Impossibility of SNARGs∗

In the last few years, applications such practical verifiable computation, anonymous cryptocurrencies (e.g. Zcash), signature of knowledge and etc have made succinct non-interactive arguments (SNARGs) as an active research area for ground-breaking researchers. A non-interactive computationally sound argument (proof system) for NP is succinct if the its proof size is polylogarithmic the instance and witness sizes. The succinctness of an arguments makes it possible to verify the proof efficiently by low-power verifiers and clients. Recently, among wide range of prominent results on SNARGs, there was a basic research question regard to construction of SNARGs based on falsifiable cryptographic assumptions (e.g. DDH, RSA, LWE, OWFs, · · ·). Roughly speaking, the question was that ”can we prove any SNARG construction secure under assumptions such as OWFs, DDH, RSA, LWE, and etc which are falsifiable assumptions”. This question is answered by Gentry and Wichsy in 2011 [GW11], by showing that there is no black-box reduction security proof for any SNARG under falsifiable assumptions. Note that, a cryptographic assumption is called falsifiable if we can model it as a game between an adversary and an efficient challenger, which at the end of the game, the challenger can determine whether the adversary won the game. In this report, we aim to give a short overview on their result and highlight the key points of their paper.