What Makes Fiat–Shamir zkSNARKs (Updatable SRS) Simulation Extractable?
We show that three popular universal zero-knowledge SNARKs (Plonk, Sonic, and Marlin) are updatable SRS simulation extractable NIZKs and signatures of knowledge (SoK) out-of-the-box avoiding any compilation overhead. Towards this we generalize results for the Fiat–Shamir (FS) transformation, which t...
Saved in:
| Published in | Security and Cryptography for Networks pp. 735 - 760 |
|---|---|
| Main Authors | , , , , |
| Format | Book Chapter |
| Language | English |
| Published |
Cham
Springer International Publishing
2022
|
| Series | Lecture Notes in Computer Science |
| Online Access | Get full text |
Cover
Loading…
| Abstract | We show that three popular universal zero-knowledge SNARKs (Plonk, Sonic, and Marlin) are updatable SRS simulation extractable NIZKs and signatures of knowledge (SoK) out-of-the-box avoiding any compilation overhead.
Towards this we generalize results for the Fiat–Shamir (FS) transformation, which turns interactive protocols into signature schemes, non-interactive proof systems, or SoK in the random oracle model (ROM). The security of the transformation relies on rewinding to extract the secret key or the witness, even in the presence of signing queries for signatures and simulation queries for proof systems and SoK, respectively. We build on this line of work and analyze multi-round FS for arguments with a structured reference string (SRS). The combination of ROM and SRS, while redundant in theory, is the model of choice for the most efficient practical systems to date. We also consider the case where the SRS is updatable and define a strong simulation extractability notion that allows for simulated proofs with respect to an SRS to which the adversary can contribute updates.
We define three properties (trapdoor-less zero-knowledge, rewinding-based knowledge soundness, and a unique response property) that are sufficient for argument systems based on multi-round FS to be also simulation extractable in this strong sense. We show that Plonk, Sonic, and Marlin satisfy these properties, and conjecture that many other argument systems such as Lunar, Basilisk, and transparent variants of Plonk fall within the reach of our main theorem. |
|---|---|
| AbstractList | We show that three popular universal zero-knowledge SNARKs (Plonk, Sonic, and Marlin) are updatable SRS simulation extractable NIZKs and signatures of knowledge (SoK) out-of-the-box avoiding any compilation overhead.
Towards this we generalize results for the Fiat–Shamir (FS) transformation, which turns interactive protocols into signature schemes, non-interactive proof systems, or SoK in the random oracle model (ROM). The security of the transformation relies on rewinding to extract the secret key or the witness, even in the presence of signing queries for signatures and simulation queries for proof systems and SoK, respectively. We build on this line of work and analyze multi-round FS for arguments with a structured reference string (SRS). The combination of ROM and SRS, while redundant in theory, is the model of choice for the most efficient practical systems to date. We also consider the case where the SRS is updatable and define a strong simulation extractability notion that allows for simulated proofs with respect to an SRS to which the adversary can contribute updates.
