On the size of pairing-based non-interactive arguments
J Groth - Advances in Cryptology–EUROCRYPT 2016: 35th …, 2016 - Springer
Non-interactive arguments enable a prover to convince a verifier that a statement is true.
Recently there has been a lot of progress both in theory and practice on constructing highly …
Recently there has been a lot of progress both in theory and practice on constructing highly …
Noninteractive zero knowledge for NP from (plain) learning with errors
C Peikert, S Shiehian - Annual International Cryptology Conference, 2019 - Springer
We finally close the long-standing problem of constructing a noninteractive zero-knowledge
(NIZK) proof system for any NP language with security based on the plain Learning With …
(NIZK) proof system for any NP language with security based on the plain Learning With …
Quadratic span programs and succinct NIZKs without PCPs
We introduce a new characterization of the NP complexity class, called Quadratic Span
Programs (QSPs), which is a natural extension of span programs defined by Karchmer and …
Programs (QSPs), which is a natural extension of span programs defined by Karchmer and …
On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption
We propose a new notion of secure multiparty computation aided by a computationally-
powerful but untrusted" cloud" server. In this notion that we call on-the-fly multiparty …
powerful but untrusted" cloud" server. In this notion that we call on-the-fly multiparty …
Candidate multilinear maps from ideal lattices
We describe plausible lattice-based constructions with properties that approximate the
sought-after multilinear maps in hard-discrete-logarithm groups, and show an example …
sought-after multilinear maps in hard-discrete-logarithm groups, and show an example …
Fiat-Shamir: from practice to theory
We give new instantiations of the Fiat-Shamir transform using explicit, efficiently computable
hash functions. We improve over prior work by reducing the security of these protocols to …
hash functions. We improve over prior work by reducing the security of these protocols to …
Universally composable security: A new paradigm for cryptographic protocols
R Canetti - Proceedings 42nd IEEE Symposium on Foundations …, 2001 - ieeexplore.ieee.org
We propose a novel paradigm for defining security of cryptographic protocols, called
universally composable security. The salient property of universally composable definitions …
universally composable security. The salient property of universally composable definitions …
Snarky signatures: Minimal signatures of knowledge from simulation-extractable SNARKs
We construct a pairing based simulation-extractable SNARK (SE-SNARK) that consists of
only 3 group elements and has highly efficient verification. By formally linking SE-SNARKs to …
only 3 group elements and has highly efficient verification. By formally linking SE-SNARKs to …
Updatable and universal common reference strings with applications to zk-SNARKs
By design, existing (pre-processing) zk-SNARKs embed a secret trapdoor in a relation-
dependent common reference strings (CRS). The trapdoor is exploited by a (hypothetical) …
dependent common reference strings (CRS). The trapdoor is exploited by a (hypothetical) …
LaBRADOR: compact proofs for R1CS from module-SIS
W Beullens, G Seiler - Annual International Cryptology Conference, 2023 - Springer
The most compact quantum-safe proof systems for large circuits are PCP-type systems such
as Ligero, Aurora, and Shockwave, that only use weak cryptographic assumptions, namely …
as Ligero, Aurora, and Shockwave, that only use weak cryptographic assumptions, namely …