On the size of pairing-based non-interactive arguments

J Groth - Advances in Cryptology–EUROCRYPT 2016: 35th …, 2016 - Springer
Non-interactive arguments enable a prover to convince a verifier that a statement is true.
Recently there has been a lot of progress both in theory and practice on constructing highly …

Quadratic span programs and succinct NIZKs without PCPs

R Gennaro, C Gentry, B Parno, M Raykova - Advances in Cryptology …, 2013 - Springer
We introduce a new characterization of the NP complexity class, called Quadratic Span
Programs (QSPs), which is a natural extension of span programs defined by Karchmer and …

Snarky signatures: Minimal signatures of knowledge from simulation-extractable SNARKs

J Groth, M Maller - Annual International Cryptology Conference, 2017 - Springer
We construct a pairing based simulation-extractable SNARK (SE-SNARK) that consists of
only 3 group elements and has highly efficient verification. By formally linking SE-SNARKs to …

Updatable and universal common reference strings with applications to zk-SNARKs

J Groth, M Kohlweiss, M Maller, S Meiklejohn… - Annual International …, 2018 - Springer
By design, existing (pre-processing) zk-SNARKs embed a secret trapdoor in a relation-
dependent common reference strings (CRS). The trapdoor is exploited by a (hypothetical) …

An algebraic framework for Diffie–Hellman assumptions

A Escala, G Herold, E Kiltz, C Ràfols, J Villar - Journal of cryptology, 2017 - Springer
We put forward a new algebraic framework to generalize and analyze Diffie–Hellman like
decisional assumptions which allows us to argue about security and applications by …

Efficient non-interactive proof systems for bilinear groups

J Groth, A Sahai - Advances in Cryptology–EUROCRYPT 2008: 27th …, 2008 - Springer
Non-interactive zero-knowledge proofs and non-interactive witness-indistinguishable proofs
have played a significant role in the theory of cryptography. However, lack of efficiency has …

Zero-knowledge using garbled circuits: how to prove non-algebraic statements efficiently

M Jawurek, F Kerschbaum, C Orlandi - Proceedings of the 2013 ACM …, 2013 - dl.acm.org
Zero-knowledge protocols are one of the fundamental concepts in modern cryptography and
have countless applications. However, after more than 30 years from their introduction, there …

Fully anonymous group signatures without random oracles

J Groth - Advances in Cryptology–ASIACRYPT 2007: 13th …, 2007 - Springer
We construct a new group signature scheme using bilinear groups. The group signature
scheme is practical, both keys and group signatures consist of a constant number of group …

Tightly secure signatures and public-key encryption

D Hofheinz, T Jager - Designs, Codes and Cryptography, 2016 - Springer
We construct the first public-key encryption (PKE) scheme whose chosen-ciphertext (ie, IND-
CCA) security can be proved under a standard assumption and does not degrade in either …

P-signatures and noninteractive anonymous credentials

M Belenkiy, M Chase, M Kohlweiss… - Theory of Cryptography …, 2008 - Springer
In this paper, we introduce P-signatures. A P-signature scheme consists of a signature
scheme, a commitment scheme, and (1) an interactive protocol for obtaining a signature on …