We define three properties (trapdoor-less zero-knowledge, rewinding-based knowledge soundness, and a unique response property) that are sufficient for argument systems based on multi-round FS to be also simulation extractable in this strong sense. We show that Plonk, Sonic, and Marlin satisfy these properties, and conjecture that many other argument systems such as Lunar, Basilisk, and transparent variants of Plonk fall within the reach of our main theorem. |
| Author | Zając, Michał Ganesh, Chaya Kohlweiss, Markulf Nitulescu, Anca Khoshakhlagh, Hamidreza |
| Author_xml | – sequence: 1 givenname: Chaya orcidid: 0000-0002-2909-9177 surname: Ganesh fullname: Ganesh, Chaya – sequence: 2 givenname: Hamidreza orcidid: 0000-0001-7220-0763 surname: Khoshakhlagh fullname: Khoshakhlagh, Hamidreza email: hamidreza@cs.au.dk – sequence: 3 givenname: Markulf surname: Kohlweiss fullname: Kohlweiss, Markulf – sequence: 4 givenname: Anca surname: Nitulescu fullname: Nitulescu, Anca – sequence: 5 givenname: Michał surname: Zając fullname: Zając, Michał |
| BookMark | eNo1kMFOwkAURUfFRED-wMUsdTH6Xl_LzKyMIaBE1IRKdDeZ0qlUoCWdmhhX_oN_6JdYUFcvuefmJfd0WKsoC8fYCcI5AsgLLZUgAYQCQ6lRkKFgj3WoSXbB8z5rYx8bQKE-YL2m_8-g32JtIAiEliEdsZ73rwAQSCKN1Gbjp4Wt-Z1dOs9Hua2_P7_ihV3nFf9YxvdX01vPT2eb1NY2WTkeT-MzHufrt5Wt87Lgw_e6svMduzxmh5ldedf7u102Gw0fBzdi8nA9HlxNhEetamFT6VIVWZCAqKzMpEoj7dQ8w6CfSO0wU9pmCFmqg0wiNs1IRVInNgRNCXVZ8PvXb6q8eHGVScpy6Q2C2coyzXhDpplvdm7MVhb9AHBZWVg |
| ContentType | Book Chapter |
| Copyright | The Author(s), under exclusive license to Springer Nature Switzerland AG 2022 |
| Copyright_xml | – notice: The Author(s), under exclusive license to Springer Nature Switzerland AG 2022 |
| DOI | 10.1007/978-3-031-14791-3_32 |
| DatabaseTitleList | |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Mathematics Computer Science |
| EISBN | 303114791X 9783031147913 |
| EISSN | 1611-3349 |
| Editor | Galdi, Clemente Jarecki, Stanislaw |
| Editor_xml | – sequence: 1 givenname: Clemente orcidid: 0000-0002-2988-700X surname: Galdi fullname: Galdi, Clemente email: clgaldi@unisa.it – sequence: 2 givenname: Stanislaw orcidid: 0000-0002-5055-2407 surname: Jarecki fullname: Jarecki, Stanislaw email: stasio@ics.uci.edu |
| EndPage | 760 |
| GroupedDBID | -DT -GH -~X 1SB 29L 2HA 2HV 5QI 875 AASHB ABMNI ACGFS ADCXD AEFIE ALMA_UNASSIGNED_HOLDINGS EJD F5P FEDTE HVGLF LAS LDH P2P RIG RNI RSU SVGTG VI1 ~02 |
| ID | FETCH-LOGICAL-s198t-ad7ed85a070118a7f78d59e8cf126b79e1f89af10fd92f711a0758579ba4093b3 |
| ISBN | 9783031147906 3031147901 |
| ISSN | 0302-9743 |
| IngestDate | Tue Jul 29 20:22:01 EDT 2025 |
| IsPeerReviewed | true |
| IsScholarly | true |
| Language | English |
| LinkModel | OpenURL |
| MergedId | FETCHMERGED-LOGICAL-s198t-ad7ed85a070118a7f78d59e8cf126b79e1f89af10fd92f711a0758579ba4093b3 |
| ORCID | 0000-0001-7220-0763 0000-0002-2909-9177 |
| PageCount | 26 |
| ParticipantIDs | springer_books_10_1007_978_3_031_14791_3_32 |
| PublicationCentury | 2000 |
| PublicationDate | 2022 |
| PublicationDateYYYYMMDD | 2022-01-01 |
| PublicationDate_xml | – year: 2022 text: 2022 |
| PublicationDecade | 2020 |
| PublicationPlace | Cham |
| PublicationPlace_xml | – name: Cham |
