CryptoDB
Designated-Verifier SNARGs with One Group Element
| Authors: |
|
|---|---|
| Download: | |
| Presentation: | Slides |
| Conference: | CRYPTO 2025 |
| Abstract: | We revisit the question of minimizing the proof length of designated-verifier succinct non-interactive arguments (dv-SNARGs) in the generic group model. Barta et al.~(Crypto 2020) constructed such dv-SNARGs with inverse-polynomial soundness in which the proof consists of only two group elements. For negligible soundness, all previous constructions required a super-constant number of group elements. We show that one group element suffices for negligible soundness. Concretely, we obtain dv-SNARGs (in fact, dv-SNARKs) with $2^{-\tau}$ soundness where proofs consist of one element of a generic group $\mathbb G$ and $O(\tau)$ additional bits. In particular, the proof length in group elements is constant even with $1/|\mathbb G|$ soundness error. Compared to the best known SNARGs using {\em bilinear} groups, our concrete proof size is roughly $2$x shorter (with $2^{-80}$ soundness against $2^{128}$-time provers). Our technical approach is based on a novel combination of techniques for trapdoor hash functions and group-based homomorphic secret sharing with linear multi-prover interactive proofs. |
BibTeX
@inproceedings{crypto-2025-35688,
title={Designated-Verifier SNARGs with One Group Element},
publisher={Springer-Verlag},
author={Gal Arnon and Jesko Dujmovic and Yuval Ishai},
year=2025
}