Skip to main content
SpringerLink
Log in

Holographic SNARGs for P and Batch-NP from (Polynomially Hard) Learning with Errors

  • Conference paper
  • First Online:
Theory of Cryptography (TCC 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14371))

Included in the following conference series:

  • 208 Accesses

Abstract

A succinct non-interactive argument (SNARG) is called holographic if the verifier runs in time sub-linear in the input length when given oracle access to an encoding of the input. We present holographic SNARGs for P and Batch-NP under the learning with errors (LWE) assumption. Our holographic SNARG for P has a verifier that runs in time \(\textsf{poly}(\lambda , \log T, \log n)\) for T-time computations and \(n\)-bit inputs (\(\lambda \) is the security parameter), while our holographic SNARG for Batch-NP has a verifier that runs in time \(\textsf{poly}(\lambda , T, \log k)\) for k instances of T-time computations. Before this work, constructions with the same asymptotic efficiency were known in the designated-verifier setting or under the sub-exponential hardness of the LWE assumption. We obtain our holographic SNARGs (in the public-verification setting under the polynomial hardness of the LWE assumption) by constructing holographic SNARGs for certain hash computations and then applying known/trivial transformations.

As an application, we use our holographic SNARGs to weaken the assumption needed for a recent public-coin 3-round zero-knowledge (ZK) argument [Kiyoshima, CRYPTO 2022]. Specifically, we use our holographic SNARGs to show that a public-coin 3-round ZK argument exists under the same assumptions as the state-of-the-art private-coin 3-round ZK argument [Bitansky et al., STOC 2018].

This work was done while the author was a member of NTT Research.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    In SNARGs for Batch-NP computations, a statement consists of multiple instances of an NP language, and the prover tries to convince the verifier that all the instances belong to the language. The communication complexity and the verification time are required to be smaller than the naive check.

  2. 2.

    The holographic property has also been considered for interactive oracle proofs (IOPs) [7, 8] and interactive proofs/arguments [5, 15]. The term “holography” was initially used in the context of probabilistically checkable proofs (PCPs) [1].

  3. 3.

    For the definition of low-degree extensions, see, e.g., [14].

  4. 4.

    Most of the existing schemes (e.g., [21, 28, 31, 33]) are also (implicitly) designed for RAM computations and are non-holographic for the same reason.

  5. 5.

    In this overview, we view \(\textsf{rt}_i\) as a hash of a vector that consists of \(2^i\) blocks, where each block is a \(\lambda \)-bit string. Thus, \(\textsf{SEH}\mathsf {.}\textsf{Ext}\) extracts a \(\lambda \)-bit string as the \(\sigma \)-th position of the pre-image. .

  6. 6.

    \(S_i\) is efficiently verifiable by a circuit that has \(\{\textsf{td}_{\textbf{u}} \}_{\textbf{u}\in \mathbb {F}^{m_{\lambda }}}\) and \(\{\widehat{x}(\textbf{u}, \textbf{v}^*) \}_{\textbf{u}\in \mathbb {F}^{m_{\lambda }}}\) as hardwired inputs.

  7. 7.

    The definition is slightly modified in that the size of \(C\) is required to be bounded by T rather than an arbitrary polynomial.

  8. 8.

    For convenience, we use a slightly weaker bound than prior works [25], where the bound is \(O(L_{\pi }) + n\cdot \textsf{poly}(\lambda )\).

  9. 9.

    If not, it suffices to additionally use any LWE-based somewhere extractable hash function family (cf. Theorem 2) as a building block in our scheme.

  10. 10.

    E.g, \(|\mathbb {H} |=\lceil \log N \rceil \), \(|\mathbb {F} |=\textsf{poly}(|\mathbb {H} |)\), and \(m= \lceil \log _{|\mathbb {H} |}N \rceil \).

  11. 11.

    The concrete requirements about \(\textsf{poly}_X\), \(\textsf{poly}_Y\), \(\textsf{poly}_T\), and \(\rho \) are determined based on \(\textsf{SEH}\) and \(\textsf{param}_{\textrm{LDE}}\) (cf. the proof of Claim 2).

  12. 12.

    In \(\textsf{SEH}\text {-}\textsf{Del}\) and \(\textsf{SEH}\text {-}\textsf{Del}_{\textrm{sub}}\), \(\textsf{SEH}\) is used for strings over a finite field (cf. Sect. 3.3).

  13. 13.

    The recursive structure of \(\textsf{SEH}\text {-}\textsf{Del}_{\textrm{sub}}\) is the reason why we define it w.r.t. strings over finite fields.

