Among the zero-knowledge succinct non-interactive arguments of knowledge (zk-SNARK), the simulation-extractable zk-SNARK (SE-SNARK) introduces a security notion of non-malleability.The existing pairing-based zk-SNARKs designed from linear encoding are known to be vulnerable to algebraic manipulation of the proof.The latest SE-SNARKs check the proof consistency by increasing the proof size and the verification cost.
In particular, the number of pairings increases almost doubles due to further verification.In this article, Mountaineering - Homme - Vetements - Manteau we propose two novel SE-SNARK constructions with a single verification.The consistency check is subsumed in a single verification through employing a hash function.
The proof size and verification time of the proposed SE-SNARK schemes are minimal in that it is the same as the state-of-the-art zk-SNARK without non-malleability.The proof in our SE-SNARK constructions comprises only three group elements (type III) in the QAP-based scheme and two group elements PUMICE SOAP (type I) in the SAP-based scheme.The verification time in both requires only 3 pairings.
The soundness of the proposed schemes is proven under the hash-algebraic knowledge (HAK) assumption and the (linear) collision-resistant hash assumption.