Obtaining simulation extractable NIZKs in the updatable CRS model generically

Abstract

Non-interactive zero-knowledge proofs as well as succinct non-interactive argument of knowledge (SNARK) are playing a central role in both theory and application of cryptography. Simulation extractable for SNARKs is considered a necessary security requirement by most applications which prevents the protocol from malleable attacks. However, a trusted party is required to generate the common reference string (CRS) for SNARKs which can be quite problematic in real applications. Recently, the subvertible and updatable CRS model has been proposed to relax the trust in the CRS generation procedure.In this paper, we propose two generic compilers that can achieve simulation extractable in the updatable CRS model. By using an efficient updatable verifiable random function defined in this paper which may be of independent interest, we show that our compiler can lift the updatable knowledge soundness of the underlying SNARKs to achieve updatable simulation extractability. We extend our results by proposing another compiler that can lift a NIZK that has an even weaker security notion called updatable soundness to achieve updatable simulation extractability. We instantiate our compilers and compare them to other related works. This shows that our efficient compilers can be used in various applications.