum, G.: Constant-round interactive proofs for delegating computation. In: Proceedings of the 48th ACM Symposium on the Theory of Computing, STOC 2016, pp. 49–62 (2016)

    Google Scholar 

  70. SCIPR Lab: libsnark: a C++ library for zkSNARK proofs. https://github.com/scipr-lab/libsnark

  71. Setty, S., Braun, B., Vu, V., Blumberg, A.J., Parno, B., Walfish, M.: Resolving the conflict between generality and plausibility in verified computation. In: Proceedings of the 8th EuoroSys Conference, EuroSys 2013, pp. 71–84 (2013)

    Google Scholar 

  72. Shamir, A.: IP = PSPACE. J. ACM 39(4), 869–877 (1992)

    Article  MathSciNet  Google Scholar 

  73. Thaler, J.: Time-optimal interactive proofs for circuit evaluation. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 71–89. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40084-1_5

    Chapter  Google Scholar 

  74. Thaler, J.: A note on the GKR protocol (2015). http://people.cs.georgetown.edu/jthaler/GKRNote.pdf

  75. Thaler, J., Roberts, M., Mitzenmacher, M., Pfister, H.: Verifiable computation with massively parallel interactive proofs. CoRR abs/1202.1350 (2012)

    Google Scholar 

  76. Wahby, R.S., Howald, M., Garg, S.J., Shelat, A., Walfish, M.: Verifiable ASICs. In: Proceedings of the 37th IEEE Symposium on Security and Privacy, S&P ’16, pp. 759–778 (2016)

    Google Scholar 

  77. Wahby, R.S., et al.: Full accounting for verifiable outsourcing. In: Proceedings of the 24th ACM Conference on Computer and Communications Security, CCS 2017 , pp. 2071–2086 (2017)

    Google Scholar 

  78. Wahby, R.S., Setty, S., Ren, Z., Blumberg, A.J., Walfish, M.: Efficient RAM and control flow in verifiable outsourced computation. In: Proceedings of the 22nd Annual Network and Distributed System Security Symposium, NDSS 2015 (2015)

    Google Scholar 

  79. Wahby, R.S., Tzialla, I., Shelat, A., Thaler, J., Walfish, M.: Doubly-efficient zkSNARKs without trusted setup. Cryptology ePrint Archive, Report 2017/1132 (2017)

    Google Scholar 

  80. Walfish, M., Blumberg, A.J.: Verifying computations without reexecuting them. Commun. ACM 58(2), 74–84 (2015)

    Article  Google Scholar 

  81. Wee, H.: On round-efficient argument systems. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 140–152. Springer, Heidelberg (2005). https://doi.org/10.1007/11523468_12

    Chapter  Google Scholar 

  82. Zhang, Y., Genkin, D., Katz, J., Papadopoulos, D., Papamanthou, C.: vSQL: verifying arbitrary SQL queries over dynamic outsourced databases. In: Proceedings of the 38th IEEE Symposium on Security and Privacy, S&P 2017, pp. 863–880 (2017)

    Google Scholar 

  83. Zhang, Y., Genkin, D., Katz, J., Papadopoulos, D., Papamanthou, C.: A zero-knowledge version of VSQL. Cryptology ePrint Archive, Report 2017/1146 (2017)

    Google Scholar 

Download references

Acknowledgments

We thank Alexander Chernyakhovsky and Tom Gur for helpful discussions, and Aleksejs Popovs for help in implementing parts of \(\texttt {libiop}\). This work was supported in part by: the Ethics and Governance of Artificial Intelligence Fund; a Google Faculty Award; the Israel Science Foundation (grant 1501/14); the UC Berkeley Center for Long-Term Cybersecurity; the US-Israel Binational Science Foundation (grant 2015780); and donations from the Interchain Foundation and Qtum.

Author information

Authors and Affiliations

  1. Technion/STARKWare, Haifa, Israel

    Eli Ben-Sasson & Michael Riabzev

  2. UC Berkeley, Berkeley, USA

    Alessandro Chiesa, Nicholas Spooner & Nicholas P. Ward

  3. MIT Media Lab, Cambridge, USA

    Madars Virza

Authors
  1. Eli Ben-Sasson
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alessandro Chiesa
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Michael Riabzev
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Nicholas Spooner
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Madars Virza
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Nicholas P. Ward
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alessandro Chiesa .

Editor information

Editors and Affiliations

  1. Technion, Haifa, Israel

    Yuval Ishai

  2. COSIC Group, KU Leuven, Heverlee, Belgium

    Vincent Rijmen

Rights and permissions

Reprints and permissions

Copyright information

© 2019 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ben-Sasson, E., Chiesa, A., Riabzev, M., Spooner, N., Virza, M., Ward, N.P. (2019). Aurora: Transparent Succinct Arguments for R1CS. In: Ishai, Y., Rijmen, V. (eds) Advances in Cryptology – EUROCRYPT 2019. EUROCRYPT 2019. Lecture Notes in Computer Science(), vol 11476. Springer, Cham. https://doi.org/10.1007/978-3-030-17653-2_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-17653-2_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-17652-5

  • Online ISBN: 978-3-030-17653-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation