TY - GEN
T1 - Universal SNARGs for NP from Proofs of Correctness
AU - Jin, Zhengzhong
AU - Kalai, Yael Tauman
AU - Lombardi, Alex
AU - Mathialagan, Surya
N1 - Publisher Copyright:
© 2025 Owner/Author.
PY - 2025/6/15
Y1 - 2025/6/15
N2 - We give new constructions of succinct non-interactive arguments (SNARGs) for NP in the settings of both non-adaptive and adaptive soundness. Our construction of non-adaptive SNARG is universal assuming the security of a (leveled or unleveled) fully homomorphic encryption (FHE) scheme as well as a batch argument (BARG) scheme. Specifically, for any choice of parameters l and L, we construct a candidate SNARG scheme for any NP language L with the following properties: (i) the proof length is l ·poly(γ), (ii) the common reference string crs has length ϵ ·poly(γ), and (iii) the setup is transparent (no private randomness). We prove that this SNARG has non-adaptive soundness assuming the existence of any SNARG where the proof size isl, the crssize is L, and there is a size L Extended Frege (EF) proof of completeness for the SNARG. Moreover, we can relax the underlying SNARG to be any 2- message privately verifiable argument where the first message is of length L and the second message is of length l. This yields new SNARG constructions based on any "EF-friendly"designatedverifier SNARG or witness encryption scheme. We emphasize that our SNARG is universal in the sense that it does not depend on the argument system. We show several new implications of this construction that do not reference proof complexity: (1) a non-adaptive SNARG for NP with transparent crs from LWE under the evasive LWE heuristic. This gives a candidate lattice-based SNARG for NP. (2) a nonadaptive SNARG for NP with transparent crs assuming the (nonexplicit) existence of any iO and LWE. (3) a non-adaptive SNARG for NP with a short and transparent (i.e., uniform) crs assuming LWE, FHE and the (non-explicit) existence of any hash function that makes Micali's SNARG construction sound. (4) a non-adaptive SNARG for languages such as QR and DCR assuming only LWE. In the setting of adaptive soundness, we show how to convert any designated verifier SNARG into publicly verifiable SNARG, assuming the underlying designated verifier SNARG has an EF proof of completeness. As a corollary, we construct an adaptive SNARG for UP with a transparent crs assuming subexponential LWE under the evasive LWE heuristic. We prove our results by extending the encrypt-hash-and-BARG paradigm of [Jin-Kalai-Lombardi-Vaikuntanathan, STOC '24].
AB - We give new constructions of succinct non-interactive arguments (SNARGs) for NP in the settings of both non-adaptive and adaptive soundness. Our construction of non-adaptive SNARG is universal assuming the security of a (leveled or unleveled) fully homomorphic encryption (FHE) scheme as well as a batch argument (BARG) scheme. Specifically, for any choice of parameters l and L, we construct a candidate SNARG scheme for any NP language L with the following properties: (i) the proof length is l ·poly(γ), (ii) the common reference string crs has length ϵ ·poly(γ), and (iii) the setup is transparent (no private randomness). We prove that this SNARG has non-adaptive soundness assuming the existence of any SNARG where the proof size isl, the crssize is L, and there is a size L Extended Frege (EF) proof of completeness for the SNARG. Moreover, we can relax the underlying SNARG to be any 2- message privately verifiable argument where the first message is of length L and the second message is of length l. This yields new SNARG constructions based on any "EF-friendly"designatedverifier SNARG or witness encryption scheme. We emphasize that our SNARG is universal in the sense that it does not depend on the argument system. We show several new implications of this construction that do not reference proof complexity: (1) a non-adaptive SNARG for NP with transparent crs from LWE under the evasive LWE heuristic. This gives a candidate lattice-based SNARG for NP. (2) a nonadaptive SNARG for NP with transparent crs assuming the (nonexplicit) existence of any iO and LWE. (3) a non-adaptive SNARG for NP with a short and transparent (i.e., uniform) crs assuming LWE, FHE and the (non-explicit) existence of any hash function that makes Micali's SNARG construction sound. (4) a non-adaptive SNARG for languages such as QR and DCR assuming only LWE. In the setting of adaptive soundness, we show how to convert any designated verifier SNARG into publicly verifiable SNARG, assuming the underlying designated verifier SNARG has an EF proof of completeness. As a corollary, we construct an adaptive SNARG for UP with a transparent crs assuming subexponential LWE under the evasive LWE heuristic. We prove our results by extending the encrypt-hash-and-BARG paradigm of [Jin-Kalai-Lombardi-Vaikuntanathan, STOC '24].
KW - Delegation of Computation
KW - Propositional Proof Complexity
KW - SNARGs
UR - https://www.scopus.com/pages/publications/105009834341
UR - https://www.scopus.com/pages/publications/105009834341#tab=citedBy
U2 - 10.1145/3717823.3718104
DO - 10.1145/3717823.3718104
M3 - Conference contribution
AN - SCOPUS:105009834341
T3 - Proceedings of the Annual ACM Symposium on Theory of Computing
SP - 933
EP - 943
BT - STOC 2025 - Proceedings of the 57th Annual ACM Symposium on Theory of Computing
A2 - Koucky, Michal
A2 - Bansal, Nikhil
PB - Association for Computing Machinery
T2 - 57th Annual ACM Symposium on Theory of Computing, STOC 2025
Y2 - 23 June 2025 through 27 June 2025
ER -