Implementing lattice-based cryptography in libsnark

New research allows construction of SNARK’s from lattice-based primitives, instead of pairings-based cryptography [BISW17]. We implement a proposed construction in libsnark, a popular existing zkSNARK library, using a quadratic arithmetic program representation and a ’crypto compiler’ based on an extension of standard Regev encryption [Reg05] into a linear-only vector encryption scheme [PVW08]. Our implementation should speed up verification, which is currently unacceptably slow (40s on average hardware). Additionally, lattice-based primitives are thought to be postquantum secure, so our zkSNARK implementation will inherit this useful property [Sim97]. 1 Background & Motivation 1.1 What is a SNARK? Using a zero-knowledge proof (ZKP), a prover can prove a statement while revealing absolutely no additional information to the verifier (that is, the verifier learns nothing besides that the statement is true). In addition to the zero-knowledge property, we require the two standard requirements for a proof: completeness (if the statement is true, the verifier will be convinced) and soundness (a malicious prover cannot convince the honest verifier of a false statement). We can refine our idea of a ZKP in three ways: noninteractivity, proof-of-knowledge, and succinctness.