Paper 2024/994
On Knowledge-Soundness of Plonk in ROM from Falsifiable Assumptions
Abstract
Lipmaa, Parisella, and Siim [Eurocrypt, 2024] proved the extractability of the KZG polynomial commitment scheme under the falsifiable assumption ARSDH. They also showed that variants of real-world zk-SNARKs like Plonk can be made knowledge-sound in the random oracle model (ROM) under the ARSDH assumption. However, their approach did not consider various batching optimizations, resulting in their variant of Plonk having approximately 3.5 times longer argument. Our contributions are: (1) We prove that several batch-opening protocols for KZG, used in modern zk-SNARKs, have computational special-soundness under the ARSDH assumption. (2) We prove that interactive Plonk has computational special-soundness under the ARSDH assumption and a new falsifiable assumption TriRSDH. We also prove that a minor modification of the interactive Plonk has computational special-soundness under only the ARSDH assumption. The Fiat-Shamir transform can be applied to obtain non-interactive versions, which are secure in the ROM under the same assumptions.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Preprint.
- Keywords
- BatchingKZGPlonkspecial-soundnesszk-SNARKs
- Contact author(s)
-
helger lipmaa @ gmail com
robertoparisella @ hotmail it
jannosiim @ gmail com - History
- 2024-06-21: approved
- 2024-06-20: received
- See all versions
- Short URL
- https://ia.cr/2024/994
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/994, author = {Helger Lipmaa and Roberto Parisella and Janno Siim}, title = {On Knowledge-Soundness of Plonk in {ROM} from Falsifiable Assumptions}, howpublished = {Cryptology {ePrint} Archive, Paper 2024/994}, year = {2024}, url = {https://eprint.iacr.org/2024/994} }