We describe a new succinct zero-knowledge argument protocol with the following properties. The prover commits to a large data-set M, and can thereafter prove many statements of the form ∃w: Ri(M,w) = 1, where Riis a public function. The protocol is succinct in the sense that the cost for the verifier (in computation & communication) does not depend on |M|, not even in any initialization phase In each proof, the computation/communication cost for both the prover and the verifier is proportional only to the running time of an oblivious RAM program implementing Ri(in particular, this can be sublinear in |M|). The only costs that scale with |M| are the computational costs of the prover in a one-time initial commitment to M. Known sublinear zero-knowledge proofs either require an initialization phase where the work of the verifier is proportional to |M| and are therefore sublinear only in an amortized sense, or require that the computational cost for the prover is proportional to |M| upon each proof. Our protocol uses efficient crypto primitives in a black-box way and is UC-secure in the global, non-programmable random oracle, hence it does not rely on any trusted setup assumption.
CITATION STYLE
Mohassel, P., Rosulek, M., & Scafuro, A. (2017). Sublinear zero-knowledge arguments for RAM programs. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10210 LNCS, pp. 501–531). Springer Verlag. https://doi.org/10.1007/978-3-319-56620-7_18
Mendeley helps you to discover research relevant for your work.