Security levels – reading material

# Security levels -- additional materials ## IMPORTANT NOTE During the talk, I incorrectly stated that constant-round protocols essentially do not lose security when the Fiat--Shamir transformation is applied to them. This is not true in general, see [[AFK21, Section 7]](https://eprint.iacr.org/2021/1377.pdf). I guess that this is one more example that we assume security properties too lightly :smile:. ## Security levels - [Rosulek -- The Joy of Cryptography, Chapter 4](https://joyofcryptography.com/pdf/chap4.pdf) - [Thaler -- Proofs, Arguments and Zero-Knowledge, Section 5.3.1](https://people.cs.georgetown.edu/jthaler/ProofsArgsAndZK.html) ## Proof systems ### SNARK architecture - [Boneh -- Overview of Modern SNARK constructions](https://www.youtube.com/watch?v=bGEXYpt3sj0) - Thaler -- SNARK Design: [Part I](https://www.youtube.com/watch?v=tg6lKPdR_e4), [Part II](https://youtu.be/cMAI7g3UcoI), [Part III](https://youtu.be/ZEjuh1UBg6A) ### Schwartz--Zippel lemma - [Schwartz--Zippel lemma](https://en.wikipedia.org/wiki/Schwartz%E2%80%93Zippel_lemma) ## Elliptic curve security - [Guillevic -- Pairing-friendly curves](https://members.loria.fr/AGuillevic/pairing-friendly-curves/) - [Hopwood - BN254](https://github.com/zcash/zcash/issues/714) ## Fiat--Shamir transformation ### Implementation issues - [BPW16 -- How not to Prove Yourself: Pitfalls of the Fiat-Shamir Heuristic and Applications to Helios](https://eprint.iacr.org/2016/771) - [DMW+23 -- Weak Fiat-Shamir Attacks on Modern Proof Systems](https://eprint.iacr.org/2023/691.pdf) - [CPV24 -- The Last Challenge Attack: Exploiting a Vulnerable Implementation of the Fiat-Shamir Transform in a KZG-based SNARK](https://eprint.iacr.org/2024/398.pdf) ### Theoretical issues - [Thaler -- Proofs, Arguments and Zero-Knowledge, Sections 5.2 and 5.3](https://people.cs.georgetown.edu/jthaler/ProofsArgsAndZK.html) - [AFK21 -- Fiat-Shamir Transformation of Multi-Round Interactive Proofs](https://eprint.iacr.org/2021/1377.pdf) - [BGK+23 -- Fiat-Shamir Security of FRI and Related SNARKs](https://eprint.iacr.org/2023/1071)