Skip to Main content Skip to Navigation
Conference papers

Subversion-Zero-Knowledge SNARKs

Georg Fuchsbauer 1
1 CASCADE - Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities
Inria de Paris, CNRS - Centre National de la Recherche Scientifique : UMR 8548, DI-ENS - Département d'informatique de l'École normale supérieure
Abstract : Subversion zero knowledge for non-interactive proof systems demands that zero knowledge (ZK) be maintained even when the common reference string (CRS) is chosen maliciously. SNARKs are proof systems with succinct proofs, which are at the core of the cryptocurrency Zcash, whose anonymity relies on ZK-SNARKs; they are also used for ZK contingent payments in Bitcoin. We show that under a plausible hardness assumption, the most efficient SNARK schemes proposed in the literature, including the one underlying Zcash and contingent payments, satisfy subversion ZK or can be made to at very little cost. In particular, we prove subversion ZK of the original SNARKs by Gennaro et al. and the almost optimal construction by Groth; for the Pinocchio scheme implemented in libsnark we show that it suffices to add 4 group elements to the CRS. We also argue informally that Zcash is anonymous even if its parameters were set up maliciously.
Document type :
Conference papers
Complete list of metadata
Contributor : Georg Fuchsbauer <>
Submitted on : Friday, September 7, 2018 - 9:34:42 AM
Last modification on : Thursday, July 1, 2021 - 5:58:08 PM




Georg Fuchsbauer. Subversion-Zero-Knowledge SNARKs. PKC 2018 - 21st IACR International Conference on Practice and Theory of Public-Key Cryptography, Mar 2018, Rio de Jaineiro, Brazil. pp.315-347, ⟨10.1007/978-3-319-76578-5_11⟩. ⟨hal-01869978⟩



Record views