96 research outputs found
Pinocchio-Based Adaptive zk-SNARKs and Secure/Correct Adaptive Function Evaluation
Pinocchio is a practical zk-SNARK that allows a prover to perform cryptographically verifiable computations with verification effort sometimes less than performing the computation itself. A recent proposal showed how to make Pinocchio adaptive (or ``hash-and-prove\u27\u27), i.e., to enable proofs with respect to computation-independent commitments. This enables computations to be chosen after the commitments have been produced, and for data to be shared in different computations in a flexible way. Unfortunately, this proposal is not zero-knowledge. In particular, it cannot be combined with Trinocchio, a system in which Pinocchio is outsourced to three workers that do not learn the inputs thanks to multi-party computation (MPC). In this paper, we show how to make Pinocchio adaptive in a zero-knowledge way; apply it to make Trinocchio work on computation-independent commitments; present tooling to easily program fleible verifiable computations (with or without MPC); and use it to build a prototype in a medical research case study
Prover-Efficient Commit-And-Prove Zero-Knowledge SNARKs
Zk-SNARKs (succinct non-interactive zero-knowledge arguments of knowledge) are needed in many applications. Unfortunately, all previous zk-SNARKs for interesting languages are either inefficient for the prover, or are non-adaptive and based on a commitment scheme that depends both on the prover\u27s input and on the language, i.e., they are not commit-and-prove (CaP) SNARKs. We propose a proof-friendly extractable commitment scheme, and use it to construct prover-efficient adaptive CaP succinct zk-SNARKs for different languages, that can all reuse committed data. In new zk-SNARKs, the prover computation is dominated by a linear number of cryptographic operations. We use batch-verification to decrease the verifier\u27s computation; importantly, batch-verification can be used also in QAP-based zk-SNARKs
Usalduse vÀhendamine ja turvalisuse parandamine zk-SNARK-ides ja kinnitusskeemides
VĂ€itekirja elektrooniline versioon ei sisalda publikatsioonezk-SNARK-id on tĂ”husad ja praktilised mitteinteraktiivsed tĂ”estussĂŒsteemid, mis on konstrueeritud viitestringi mudelis ning tĂ€nu kompaktsetele tĂ”estustele ja vĂ€ga tĂ”husale verifitseeritavusele on need laialdaselt kasutusele vĂ”etud suuremahulistes praktilistes rakendustes.
Selles töös uurime zk-SNARK-e kahest vaatenurgast: nende usalduse vĂ€hendamine ja turvalisuse tugevdamine. Esimeses suunas uurime kui palju saab vĂ€hendada usaldust paaristuspĂ”histe zk-SNARK-ide puhul ilma nende tĂ”husust ohverdamata niiviisi, et kasutajad saavad teatud turvataseme ka siis kui seadistusfaas tehti pahatahtlikult vĂ”i kui avalikustati seadistusfaasi salajane teave. Me pakume vĂ€lja mĂ”ned tĂ”husad konstruktsioonid, mis suudavad takistada zk-SNARK-i seadistusfaasi rĂŒndeid ja mis saavutavad senisest tugevama turvataseme. NĂ€itame ka seda, et sarnased tehnikad vĂ”imaldavad leevendada usaldust tagauksega kinnitusskeemides, mis on krĂŒptograafiliste primitiivide veel ĂŒks silmapaistev perekond ja mis samuti nĂ”ub usaldatud seadistusfaasi. Teises suunas esitame mĂ”ned tĂ”husad konstruktsioonid, mis tagavad parema turvalisuse minimaalsete lisakuludega. MĂ”ned esitatud konstruktsioonidest vĂ”imaldavad lihtsustada praegusi TK-turvalisi protokolle, nimelt privaatsust sĂ€ilitavate nutilepingusĂŒsteemide Hawk ja Gyges konstruktsiooni, ja parandada nende tĂ”husust. Uusi konstruktsioone saab aga otse kasutada uutes protokollides, mis soovivad kasutada zk-SNARK-e.
Osa vÀljapakutud zk-SNARK-e on implementeeritud teegis Libsnark ja empiirilised tulemused kinnitavad, et usalduse vÀhendamiseks vÔi suurema turvalisuse saavutamiseks on arvutuslikud lisakulud vÀikesed.Zero-knowledge Succinct Non-interactive ARguments of Knowledge (zk-SNARKs) are an efficient family of NIZK proof systems that are constructed in the Common Reference String (CRS) model and due to their succinct proofs and very efficient verification, they are widely adopted in large-scale practical applications.