| PublicationSeriesTitle | Lecture Notes in Computer Science |
| PublicationSeriesTitleAlternate | Lect.Notes Computer |
| PublicationSubtitle | 13th International Conference, SCN 2022, Amalfi (SA), Italy, September 12–14, 2022, Proceedings |
| PublicationTitle | Security and Cryptography for Networks |
| PublicationYear | 2022 |
| Publisher | Springer International Publishing |
| Publisher_xml | – name: Springer International Publishing |
| RelatedPersons | Hartmanis, Juris Gao, Wen Steffen, Bernhard Bertino, Elisa Goos, Gerhard Yung, Moti |
| RelatedPersons_xml | – sequence: 1 givenname: Gerhard surname: Goos fullname: Goos, Gerhard – sequence: 2 givenname: Juris surname: Hartmanis fullname: Hartmanis, Juris – sequence: 3 givenname: Elisa surname: Bertino fullname: Bertino, Elisa – sequence: 4 givenname: Wen surname: Gao fullname: Gao, Wen – sequence: 5 givenname: Bernhard orcidid: 0000-0001-9619-1558 surname: Steffen fullname: Steffen, Bernhard – sequence: 6 givenname: Moti orcidid: 0000-0003-0848-0873 surname: Yung fullname: Yung, Moti |
| SSID | ssj0002733913 ssj0002792 |
| Score | 2.1216 |
| Snippet | We show that three popular universal zero-knowledge SNARKs (Plonk, Sonic, and Marlin) are updatable SRS simulation extractable NIZKs and signatures of... |
| SourceID | springer |
| SourceType | Publisher |
| StartPage | 735 |
| Title | What Makes Fiat–Shamir zkSNARKs (Updatable SRS) Simulation Extractable? |
| URI | http://link.springer.com/10.1007/978-3-031-14791-3_32 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV3NbtNAEF6FcCkcgAICCsgHDqDIyGvH3t0DQlWVEvqTQ92i3qx1di1HSZMqdlSaE-_Aq_BEPAmz3l3bTXspF8txNl5nZjyzO_PNDEIfKBGRLzB1M8LHbp9K4XIiMzdk3E_FmHGvKqV0PIqGZ_2D8_C80_nTQi2tyvTzeH1nXsn_cBWuAV9Vluw9OFvfFC7AOfAXjsBhOG4sfm-6WXUOh-k8V7n_95bXl6WpPl0hB0ca3l2vmL9x0Gm5CbBf17r4MF8UOZ_mM65jLUN-MRFLuW4GLPLZlZzo1uoqsWc1y5pYRrlS5aBWGhlpQT9NTXD4wVQWvX1gvwVVBHEOUyx762k82j051D7fS4VTVSlc8Ums3BTx5MJ0FesNfpYqj0t9azGIirSy-HJkoh-jRVmBynq2QYXVV22Hhu9vODSsQ3PDJdp45W7sgMECw46OMC9qKc4AtDzsk7TilFqxR6pcY6DLoxplTXShFGP3ie5rcMuktFEkMJmrZoNbJQEY_geEhl30cHdwcPSj9uzBgjCoYr9b9jMzsSz9VCrDyD411jWgmn_Ryu68a8pb8fpqGXT6FD1WqTGOylkBoj1DHTnfRk8s3R1D92306LguBlw8R9-VKDiVKDhKFP7--q2FwLFC4HysRcABEfjkNALgtATg6wt0tj843Ru6poOHW2BGS5cLIgUNOdgV2MhykhEqQibpOMN-lBImcUYZz7CXCeZnBGMYCftXwlLe91iQBi9Rd76Yy1fIiRgmQYrHIqReX9JUAQAoEzwgnAiG-WvUs5RJ1DtZJLYgN9AxCRKgY1LRMVF0fHOv0TtoqxHUt6hbLlfyHaxFy_S9Yf4_KEp_tQ |
| linkProvider | Library Specific Holdings |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.title=Security+and+Cryptography+for+Networks&rft.au=Ganesh%2C+Chaya&rft.au=Khoshakhlagh%2C+Hamidreza&rft.au=Kohlweiss%2C+Markulf&rft.au=Nitulescu%2C+Anca&rft.atitle=What+Makes+Fiat%E2%80%93Shamir+zkSNARKs+%28Updatable+SRS%29+Simulation+Extractable%3F&rft.series=Lecture+Notes+in+Computer+Science&rft.date=2022-01-01&rft.pub=Springer+International+Publishing&rft.isbn=9783031147906&rft.issn=0302-9743&rft.eissn=1611-3349&rft.spage=735&rft.epage=760&rft_id=info:doi/10.1007%2F978-3-031-14791-3_32 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0302-9743&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0302-9743&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0302-9743&client=summon |