References

  1. Babai, L., Fortnow, L., Levin, L.A., Szegedy, M.: Checking computations in polylogarithmic time. In: 23rd ACM STOC, pp. 21–31. ACM Press, May 1991. https://doi.org/10.1145/103418.103428

  2. Badrinarayanan, S., Kalai, Y.T., Khurana, D., Sahai, A., Wichs, D.: Succinct delegation for low-space non-deterministic computation. In: Diakonikolas, I., Kempe, D., Henzinger, M. (eds.) 50th ACM STOC, pp. 709–721. ACM Press, June 2018. https://doi.org/10.1145/3188745.3188924

  3. Bitansky, N., Kalai, Y.T., Paneth, O.: Multi-collision resistance: a paradigm for keyless hash functions. In: Diakonikolas, I., Kempe, D., Henzinger, M. (eds.) 50th ACM STOC, pp. 671–684. ACM Press, June 2018. https://doi.org/10.1145/3188745.3188870

  4. Brakerski, Z., Holmgren, J., Kalai, Y.T.: Non-interactive delegation and batch NP verification from standard computational assumptions. In: Hatami, H., McKenzie, P., King, V. (eds.) 49th ACM STOC, pp. 474–482. ACM Press, June 2017. https://doi.org/10.1145/3055399.3055497

  5. Bronfman, L., Rothblum, R.D.: PCPs and instance compression from a cryptographic lens. In: Braverman, M. (ed.) 13th Innovations in Theoretical Computer Science Conference (ITCS 2022). Leibniz International Proceedings in Informatics (LIPIcs), vol. 215, pp. 30:1–30:19. Schloss Dagstuhl - Leibniz-Zentrum für Informatik, Dagstuhl, Germany (2022). https://doi.org/10.4230/LIPIcs.ITCS.2022.30. https://drops.dagstuhl.de/opus/volltexte/2022/15626

  6. Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. J. ACM 51(4), 557–594 (2004). https://doi.org/10.1145/1008731.1008734

    Article  MathSciNet  MATH  Google Scholar 

  7. Chiesa, A., Hu, Y., Maller, M., Mishra, P., Vesely, N., Ward, N.: Marlin: preprocessing zkSNARKs with universal and updatable SRS. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12105, pp. 738–768. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45721-1_26

    Chapter  Google Scholar 

  8. Chiesa, A., Ojha, D., Spooner, N.: Fractal: post-quantum and transparent recursive proofs from holography. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12105, pp. 769–793. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45721-1_27

    Chapter  Google Scholar 

  9. Choudhuri, A.R., Jain, A., Jin, Z.: Non-interactive batch arguments for NP from standard assumptions. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12828, pp. 394–423. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84259-8_14

    Chapter  Google Scholar 

  10. Choudhuri, A.R., Jain, A., Jin, Z.: SNARGs for \(\cal{{P}} \) from LWE. Cryptology ePrint Archive, Report 2021/808, Version 20211108:181325 (2021). https://eprint.iacr.org/2021/808. An extended version of [11]

  11. Choudhuri, A.R., Jain, A., Jin, Z.: SNARGs for \(\cal{P} \) from LWE. In: 62nd FOCS, pp. 68–79. IEEE Computer Society Press, February 2022. https://doi.org/10.1109/FOCS52979.2021.00016

  12. Chung, K.-M., Kalai, Y.T., Liu, F.-H., Raz, R.: Memory delegation. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 151–168. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22792-9_9

    Chapter  Google Scholar 

  13. Devadas, L., Goyal, R., Kalai, Y., Vaikuntanathan, V.: Rate-1 non-interactive arguments for batch-NP and applications. In: 63rd FOCS, pp. 1057–1068. IEEE Computer Society Press, October/November 2022. https://doi.org/10.1109/FOCS54457.2022.00103

  14. Goldwasser, S., Kalai, Y.T., Rothblum, G.N.: Delegating computation: interactive proofs for muggles. J. ACM 62(4), 27:1–27:64 (2015)

    Google Scholar 

  15. Gur, T., Rothblum, R.D.: A hierarchy theorem for interactive proofs of proximity. In: Papadimitriou, C.H. (ed.) ITCS 2017, vol. 4266, pp. 39:1–39:43. LIPIcs, 67, January 2017. https://doi.org/10.4230/LIPIcs.ITCS.2017.39

  16. Holmgren, J., Lombardi, A., Rothblum, R.D.: Fiat-Shamir via list-recoverable codes (or: Parallel repetition of GMW is not zero-knowledge). Cryptology ePrint Archive, Report 2021/286, Version 20210307:022349 (2021). https://eprint.iacr.org/2021/286. An extended version of [17]

  17. Holmgren, J., Lombardi, A., Rothblum, R.D.: Fiat-Shamir via list-recoverable codes (or: parallel repetition of GMW is not zero-knowledge). In: Khuller, S., Williams, V.V. (eds.) 53rd ACM STOC, p. 750–760. ACM Press, June 2021. https://doi.org/10.1145/3406325.3451116

  18. Holmgren, J., Rothblum, R.: Delegating computations with (almost) minimal time and space overhead. In: Thorup, M. (ed.) 59th FOCS, pp. 124–135. IEEE Computer Society Press, October 2018. https://doi.org/10.1109/FOCS.2018.00021

