Paper 2024/724

zkSNARKs in the ROM with Unconditional UC-Security

Alessandro Chiesa, École Polytechnique Fédérale de Lausanne
Giacomo Fenzi, École Polytechnique Fédérale de Lausanne
Abstract

The universal composability (UC) framework is a “gold standard” for security in cryptography. UC-secure protocols achieve strong security guarantees against powerful adaptive adversaries, and retain these guarantees when used as part of larger protocols. Zero knowledge succinct non-interactive arguments of knowledge (zkSNARKs) are a popular cryptographic primitive that are often used within larger protocols deployed in dynamic environments, and so UC-security is a highly desirable, if not necessary, goal. In this paper we prove that there exist zkSNARKs in the random oracle model (ROM) that unconditionally achieve UC-security. Here, “unconditionally” means that security holds against adversaries that make a bounded number of queries to the random oracle, but are otherwise computationally unbounded. Prior work studying UC-security for zkSNARKs obtains transformations that rely on computational assumptions and, in many cases, lose most of the succinctness property of the zkSNARK. Moreover, these transformations make the resulting zkSNARK more expensive and complicated. In contrast, we prove that widely used zkSNARKs in the ROM are UC-secure without modifications. We prove that the Micali construction, which is the canonical construction of a zkSNARK, is UC-secure. Moreover, we prove that the BCS construction, which many zkSNARKs deployed in practice are based on, is UC-secure. Our results confirm the intuition that these natural zkSNARKs do not need to be augmented to achieve UC-security, and give confidence that their use in larger real-world systems is secure.

Note: Updated publication status.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
A major revision of an IACR publication in TCC 2024
Keywords
succinct argumentsrandom oracle modeluniversal composability
Contact author(s)
alessandro chiesa @ epfl ch
giacomo fenzi @ epfl ch
History
2024-09-05: last of 3 revisions
2024-05-11: received
See all versions
Short URL
https://ia.cr/2024/724
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/724,
      author = {Alessandro Chiesa and Giacomo Fenzi},
      title = {{zkSNARKs} in the {ROM} with Unconditional {UC}-Security},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/724},
      year = {2024},
      url = {https://eprint.iacr.org/2024/724}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.