Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Smart Contracts for Bribing Miners Kapitel lesen Erstes Kapitel lesen

2019 | OriginalPaper | Buchkapitel

A Multi-party Protocol for Constructing the Public Parameters of the Pinocchio zk-SNARK

verfasst von : Sean Bowe, Ariel Gabizon, Matthew D. Green

Erschienen in: Financial Cryptography and Data Security

Verlag: Springer Berlin Heidelberg

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Recent efficient constructions of zero-knowledge Succinct Non-interactive Arguments of Knowledge (zk-SNARKs), require a setup phase in which a common-reference string (CRS) with a certain structure is generated. This CRS is sometimes referred to as the public parameters of the system, and is used for constructing and verifying proofs. A drawback of these constructions is that whomever runs the setup phase subsequently possesses trapdoor information enabling them to produce fraudulent pseudoproofs.
Building on a work of Ben-Sasson, Chiesa, Green, Tromer and Virza [BCG+15], we construct a multi-party protocol for generating the CRS of the Pinocchio zk-SNARK [PHGR16], such that as long as at least one participating party is not malicious, no party can later construct fraudulent proofs except with negligible probability. The protocol also provides a strong zero-knowledge guarantee even in the case that all participants are malicious.
This method has been used in practice to generate the required CRS for the Zcash cryptocurrency blockchain.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Confidential Assets
Nächstes Kapitel Analysis of the Bitcoin UTXO Set
Fußnoten
1
Thanks to Eran Tromer for pointing this out, and more generally the connection to subversion zero-knowledge. We note that if one wishes to run the protocol with one player, transcript verification can stay the same, but the player should be altered to take advantage of field rather than group operations when possible for better efficiency.
 
2
In the actual code a more complex set of elements is used that can be efficiently derived from \(\mathsf {elements}_{i}\), as described in the full version. The reason we use the more complex set is that it potentially provides more security as it contains less information about \(\mathsf {secrets} _i\). However, the proof works as well with this definition of \(\mathsf {e}_{i} \) and it provides a significantly simpler presentation. We explain in the full version the slight modification for protocol and proof for using the more complex element set.
 
3
The checks below could be simplified if we had also used https://static-content.springer.com/image/chp%3A10.1007%2F978-3-662-58820-8_5/480866_1_En_5_IEq280_HTML.gif . We do not use it as in the actual code, as explained in the full version, we do not have a https://static-content.springer.com/image/chp%3A10.1007%2F978-3-662-58820-8_5/480866_1_En_5_IEq281_HTML.gif .
 
4
A technicality is that in the protocol description in [BCTV14] \(Z(\tau )\cdot g_2\) is appended with index \(m+2\) in \(\mathbf {B_2} \), and \(Z(\tau )\cdot g_1\) is appended in index \(m+3\) in C. However in the actual libsnark code, they are appended in index \(m+1\), and the prover algorithm is slightly modified to take this into account. But for the security proof we assume later on as in [BCTV14] that \(A_{m+1}=C_{m+3} =Z(\tau )\cdot g_1\), \(B_{m+2} = Z(\tau )\cdot g_2\), \(A_{m+2},A_{m+3},B_{m+1},B_{m+3},C_{m+1},C_{m+2}=0\).
 
Literatur
[ABLZ17]
[BCG+15]
Ben-Sasson, E., Chiesa, A., Green, M., Tromer, E., Virza, M.: Secure sampling of public parameters for succinct zero knowledge proofs. In: 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, 17–21 May 2015, pp. 287–304 (2015)
[BCTV14]
Ben-Sasson, E., Chiesa, A., Tromer, E., Virza, M.: Succinct non-interactive zero knowledge for a von neumann architecture. In: Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, 20–22 Aug 2014, pp. 781–796 (2014)
[BFS16]
Bellare, M., Fuchsbauer, G., Scafuro, A.: Nizks with an untrusted CRS: security in the face of parameter subversion. IACR Cryptology ePrint Archive 2016:372 (2016)
[BGM17]
Bowe, S., Gabizon, A., Miers, I.: Scalable multi-party computation for zk-SNARK parameters in the random beacon model (2017)
[CGGN17]
Campanelli, M., Gennaro, R., Goldfeder, S., Nizzardo, L.: Zero-knowledge contingent payments revisited: attacks and payments for services. In: ACM Communications (2017)
[Fuc17]
[lib]
[PHGR16]
Parno, B., Howell, J., Gentry, C., Raykova, M.: Pinocchio: nearly practical verifiable computation. Commun. ACM 59(2), 103–112 (2016)CrossRef
[Sch89]
[Wil]
Metadaten
Titel
A Multi-party Protocol for Constructing the Public Parameters of the Pinocchio zk-SNARK
verfasst von
Sean Bowe
Ariel Gabizon
Matthew D. Green
Copyright-Jahr
2019
Verlag
Springer Berlin Heidelberg
Buch
Financial Cryptography and Data Security

Print ISBN: 978-3-662-58819-2

Electronic ISBN: 978-3-662-58820-8

Copyright-Jahr: 2019

DOI
https://doi.org/10.1007/978-3-662-58820-8_5