  19. Hsiao, C.Y., Reyzin, L.: Finding collisions on a public road, or do secure hash functions need secret coins? In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 92–105. Springer, Heidelberg (Aug 2004). https://doi.org/10.1007/978-3-540-28628-8_6

  20. Hubacek, P., Wichs, D.: On the communication complexity of secure function evaluation with long output. In: Roughgarden, T. (ed.) ITCS 2015, pp. 163–172. ACM, January 2015. https://doi.org/10.1145/2688073.2688105

  21. Hulett, J., Jawale, R., Khurana, D., Srinivasan, A.: SNARGs for P from sub-exponential DDH and QR. In: Dunkelman, O., Dziembowski, S. (eds.) EUROCRYPT 2022, Part II. LNCS, vol. 13276, pp. 520–549. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-07085-3_18

  22. Jawale, R., Kalai, Y.T., Khurana, D., Zhang, R.Y.: SNARGs for bounded depth computations and PPAD hardness from sub-exponential LWE. In: Khuller, S., Williams, V.V. (eds.) 53rd ACM STOC, pp. 708–721. ACM Press, June 2021. https://doi.org/10.1145/3406325.3451055

  23. Kalai, Y., Paneth, O., Yang, L.: How to delegate computations publicly. Cryptology ePrint Archive, Report 2019/603, Version 20190602:113205 (2019). https://eprint.iacr.org/2019/603. An extended version of [25]

  24. Kalai, Y.T., Paneth, O.: Delegating RAM computations. In: Hirt, M., Smith, A.D. (eds.) TCC 2016-B, Part II. LNCS, vol. 9986, pp. 91–118. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53644-5_4

  25. Kalai, Y.T., Paneth, O., Yang, L.: How to delegate computations publicly. In: Charikar, M., Cohen, E. (eds.) 51st ACM STOC, pp. 1115–1124. ACM Press, June 2019. https://doi.org/10.1145/3313276.3316411

  26. Kalai, Y.T., Raz, R., Rothblum, R.D.: How to delegate computations: the power of no-signaling proofs. J. ACM 69(1), 1–82 (2022). https://doi.org/10.1145/3456867

    Article  MathSciNet  MATH  Google Scholar 

  27. Kalai, Y.T., Rothblum, R.D.: Arguments of proximity - [extended abstract]. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 422–442. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48000-7_21

    Chapter  Google Scholar 

  28. Kalai, Y.T., Vaikuntanathan, V., Zhang, R.Y.: Somewhere statistical soundness, post-quantum security, and SNARGs. In: Nissim, K., Waters, B. (eds.) TCC 2021, Part I. LNCS, vol. 13042, pp. 330–368. Springer, Heidelberg (2021). https://doi.org/10.1007/978-3-030-90459-3_12

  29. Kilian, J.: A note on efficient zero-knowledge proofs and arguments (extended abstract). In: 24th ACM STOC, pp. 723–732. ACM Press, May 1992. https://doi.org/10.1145/129712.129782

  30. Kiyoshima, S.: Public-coin 3-round zero-knowledge from Learning with Errors and keyless multi-collision-resistant hash. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022, Part I. LNCS, vol. 13507, pp. 444–473. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-15802-5_16

  31. Paneth, O., Pass, R.: Incrementally verifiable computation via rate-1 batch arguments. In: 63rd FOCS, pp. 1045–1056. IEEE Computer Society Press, October/November 2022. https://doi.org/10.1109/FOCS54457.2022.00102

  32. Rothblum, G.N., Vadhan, S.P., Wigderson, A.: Interactive proofs of proximity: delegating computation in sublinear time. In: Boneh, D., Roughgarden, T., Feigenbaum, J. (eds.) 45th ACM STOC, pp. 793–802. ACM Press, June 2013. https://doi.org/10.1145/2488608.2488709

  33. Waters, B., Wu, D.J.: Batch arguments for NP and more from standard bilinear group assumptions. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022, Part II. LNCS, vol. 13508, pp. 433–463. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-15979-4_15

Download references

Author information

Authors and Affiliations

  1. NTT Social Informatics Laboratories, Tokyo, Japan

    Susumu Kiyoshima

Authors
  1. Susumu Kiyoshima
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Susumu Kiyoshima .

Editor information

Editors and Affiliations

  1. Apple, Cupertino, CA, USA

    Guy Rothblum

  2. NTT Research, Sunnyvale, CA, USA

    Hoeteck Wee

Rights and permissions

Reprints and permissions

Copyright information

© 2023 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kiyoshima, S. (2023). Holographic SNARGs for P and Batch-NP from (Polynomially Hard) Learning with Errors. In: Rothblum, G., Wee, H. (eds) Theory of Cryptography. TCC 2023. Lecture Notes in Computer Science, vol 14371. Springer, Cham. https://doi.org/10.1007/978-3-031-48621-0_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-48621-0_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-48620-3

  • Online ISBN: 978-3-031-48621-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation