An Algebraic Framework for Universal and Updatable SNARKs

We introduce Checkable Subspace Sampling Arguments, a new information theoretic interactive proof system in which the prover shows that a vector has been sampled in a subspace according to the verifier\u27s coins. We show that this primitive provides a unifying view that explains the technical core of most of the constructions of universal and updatable pairing-based (zk)SNARKs. This characterization is extended to a fully algebraic framework for designing such SNARKs in a modular way. We propose new constructions of CSS arguments that lead to SNARKs with different performance trade-offs. Our most efficient construction, Basilisk, seems to have the smallest proof size in the literature, although it pays a price in terms of structure reference string for the number of multiplicative gates whose fan-out exceeds a certain bound

Mutual Accountability Layer: Accountable Anonymity within Accountable Trust

Anonymous cryptographic primitives reduce the traces left by the users when interacting over a digital platform. However, they also prevent a platform owner to hold users accountable in case of malicious behaviour. Revocable anonymity offers a compromise by allowing only the manager (and not the other users) of the digital platform to de-anonymize user\u27s activities when necessary. However, such de-anonymization power can be abused too, as a misbehaving manager can de-anonymize all the activities without user\u27s awareness. Previous work propose to mitigate this issue by distributing the de-anonymization power across several entities. However, there is no comprehensive and formal treatment where both accountability and non-frameability (i.e., the inability to falsely accuse a party of misbehavior) for both the user and the manager are explicitly defined and provably achieved. In this paper we formally define mutual accountability: a user can be held accountable for her otherwise anonymous digital actions and a manager is held accountable for every de-anonymization attempt; plus, no honest party can be framed -- regardless of what malicious parties do. Instead of distributing the de-anonymization power across entities, instead, we decouple the power of de-anonymization from the power of monitoring de-anonymization attempts. This allows for greater flexibility, particularly in the choice of the monitoring entities. We show that our framework can be instantiated generically from threshold encryption schemes and succinct non-interactive zero-knowledge. We also show that the highly-efficient threshold group signature scheme by Camenisch et al.(SCN\u2720) can be modified and extended to instantiate our framework

Baloo: Nearly Optimal Lookup Arguments

We present Baloo, the first protocol for lookup tables where the prover work is linear on the amount of lookups and independent of the size of the table. Baloo is built over the lookup arguments of Caulk and Caulk+, and the framework for linear relations of Rafols and Zapico. Our protocol supports commit-and-prove expansions: the prover selects the subtable containing the elements used in the lookup, that is unknown to the verifier, commits to it and later prove relation with the committed element. This feature makes Baloo especially suitable for prover input-ouput relations on hash functions, and in particular to instantiate the Ethereum Virtual Machine (EVM)

Linear-map Vector Commitments and their Practical Applications

Vector commitments (VC) are a cryptographic primitive that allow one to commit to a vector and then “open” some of its positions efficiently. Vector commitments are increasingly recognized as a central tool to scale highly decentralized networks of large size and whose content is dynamic. In this work, we examine the demands on the properties that an ideal vector commitment should satisfy in the light of the emerging plethora of practical applications and propose new constructions that improve the state-of-the-art in several dimensions and offer new tradeoffs. We also propose a unifying framework that captures several constructions and show how to generically achieve some properties from more basic ones. On the practical side, we focus on building efficient schemes that do not require new trusted setup (we can reuse existing ceremonies for pairing-based “powers of tau” run by real-world systems such as ZCash or Filecoin). Our (in-progress) implementation demonstrates that our work over-performs in efficiency prior schemes with same properties

Caulk: Lookup Arguments in Sublinear Time

We present position-hiding linkability for vector commitment schemes: one can prove in zero knowledge that one or $m$ values that comprise commitment cm all belong to the vector of size $N$ committed to in C. Our construction Caulk can be used for membership proofs and lookup arguments and outperforms all existing alternatives in prover time by orders of magnitude. For both single- and multi-membership proofs Caulk beats SNARKed Merkle proofs by the factor of 100 even if the latter instantiated with Poseidon hash. Asymptotically our prover needs $O(m^2 + m\log N)$ time to prove a batch of $m$ openings, whereas proof size is $O(1)$ and verifier time is $O(\log(\log N))$. As a lookup argument, Caulk is the first scheme with prover time sublinear in the table size, assuming $O(N\log N)$ preprocessing time and $O(N)$ storage. It can be used as a subprimitive in verifiable computation schemes in order to drastically decrease the lookup overhead. Our scheme comes with a reference implementation and benchmarks

