Paper 2010/610

Separating Succinct Non-Interactive Arguments From All Falsifiable Assumptions

Craig Gentry and Daniel Wichs

Abstract

In this paper, we study succinct computationally sound proofs (arguments) for NP, whose communication complexity is polylogarithmic the instance and witness sizes. The seminal works of Kilian '92 and Micali '94 show that such arguments can be constructed under standard cryptographic hardness assumptions with four rounds of interaction, and that they be made non-interactive in the random-oracle model. The latter construction also gives us some evidence that succinct non interactive arguments (SNARGs) may exist in the standard model with a common reference string (CRS), by replacing the oracle with a sufficiently complicated hash function whose description goes in the CRS. However, we currently do not know of any construction of SNARGs with a formal proof of security under any simple cryptographic assumption. In this work, we give a broad black-box separation result, showing that black-box reductions cannot be used to prove the security of any SNARG construction based on any falsifiable cryptographic assumption. This includes essentially all common assumptions used in cryptography (one-way functions, trapdoor permutations, DDH, RSA, LWE etc.). More generally, we say that an assumption is falsifiable if it can be modeled as an interactive game between an adversary and an efficient challenger that can efficiently decide if the adversary won the game. This is similar, in spirit, to the notion of falsifiability of Naor '03, and captures the fact that we can efficiently check if an adversarial strategy breaks the assumption. Our separation result also extends to designated verifier SNARGs, where the verifier needs a trapdoor associated with the CRS to verify arguments, and slightly succinct SNARGs, whose size is only required to be sublinear in the statement and witness size.

Note: Update on June 6, 2012: Added a minor change to definition of slightly succinct SNARGs and correspondingly updated the last paragraph of the proof of Lemma 4.1.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
Published elsewhere. Unknown where it was published
Keywords
black-box separationcomputationally sound proofs
Contact author(s)
wichs @ cs nyu edu
History
2013-06-06: last of 3 revisions
2010-11-30: received
See all versions
Short URL
https://ia.cr/2010/610
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2010/610,
      author = {Craig Gentry and Daniel Wichs},
      title = {Separating Succinct Non-Interactive Arguments From All Falsifiable Assumptions},
      howpublished = {Cryptology ePrint Archive, Paper 2010/610},
      year = {2010},
      note = {\url{https://eprint.iacr.org/2010/610}},
      url = {https://eprint.iacr.org/2010/610}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.