Paper 2024/994

On Knowledge-Soundness of Plonk in ROM from Falsifiable Assumptions

Helger Lipmaa, University of Tartu
Roberto Parisella, Simula UiB
Janno Siim, Simula UiB, University of Tartu
Abstract

Lipmaa, Parisella, and Siim [Eurocrypt, 2024] proved the extractability of the KZG polynomial commitment scheme under the falsifiable assumption ARSDH. They also showed that variants of real-world zk-SNARKs like Plonk can be made knowledge-sound in the random oracle model (ROM) under the ARSDH assumption. However, their approach did not consider various batching optimizations, resulting in their variant of Plonk having approximately $3.5$ times longer argument. Our contributions are: (1) We prove that several batch-opening protocols for KZG, used in modern zk-SNARKs, have computational special-soundness under the ARSDH assumption. (2) We prove that interactive Plonk has computational special-soundness under the ARSDH assumption and a new falsifiable assumption SplitRSDH. We also prove that two minor modifications of the interactive Plonk have computational special-soundness under only the ARSDH and a simpler variant of SplitRSDH. We define a new type-safe oracle framework of the AGMOS (AGM with oblivious sampling) and prove SplitRSDH is secure in it. The Fiat-Shamir transform can be applied to obtain non-interactive versions, which are secure in the ROM under the same assumptions.

Note: Mostly improvements in presentation compared to the previous version

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
A minor revision of an IACR publication in CRYPTO 2025
Keywords
BatchingKZGPlonkspecial-soundnesszk-SNARKs
Contact author(s)
helger lipmaa @ gmail com
robertoparisella @ hotmail it
jannosiim @ gmail com
History
2025-07-10: last of 2 revisions
2024-06-20: received
See all versions
Short URL
https://ia.cr/2024/994
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/994,
      author = {Helger Lipmaa and Roberto Parisella and Janno Siim},
      title = {On Knowledge-Soundness of Plonk in {ROM} from Falsifiable Assumptions},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/994},
      year = {2024},
      url = {https://eprint.iacr.org/2024/994}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.