Algebraic techniques for universal succinct arguments

In this thesis, we make theoretical and practical contributions to the design of succinct arguments with universal setups in the pairing-based setting. We first introduce a new primitive, Checkable Subspace Sampling (CSS) schemes, and use it to build a framework for designing zero-knowledge succinct arguments of knowledge (zkSNARKs) for NP-complete problems. We present several instantiations of CSS that lead to zkSNARKs whose efficiency is competitive, and in most of the cases superior to all previous constructions in the state-of-the-art. Our second contribution is to present a framework for constructing Linear-Map Vector Commitment schemes with updatability and unbounded aggregation from simpler arguments, that prove a committed vector satisfies an inner product relation. We present two constructions of such arguments, that can be used as building blocks in many different succinct arguments, and the first pairing-based maintainable linear-map vector commitment scheme with flexible space/time trade-offs in the univariate, universal SRS model. Finally, we introduce the definition of Position-Hiding linkability for vector commitments and the first scheme that achieves logarithmic prover and constant proof for membership proofs and lookup tables.En esta tesis, contribuímos en los ámbitos práctico y teórico al desarrollo de argumentos sucintos en grupos bilineales y con parámetros universales. Como primer resultado, definimos esquemas verificables de sampleo en un subespacio (CSS), y los empleamos en la construcción de un marco para el diseño de argumentos de conocimiento, sucintos, no interactivos y de conocimiento nulo (zkSNARKs) para problemas NP completos. Asimismo, presentamos diversos esquemas CSS que conducen a zkSNARKs cuya eficiencia es competitiva, y en la mayoria de los casos superior, a la de todas las construcciones existentes en la literatura. Nuestra segunda contribución es un marco para el diseño de esquemas de compromiso a vectores para mapeos lineales que permite actualizar y agregar pruebas, a partir de argumentos más simples que prueban a partir de su compromiso, que un vector satisface una relación de producto interno. Presentamos dos construcciones de este tipo de argumentos, que pueden ser usadas en diferentes esquemas sucintos, y el primer argumento que, en el escenario de los grupos bilineales con parámetros universales y univariados, permite al probador elegir de manera flexible un equilibrio entre el coste en tiempo y espacio, y actualizar eficientemente las pruebas almacenadas. Finalmente, definimos enlazabilidad con conocimiento nulo para esquemas de compromiso a vectores y el primer esquema con probador logarítmico y prueba de tamaño constante para argumentos de pertenencia a un conjunto y tablas de búsqueda.En aquesta tesi, contribuïm en els àmbits pràctic i teòric al desenvolupament d’arguments succints en grups bilineals i amb paà`metres universals. Com a primer resultat, definim esquemes verificables de sample en un subespai (CSS), i els fem servir en la construcció d’un marc per al disseny d’arguments de coneixement, succints, no interactius i de coneixement nul (zkSNARKs) per a problemes NP complets. Així mateix, presentem diversos esquemes CSS que condueixen a zkSNARKs l’eficincia dels quals és competitiva, i en la majoria dels casos superior, a la de totes les construccions existents a la literatura. La nostra segona contribucioó és un marc per al disseny d’esquemes de compromís a vectors per a mapeigs lineals que permet actualitzar i afegir proves, a partir d’arguments més simples que proven a partir del seu compromís, que un vector satisfà una relació de producte intern. Presentem dues construccions d’aquest tipus d’arguments, que poden ser usades en diferents esquemes succints, i el primer argument que, a l’escenari dels grups bilineals amb paràmetres universals i univariats, permet al provador escollir de manera flexible un equilibri entre el cost en temps i espai, i actualitzar eficientment les proves emmagatzemades. Finalment, definim enllaabilitat amb conoixement nul a esquemes de compromís a vectors i el primer esquema amb provador local i prova de mida constant per a arguments de pertinença a un conjunt i taules de cerca