Breakout Session: Security assumptions underpinning zero-knowledge proofs

Relevant to that breakout, here is a blog post I wrote about the relation between the algebraic and generic group model


Thanks Ariel, this is a great post! Here is the abstract for the breakout session, as per the moderators.

Title: Security assumptions underpinning zero-knowledge proofs

Abstract: The security of zero-knowledge proofs rely on an expectation that certain tasks are infeasible for attackers, for instance, that they are unlikely to find a collision for a hash function. To maximize efficiency, succinct zero-knowledge proofs often rely on “strong” assumptions such as knowledge-of-exponent assumptions or idealized models such as the random oracle model. In this discussion session we seek guidelines for which cryptographic assumptions to rely on in deployed zero-knowledge proofs and how different assumptions should be compared against each other.

Intro: Classification of assumptions, categorization of assumptions (e.g. falsifiable vs non-falsifiable), idealized models (e.g. ROM or generic group model), portfolio of assumptions (e.g. use of both KoE in one proof system and ROM in another means your full system relies on both), physical assumptions

Discussion topics: portfolio diversity vs specificity, efficiency vs strength, is there a role for standardization (e.g. terminology to distinguish variations of assumptions, definitions of assumptions to make comparisons easier, recommended use of assumptions to optimize global assumption portfolio)?

Discussion plan: soliciting concerns about the existing practices, discussing proposals for standardization.

1 Like

Anyone know who the scribe was?