Casting out Primes: Bignum Arithmetic for Zero-Knowledge Proofs

We describe a nondeterministic method for bignum arithmetic. It is inspired by the casting out nines technique, where some identity is checked modulo 9, providing a probabilistic result. More generally, we might check that some identity holds under a set of moduli, i.e. $f(\vec{x}) = 0 \mod m_i$ for each $m_i \in M$. Then \DeclareMathOperator{\lcm}{lcm} f(\vec{x}) = 0 \mod \lcm(M), and if we know |f(\vec{x})| < \lcm(M), it follows that $f(\vec{x}) = 0$. We show how to perform such small-modulus checks efficiently, for certain $f(\vec{x})$ such as bignum multiplication. We focus on the cost model of zero-knowledge proof systems, which support field arithmetic and range checks as native operations

eSTARK: Extending STARKs with Arguments

STARK is a widely used transparent proof system that uses low-degree tests for proving the correctness of a computer program. STARK consumes an intermediate representation known as AIR that is more appropriate for programs with a relatively short and structured description. However, an AIR is not able to succinctly express non-equality constraints, leading to the incorporation of unwanted polynomials. We present the eSTARK protocol, a new probabilistic proof that generalizes the STARK family through the introduction of a more generic intermediate representa- tion called eAIR. We describe eSTARK in the polynomial IOP model, which com- bines the optimized version of the STARK protocol with the incorporation of three arguments into the protocol. We also explain various techniques that enhance the vanilla STARK complexity, including optimizations applied to polynomial computa- tions, and analyze the tradeoffs between controlling the constraint degree either at the representation of the AIR or inside the eSTARK itself

Twisted Edwards elliptic curves for zero-knowledge circuits

Circuit-based zero-knowledge proofs have arose as a solution to the implementation of privacy in blockchain applications, and to current scalability problems that blockchains suffer from. The most efficient circuit-based zero-knowledge proofs use a pairing-friendly elliptic curve to generate and validate proofs. In particular, the circuits are built connecting wires that carry elements from a large prime field, whose order is determined by the number of elements of the pairing-friendly elliptic curve. In this context, it is important to generate an inner curve using this field, because it allows to create circuits that can verify public-key cryptography primitives, such as digital signatures and encryption schemes. To this purpose, in this article, we present a deterministic algorithm for generating twisted Edwards elliptic curves defined over a given prime field. We also provide an algorithm for checking the resilience of this type of curve against most common security attacks. Additionally, we use our algorithms to generate Baby Jubjub, a curve that can be used to implement elliptic-curve cryptography in circuits that can be validated in the Ethereum blockchain.This research has been partially funded by the projects Project RTI2018-102112-B-100 (AEI/FEDER, UE), i3Market (H2020-ICT-2019-2 grant number 871754) and TCO-RISEBLOCK (PID2019- 110224RB-I00)

New privacy practices for blockchain software

© 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes,creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.The benefits of blockchain technologies for industrial applications are unquestionable. However, it is a considerable challenge to use a transparent system like blockchain and at the same time provide privacy to sensitive data. Privacy technologies permit conducting private transactions about sensitive data over transparent networks, but their inherent complexity has been overwhelming for many developers. Closing the gap between developers and privacy-preserving technologies would help to the full adoption of the privacy by design framework for blockchain software. To this end, in this paper we present the software tools we have implemented to bring complex privacy technologies closer to developers and facilitate the job of implementing privacy-enabled blockchain applications.This research is supported by the Ethereum Foundation Ecosystem Support [9], TCO-RISEBLOCK (PID2019-110224RB-I00), H2020-i3-MARKET, ARPASAT (TEC2015-70197-R), 2014-SGR-1504, RTI2018-102112-B-I00 (AEI/FEDER,UE) and H2020 PRESENT (856879).Peer ReviewedPostprint (published version

Systematic review: third-line susceptibility-guided treatment for infection

Background: Susceptibility-guided therapies (SGTs) have been proposed as preferable to empirical rescue treatments after two treatment failures. The aim of this study was to perform a systematic review and meta-analysis evaluating the effectiveness and efficacy of SGT as third-line therapy. Methods: A systematic search was performed in multiple databases. Studies reporting cure rates of Helicobacter pylori with SGT in third-line therapy were selected. A qualitative analysis describing the current evidence and a pooled mean analysis summarizing the cure rates of SGT in third-line therapy was performed. Results: No randomized controlled trials or comparative studies were found. Four observational studies reported cure rates with SGT in third-line treatment, and three studies which mixed patients with second- and third-line treatment also reported cure rates with SGT. The majority of the studies included the patients when culture had been already obtained, and so the effectiveness of SGT and empirical therapy has never been compared. A pooled mean analysis including four observational studies (283 patients) showed intention-to-treat and per-protocol eradication rates with SGT of 72% (95% confidence interval 56–87%; I 2 : 92%) and 80% (95% confidence interval 71–90%; I 2 : 80%), respectively. Conclusions: SGT may be an acceptable option as rescue treatment. However, cure rates are, at best, moderate and this approach has never been compared with a well-devised empirical therapy. The evidence in favor of SGT as rescue therapy is currently insufficient to recommend its use