Lower Bound on SNARGs in the Random Oracle Model

Iftach Haitner, Daniel Nukrai, Eylon Yogev*

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


Succinct non-interactive arguments (SNARGs) have become a fundamental primitive in the cryptographic community. The focus of this work is constructions of SNARGs in the Random Oracle Model (ROM). Such SNARGs enjoy post-quantum security and can be deployed using lightweight cryptography to heuristically instantiate the random oracle. A ROM-SNARG is (t, ε) -sound if no t -query malicious prover can convince the verifier to accept a false statement with probability larger than ε. Recently, Chiesa-Yogev (CRYPTO ’21) presented a ROM-SNARG of length Θ(log (t/ ε) · log t) (ignoring log n factors, for n being the instance size). This improvement, however, is still far from the (folklore) lower bound of Ω(log (t/ ε) ). Assuming the randomized exponential-time hypothesis, we prove a tight lower bound of Ω(log (t/ ε) · log t) for the length of (t, ε) -sound ROM-SNARGs. Our lower bound holds for constructions with non-adaptive verifiers and strong soundness notion called salted soundness, restrictions that hold for all known constructions (ignoring contrived counterexamples). We prove our lower bound by transforming any short ROM-SNARG (of the considered family) into a same length ROM-SNARG in which the verifier asks only a few oracles queries, and then apply the recent lower bound of Chiesa-Yogev (TCC ’20) for such SNARGs.

Original languageEnglish
Title of host publicationAdvances in Cryptology – CRYPTO 2022 - 42nd Annual International Cryptology Conference, CRYPTO 2022, Proceedings
EditorsYevgeniy Dodis, Thomas Shrimpton
PublisherSpringer Science and Business Media Deutschland GmbH
Number of pages31
ISBN (Print)9783031159817
StatePublished - 2022
Event42nd Annual International Cryptology Conference, CRYPTO 2022 - Santa Barbara, United States
Duration: 15 Aug 202218 Aug 2022

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume13509 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference42nd Annual International Cryptology Conference, CRYPTO 2022
Country/TerritoryUnited States
CitySanta Barbara


  • Random oracle
  • SNARGs
  • high-entropy sets
  • lower bound


Dive into the research topics of 'Lower Bound on SNARGs in the Random Oracle Model'. Together they form a unique fingerprint.

Cite this