In this thesis, we study zk-SNARKs from two perspectives, namely reducing trust and improving security in them. In the first direction, we investigate how much one can mitigate trust in pairing-based zk-SNARKs without sacrificing their efficiency. In such constructions, the parties of protocol will obtain a certain level of security even if the setup phase was done maliciously or the secret information of the setup phase was revealed. As a result of this direction, we present some efficient constructions that can resist against subverting of the setup phase of zk-SNARKs and achieve a certain level of security which is stronger than before. We also show that similar techniques will allow us to mitigate the trust in the trapdoor commitment schemes that are another prominent family of cryptographic primitives that require a trusted setup phase. In the second direction, we present some efficient constructions that achieve more security with minimal overhead. Some of the presented constructions allow to simplify the construction of current UC-secure protocols and improve their efficiency. New constructions can be directly deployed in any novel protocols that aim to use zk-SNARKs.
Some of the proposed zk-SNARKs are implemented in Libsnark, the state-of-the-art library for zk-SNARKs, and empirical experiences confirm that the computational cost to mitigate the trust or to achieve more security is practical.https://www.ester.ee/record=b535927
LegoSNARK: Modular Design and Composition of Succinct Zero-Knowledge Proofs
We study the problem of building SNARKs modularly by linking small specialized âproof gadgets SNARKs in a lightweight manner.
Our motivation is both theoretical and practical. On the theoretical side, modular SNARK designs would be flexible and reusable.
In practice, specialized SNARKs have the potential to be more efficient than general-purpose schemes, on which most existing works have focused. If a computation naturally presents different âcomponents (e.g. one arithmetic circuit and one boolean circuit), a general-purpose scheme would homogenize them to a single representation with a subsequent cost in performance. Through a modular approach one could instead exploit the nuances of a computation and choose the best gadget for each component.
Our contribution is LegoSNARK, a toolbox (or framework) for commit-and-prove zkSNARKs (CP-SNARKs) that includes:
1) General composition tools: build new CP-SNARKs from proof gadgets for basic relations .
2) A lifting tool: add commit-and-prove capabilities to a broad class of existing zkSNARKs . This makes them interoperable (linkable) within the same computation. For example, one QAP-based scheme can be used prove one component; another GKR-based scheme can be used to prove another.
3) A collection of succinct proof gadgets for a variety of relations.
Additionally, through our framework and gadgets, we are able to obtain new succinct proof systems. Notably:
â , a commit-and-prove version of Groth16 zkSNARK, that operates over data committed with a classical Pedersen vector commitment, and that achieves a 5000 speed in proving time.
â , a pairing-based SNARK for arithmetic circuits that has a universal, circuit-independent, CRS, and proving time linear in the number of circuit gates (vs. the recent scheme of Groth et al. (CRYPTO\u2718) with quadratic CRS and quasilinear proving time).
â CP-SNARKs for matrix multiplication that achieve optimal proving complexity.
4) A codebase written in C for highly composable zkSNARKs with commit-and-prove capabilities.
_______________
Available at https://github.com/imdea-software/legosnark
Experimenting with Collaborative zk-SNARKs: Zero-Knowledge Proofs for Distributed Secrets
A zk-SNARK is a powerful cryptographic primitive that provides a
succinct and efficiently checkable argument that the prover has a
witness to a public NP statement, without revealing the witness.
However, in their native form, zk-SNARKs only apply to a secret witness
held by a single party. In practice, a collection of parties often need
to prove a statement where the secret witness is distributed or shared
among them.
We implement and experiment with *collaborative zk-SNARKs*: proofs over
the secrets of multiple, mutually distrusting parties. We construct
these by lifting conventional zk-SNARKs into secure protocols among
provers to jointly produce a single proof over the distributed witness.
We optimize the proof generation algorithm in pairing-based zk-SNARKs so
that algebraic techniques for multiparty computation (MPC) yield
efficient proof generation protocols. For some zk-SNARKs, optimization
is more challenging. This suggests MPC friendliness as an additional
criterion for evaluating zk-SNARKs.
We implement three collaborative proofs and evaluate the concrete cost
of proof generation. We find that over a 3Gb/s link, security against a
malicious minority of provers can be achieved with *approximately the
same runtime* as a single prover. Security against malicious
provers requires only a slowdown. This efficiency is unusual
since most computations slow down by orders of magnitude when securely
distributed. This efficiency means that most applications that can
tolerate the cost of a single-prover proof should also be able to
tolerate the cost of a collaborative proof
ZKBoo: Faster Zero-Knowledge for Boolean Circuits
In this paper we describe ZKBoo, a proposal for practically efficient zero-knowledge arguments especially tailored for Boolean circuits and report on a proof-of-concept implementation. As an highlight, we can generate (resp. verify) a non-interactive proof for the SHA-1 circuit in approximately 13ms (resp. 5ms), with a proof size of 444KB.
