TY - GEN
T1 - SNARGs under LWE via Propositional Proofs
AU - Jin, Zhengzhong
AU - Kalai, Yael
AU - Lombardi, Alex
AU - Vaikuntanathan, Vinod
N1 - Publisher Copyright:
© 2024 Owner/Author.
PY - 2024/6/10
Y1 - 2024/6/10
N2 - We construct a succinct non-interactive argument (SNARG) system for every NP language L that has a propositional proof of non-membership, i.e. of ∉ L. The soundness of our SNARG system relies on the hardness of the learning with errors (LWE) problem. The common reference string (CRS) in our construction grows with the space required to verify the propositional proof, and the size of the proof grows poly-logarithmically in the length of the propositional proof. Unlike most of the literature on SNARGs, our result implies SNARGs for languages L with proof length shorter than logarithmic in the deterministic time complexity of L. Our SNARG improves over prior SNARGs for such "hard"NP languages (Sahai and Waters, STOC 2014, Jain and Jin, FOCS 2022) in several ways: 1) For languages with polynomial-length propositional proofs of non-membership, our SNARGs are based on a single, polynomial-time falsifiable assumption, namely LWE. 2) Our construction handles super-polynomial length propositional proofs, as long as they have bounded space, under the subexponential LWE assumption. 3) Our SNARGs have a transparent setup, meaning that no private randomness is required to generate the CRS. Moreover, our approach departs dramatically from these prior works: we show how to design SNARGs for hard languages without publishing a program (in the CRS) that has the power to verify NP witnesses. The key new idea in our construction is what we call a "locally unsatisfiable extension"of the NP verification circuit {Cx}x. We say that an NP verifier has a locally unsatisfiable extension if for every ∉L, there exists an extension Ex of Cx that is not even locally satisfiable in the sense of a local assignment generator [Paneth-Rothblum, TCC 2017]. Crucially, we allow Ex to be depend arbitrarily on x rather than being efficiently constructible. In this work, we show - via a "hash-and-BARG"for a hidden, encrypted computation - how to build SNARGs for all languages with locally unsatisfiable extensions. We additionally show that propositional proofs of unsatisfiability generically imply the existence of locally unsatisfiable extensions, which allows us to deduce our main results. As an illustrative example, our results imply a SNARG for the decisional Diffie-Hellman (DDH) language under the LWE assumption.
AB - We construct a succinct non-interactive argument (SNARG) system for every NP language L that has a propositional proof of non-membership, i.e. of ∉ L. The soundness of our SNARG system relies on the hardness of the learning with errors (LWE) problem. The common reference string (CRS) in our construction grows with the space required to verify the propositional proof, and the size of the proof grows poly-logarithmically in the length of the propositional proof. Unlike most of the literature on SNARGs, our result implies SNARGs for languages L with proof length shorter than logarithmic in the deterministic time complexity of L. Our SNARG improves over prior SNARGs for such "hard"NP languages (Sahai and Waters, STOC 2014, Jain and Jin, FOCS 2022) in several ways: 1) For languages with polynomial-length propositional proofs of non-membership, our SNARGs are based on a single, polynomial-time falsifiable assumption, namely LWE. 2) Our construction handles super-polynomial length propositional proofs, as long as they have bounded space, under the subexponential LWE assumption. 3) Our SNARGs have a transparent setup, meaning that no private randomness is required to generate the CRS. Moreover, our approach departs dramatically from these prior works: we show how to design SNARGs for hard languages without publishing a program (in the CRS) that has the power to verify NP witnesses. The key new idea in our construction is what we call a "locally unsatisfiable extension"of the NP verification circuit {Cx}x. We say that an NP verifier has a locally unsatisfiable extension if for every ∉L, there exists an extension Ex of Cx that is not even locally satisfiable in the sense of a local assignment generator [Paneth-Rothblum, TCC 2017]. Crucially, we allow Ex to be depend arbitrarily on x rather than being efficiently constructible. In this work, we show - via a "hash-and-BARG"for a hidden, encrypted computation - how to build SNARGs for all languages with locally unsatisfiable extensions. We additionally show that propositional proofs of unsatisfiability generically imply the existence of locally unsatisfiable extensions, which allows us to deduce our main results. As an illustrative example, our results imply a SNARG for the decisional Diffie-Hellman (DDH) language under the LWE assumption.
KW - Delegation of Computation
KW - Propositional Proof Complexity
KW - SNARGs
UR - http://www.scopus.com/inward/record.url?scp=85196637776&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85196637776&partnerID=8YFLogxK
U2 - 10.1145/3618260.3649770
DO - 10.1145/3618260.3649770
M3 - Conference contribution
AN - SCOPUS:85196637776
T3 - Proceedings of the Annual ACM Symposium on Theory of Computing
SP - 1750
EP - 1757
BT - STOC 2024 - Proceedings of the 56th Annual ACM Symposium on Theory of Computing
A2 - Mohar, Bojan
A2 - Shinkar, Igor
A2 - O�Donnell, Ryan
PB - Association for Computing Machinery
T2 - 56th Annual ACM Symposium on Theory of Computing, STOC 2024
Y2 - 24 June 2024 through 28 June 2024
ER -