@inproceedings{d1b67494d442479e92930ff2cc0b7af0,
title = "Security Bounds for Proof-Carrying Data from Straightline Extractors",
abstract = "Proof-carrying data (PCD) is a powerful cryptographic primitive that allows mutually distrustful parties to perform distributed computation in an efficiently verifiable manner. Real-world deployments of PCD have sparked keen interest within the applied community and industry. Known constructions of PCD are obtained by recursively-composing SNARKs or related primitives. Unfortunately, known security analyses incur expensive blowups, which practitioners have disregarded as the analyses would lead to setting parameters that are prohibitively expensive. In this work we study the concrete security of recursive composition, with the goal of better understanding how to reasonably set parameters for certain PCD constructions of practical interest. Our main result is that PCD obtained from SNARKs with straightline knowledge soundness has essentially the same security as the underlying SNARK (i.e., recursive composition incurs essentially no security loss). We describe how straightline knowledge soundness is achieved by SNARKs in several oracle models, which results in a highly efficient security analysis of PCD that makes black-box use of the SNARK{\textquoteright}s oracle (there is no need to instantiated the oracle to carry out the security reduction). As a notable application, our work offers an idealized model that provides new, albeit heuristic, insights for the concrete security of recursive STARKs used in blockchain systems. Our work could be viewed as partial evidence justifying the parameter choices for recursive STARKs made by practitioners.",
keywords = "concrete security, proof-carrying data, relativization, succinct non-interactive arguments",
author = "Alessandro Chiesa and Ziyi Guan and Shahar Samocha and Eylon Yogev",
note = "Publisher Copyright: {\textcopyright} International Association for Cryptologic Research 2025.; 22nd Theory of Cryptography Conference, TCC 2024 ; Conference date: 02-12-2024 Through 06-12-2024",
year = "2025",
doi = "https://doi.org/10.1007/978-3-031-78017-2_16",
language = "الإنجليزيّة",
isbn = "9783031780165",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Science and Business Media Deutschland GmbH",
pages = "464--496",
editor = "Elette Boyle and Mohammad Mahmoody",
booktitle = "Theory of Cryptography - 22nd International Conference, TCC 2024, Proceedings",
address = "ألمانيا",
}