On 13 August 2020 at 2.15 p.m., in Zoom room, Karim Baghery will defend his thesis „Reducing Trust and Improving Security in zk-SNARKs and Commitments” for obtaining the degree of Doctor of Philosophy (Computer Science).
Prof. Helger Lipmaa (Institute of Computer Science UT and Simula UiB Norway);
Prof. Markulf Kohlweiss (University of Edinburgh, UK);
Prof. Georg Fuchsbauer (Technische Universität Wien, Austria).
Zero-knowledge Succinct Non-interactive ARguments of Knowledge (zk-SNARKs) are an efficient family of NIZK proof systems that are constructed in the Common Reference String (CRS) model and due to their succinct proofs and very efficient verification, they are widely adopted in large-scale practical applications. In this thesis, we study zk-SNARKs from two perspectives, namely reducing trust and improving security in them. In the first direction, we investigate how much one can mitigate trust in pairing- based zk-SNARKs without sacrificing their efficiency. In such constructions, the parties of protocol will obtain a certain level of security even if the setup phase was done maliciously or the secret information of the setup phase was revealed. As a result of this direction, we present some efficient constructions that can resist against subverting of the setup phase of zk-SNARKs and achieve a certain level of security which is stronger than before. We also show that similar techniques will allow us to mitigate the trust in the trapdoor commitment schemes that are another prominent family of cryptographic primitives that require a trusted setup phase. In the second direction, we present some efficient constructions that achieve more security with minimal overhead. Some of the presented constructions allow to simplify the construction of current UC- secure protocols and improve their efficiency. New constructions can be directly deployed in any novel protocols that aim to use zk-SNARKs. Some of the proposed zk-SNARKs are implemented in Libsnark, the state-of-the-art library for zk-SNARKs, and empirical experiences confirm that the computational cost to mitigate the trust or to achieve more security is practical.