Our techniques are based on the âMPC-in-the-headâ approach to zero-knowledge of Ishai et al. (IKOS), which has been successfully used to achieve significant asymptotic improvements. Our contributions include:
1) A thorough analysis of the different variants of IKOS, which highlights their pro and cons for practically relevant soundness parameters;
2) A generalization and simplification of their approach, which leads to faster Sigma-protocols (that can be made non-interactive using the Fiat-Shamir heuristic) for statements of the form âI know x such that y = f(x)â (where f is a circuit and y a public value);
3) A case study, where we provide explicit protocols, implementations and benchmarking of zero-knowledge protocols for the SHA-1 and SHA-256 circuits
Practical Zero-Knowledge Arguments from Structured Reference Strings
Zero-knowledge proofs have become an important tool for addressing privacy and scalability concerns in cryptographic protocols. For zero-knowledge proofs used in blockchain applications, it is desirable to have small proof sizes and fast verification. Yet by design, existing constructions with these properties such as zk-SNARKs also have a secret trapdoor embedded in a relation dependent structured reference string (SRS). Knowledge of this trapdoor suffices to break the security of these proofs. The SRSs required by zero-knowledge proofs are usually constructed with multiparty computation protocols, but the resulting parameters are specific to each individual circuit. In this thesis, we propose a model for constructing zero-knowledge arguments (i.e. zero-knowledge proofs with computational soundness) in which the generation of the SRS is directly considered in the security analysis. In our model the same SRS can be used across multiple applications. Further, the model is updatable i.e. users can update the universal SRS and the SRS is considered secure provided at least one of these users is honest. We propose two zero-knowledge arguments with updatable and universal SRSs, as well as a third which is neither updatable nor universal, but which through similar techniques achieves simulation extractability. The proposed arguments are practical, with proof sizes never more than a constant number of group elements. Verification for two of our constructions consist of a small number of pairing operations. For our other construction, which has the desirable property of a linear sized updatable and universal SRS, we describe efficient batching techniques so that verification is fast in the amortised setting
An Analysis of Anonymity in the Zcash Cryptocurrency
Cryptocurrencies such as Bitcoin have shown that a game theory approach to decentralized consensus can create value. In Bitcoinâs game theory, as long as an adversary does not acquire a majority of computational power it is more profitable for them to obey by the rules of the network. Moreover, Bitcoinâs transparent, immutable, publicly auditable ledger allows any party to trivially verify the correctness of transactions. This transparency means that an adversary may, while obeying the rules of the network, trace the flow of transactions. By corresponding a transaction to an individual, the adversary may determine the source and destination of that userâs funds, resulting in a serious loss of privacy. Several alternative cryptocurrencies ("altcoins") have endeavored to create systems that preserve privacy. The chief difficulty in creating such a system is devising a way that the correctness of transactions can be easily verified while obscuring the underlying details of the transactions. Such systems are akin to homomorphic encryption, where operations carried out on ciphertext correspond to the same operation on the cleartext. In this thesis, we review a cryptographic method known as zk-SNARKs for anonymizing transactions in cryptocurrencies. We summarize the mathematical foundations of this construction, tracing the development of its underlying principles through the literature. We also analyze Zcash, a publicly traded cryptocurrency that uses zk-SNARKs. Using blockchain analysis along with certain heurestics, we are able to potentially deanonymize transactions that account for 31.5% of Zcashâs private transaction volume.Master of ScienceComputer and Information Science, College of Engineering & Computer ScienceUniversity of Michigan-Dearbornhttps://deepblue.lib.umich.edu/bitstream/2027.42/143130/1/quesnelle-thesis.pdfDescription of quesnelle-thesis.pdf : Thesi
Zero Knowledge Proofs towards Verifiable Decentralized AI Pipelines
We are witnessing the emergence of decentralized AI pipelines wherein different organisations are involved in the different steps of the pipeline. In this paper, we introduce a comprehensive framework for verifiable provenance for decentralized AI pipelines with support for confidentiality concerns of the owners of data and model assets. Although some of the past works address different aspects of provenance, verifiability, and confidentiality, none of them address all the aspects under one uniform framework. We present an efficient and scalable approach for verifiable provenance for decentralized AI pipelines with support for confidentiality based on zero-knowledge proofs (ZKPs). Our work is of independent interest to the fields of verifiable computation (VC) and verifiable model inference. We present methods for basic computation primitives like read only memory access and operations on datasets that are an order of magnitude better than the state of the art. In the case of verifiable model inference, we again improve the state of the art for de- cision tree inference by an order of magnitude. We present an extensive experimental evaluation of our system
- âŠ