SAVER: SNARK-Compatible Verifiable Encryption
- Authors
- Lee, Jiwon; Choi, Jaekyoung; Kim, Jihye; Oh, Hyunok
- Issue Date
- Mar-2025
- Publisher
- Springer Verlag
- Keywords
- zk-SNARK; verifiable encryption; encrypt-and-prove
- Citation
- Lecture Notes in Computer Science, v.14745, pp 209 - 226
- Pages
- 18
- Indexed
- SCOPUS
- Journal Title
- Lecture Notes in Computer Science
- Volume
- 14745
- Start Page
- 209
- End Page
- 226
- URI
- https://scholarworks.bwise.kr/hanyang/handle/2021.sw.hanyang/206980
- DOI
- 10.1007/978-3-031-78679-2_11
- ISSN
- 0302-9743
1611-3349
- Abstract
- In applications involving zero-knowledge succinct non-interactive arguments of knowledge (zk-SNARK), there often exists a requirement for the proof system to be combined with encryption. As a typical example, a user may want to encrypt his identity, while proving that his identity satisfies a given authorized function (e.g. credit checks). However, depending on the functionalities and message types, including encryption constraints inside the SNARK input may lead to impractically large proving time and CRS sizes. In this paper, we propose a SNARK-compatible verifiable encryption or in short SAVER, which is a novel encrypt-and-prove approach to modularize the encryption apart from SNARK circuits. The SAVER holds many useful properties. It is SNARK-compatible: the encryption scheme is combined with an existing SNARK, in a way that the encryptor can prove pre-defined properties while encrypting the message apart from SNARKs. It is additively-homomorphic: the ciphertext holds a homomorphic property by following an ElGamal-like design. It is a verifiable encryption: one can verify arbitrary properties of encrypted messages by using the combined SNARK. It provides a verifiable decryption: the public can verify that the plaintext claimed by decryptor is equal to the original decryption of ciphertext. It also provides rerandomization: the proof and the ciphertext can be rerandomized as independent objects so that even the encryptor (or prover) herself cannot identify the origin.
- Files in This Item
-
Go to Link
- Appears in
Collections - 서울 공과대학 > 서울 정보시스템학과 > 1. Journal Articles

Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.