On the Fiat-Shamir Security of FIOP-based Succinct Arguments

Abstract

We study the security of a popular paradigm for constructing SNARGs, closing a key security gap left open by prior work. The paradigm consists of two steps: first, construct a public-coin succinct interactive argument by combining a FIOP (generalized interactive oracle proof) and a FCS (functional commitment scheme); second, apply the Fiat–Shamir transformation in the random oracle model. Prior work did not consider this generalized setting nor prove the security of this second step in restricted settings. We prove that the succinct argument obtained in the first step satisfies state-restoration security, thereby ensuring that the second step does in fact yield a succinct non-interactive argument. This is provided the FIOP satisfies state-restoration security and the FCS satisfies a natural state-restoration variant of function binding (the generalization of position binding for vector commitment schemes). Moreover, we show that using our approach, one can modularly compile the Plonk IOP with the linearized KZG polynomial commitment scheme into a secure SNARG in the random oracle model.

Christian Knabenhans

Ph.D. student in security and privacy

Doctoral student at EPFL. Applied cryptography, privacy-enhancing technologies, useable security.