| Summary: | Succinct non-interactive arguments for batch-NP computations, called BARGs (Choudhuri, Jain and Jin, STOC 2021), have emerged as a powerful tool to construct succinct non-interactive arguments (SNARGs) for expressive classes of computations such as all deterministic computations (P), time-space bounded non-deterministic computations (NTISP), and so on. A BARG gives us a way to prove k NP statements where the size of the proof (resp. the verification time) is proportional to the size of a single witness (resp. the time for a single NP verification).
We present a rate-1 construction of a publicly verifiable non-interactive argument system for batch-NP (also called a BARG), under the LWE assumption. Namely, a proof corresponding to a batch of k NP statements each with an m-bit witness, has size m + poly(λ). In contrast, prior work either relied on non-standard knowledge assumptions, or produced proofs of size m · poly(λ) (Kalai, Paneth, and Yang, STOC 2019, and Choudhuri, Jain, and Jin, STOC 2021). The soundness of our construction relies on the learning with errors (LWE) assumption.
We also observe we can obtain an incrementally verifiable computation (IVC) scheme for arbitrary deterministic computations, even beyond P; a multi-hop BARG scheme for NP; and a multi-hop aggregate signature scheme, in the standard model, with unbounded and universal aggregation. Prior to this work, IVC schemes were only known for P under a bilinear map assumption, and beyond P only under non-standard knowledge assumptions or in the random oracle model; multi-hop BARGs were only known under non-standard knowledge assumptions or in the random oracle model; and aggregate signatures were only known under indistinguishability obfuscation (and RSA) or in the random oracle model.
|
|---|