research-article

Public Access

A 2.1 KHz Zero-Knowledge Processor with BubbleRAM

Authors:

Vladimir KolesnikovAuthors Info & Claims

CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security

Pages 2055 - 2074

https://doi.org/10.1145/3372297.3417283

Published: 02 November 2020 Publication History

Abstract

Zero-Knowledge (ZK) proofs (ZKP) are foundational in cryptography. Most recent ZK research focuses on non-interactive proofs (NIZK) of small statements, useful in blockchain scenarios. Another line, and our focus, instead targets proofs of large statements that are useful, e.g., in proving properties of programs in ZK. We specify a zero-knowledge processor that executes arbitrary programs written in a simple instruction set, and proves in ZK the correctness of the execution. Such an approach is well-suited for constructing ZK proofs of large statements as it efficiently supports complex programming constructs, such as loops and RAM access. Critically, we propose several novel ZK improvements that make our approach concretely efficient: (1) an efficient arithmetic representation with conversions to/from Boolean, (2) an efficient read-only memory that uses $2łog n$ OTs per access, and (3) an efficient read-write memory, øurram, which uses $\frac1 2 łog^2 n$ OTs per access. øurram beats linear scan for RAM of size $>3$ elements! Prior ZK systems used generic ORAM costing orders of magnitude more. We cast our system as a garbling scheme that can be plugged into the ZK protocol of [Jawurek et al, CCS'13]. Put together, our system is concretely efficient: for a processor instantiated with $512$KB of main memory, each processor cycle costs $24$KB of communication. We implemented our approach in \textttC++. On a 1Gbps LAN our implementation realizes a $2.1$KHz processor.

Supplementary Material

MOV File (Copy of CCS2020_fpx389_DavidHeath - Nano Zii.mov)

Presentation video

Download
148.98 MB

References

[1]

Scott Ames, Carmit Hazay, Yuval Ishai, and Muthuramakrishnan Venkitasubramaniam. 2017. Ligero: Lightweight Sublinear Arguments Without a Trusted Setup. In ACM CCS 2017, Bhavani M. Thuraisingham, David Evans, Tal Malkin, and Dongyan Xu (Eds.). ACM Press, 2087--2104. https://doi.org/10.1145/3133956.3134104

Digital Library

[2]

Marshall Ball, Tal Malkin, and Mike Rosulek. 2016. Garbling Gadgets for Boolean and Arithmetic Circuits. In ACM CCS 2016, Edgar R. Weippl, Stefan Katzenbeisser, Christopher Kruegel, Andrew C. Myers, and Shai Halevi (Eds.). ACM Press, 565--577. https://doi.org/10.1145/2976749.2978410

[3]

Mihir Bellare and Oded Goldreich. 1993. On Defining Proofs of Knowledge. In CRYPTO'92 (LNCS ), Ernest F. Brickell (Ed.), Vol. 740. Springer, Heidelberg, 390--420. https://doi.org/10.1007/3--540--48071--4_28

[4]

Mihir Bellare, Viet Tung Hoang, and Phillip Rogaway. 2012. Foundations of garbled circuits. In ACM CCS 2012, Ting Yu, George Danezis, and Virgil D. Gligor (Eds.). ACM Press, 784--796. https://doi.org/10.1145/2382196.2382279

Digital Library

[5]

Eli Ben-Sasson, Iddo Bentov, Yinon Horesh, and Michael Riabzev. 2018. Scalable, transparent, and post-quantum secure computational integrity. Cryptology ePrint Archive, Report 2018/046. (2018). https://eprint.iacr.org/2018/046.

[6]

Eli Ben-Sasson, Iddo Bentov, Yinon Horesh, and Michael Riabzev. 2019. Scalable Zero Knowledge with No Trusted Setup. In CRYPTO 2019, Part III (LNCS ), Alexandra Boldyreva and Daniele Micciancio (Eds.), Vol. 11694. Springer, Heidelberg, 701--732. https://doi.org/10.1007/978--3-030--26954--8_23

Digital Library

[7]

Eli Ben-Sasson, Alessandro Chiesa, Daniel Genkin, Eran Tromer, and Madars Virza. 2013. SNARKs for C: Verifying Program Executions Succinctly and in Zero Knowledge. In CRYPTO 2013, Part II (LNCS ), Ran Canetti and Juan A. Garay (Eds.), Vol. 8043. Springer, Heidelberg, 90--108. https://doi.org/10.1007/978--3--642--40084--1_6

[8]

Eli Ben-Sasson, Alessandro Chiesa, Michael Riabzev, Nicholas Spooner, Madars Virza, and Nicholas P. Ward. 2019. Aurora: Transparent Succinct Arguments for R1CS . EUROCRYPT 2019, Part I (LNCS ), Yuval Ishai and Vincent Rijmen (Eds.), Vol. 11476. Springer, Heidelberg, 103--128. https://doi.org/10.1007/978--3-030--17653--2_4

Digital Library

[9]

Eli Ben-Sasson, Alessandro Chiesa, Eran Tromer, and Madars Virza. 2013. Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture. Cryptology ePrint Archive, Report 2013/879. (2013). https://eprint.iacr.org/2013/879.

[10]

Eli Ben-Sasson, Alessandro Chiesa, Eran Tromer, and Madars Virza. 2014a. Scalable Zero Knowledge via Cycles of Elliptic Curves. In CRYPTO 2014, Part II (LNCS ), Juan A. Garay and Rosario Gennaro (Eds.), Vol. 8617. Springer, Heidelberg, 276--294. https://doi.org/10.1007/978--3--662--44381--1_16

[11]

Eli Ben-Sasson, Alessandro Chiesa, Eran Tromer, and Madars Virza. 2014b. Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture. In USENIX Security 2014, Kevin Fu and Jaeyeon Jung (Eds.). USENIX Association, 781--796.

[12]

Benedikt Bünz, Jonathan Bootle, Dan Boneh, Andrew Poelstra, Pieter Wuille, and Greg Maxwell. 2018. Bulletproofs: Short Proofs for Confidential Transactions and More. In 2018 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 315--334. https://doi.org/10.1109/SP.2018.00020

[13]

Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, and Greg Zaverucha. 2017. Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives. In ACM CCS 2017, Bhavani M. Thuraisingham, David Evans, Tal Malkin, and Dongyan Xu (Eds.). ACM Press, 1825--1842. https://doi.org/10.1145/3133956.3133997

Digital Library

[14]

Craig Costello, Cédric Fournet, Jon Howell, Markulf Kohlweiss, Benjamin Kreuter, Michael Naehrig, Bryan Parno, and Samee Zahur. 2015. Geppetto: Versatile Verifiable Computation. In 2015 IEEE Symposium on Security and Privacy . IEEE Computer Society Press, 253--270. https://doi.org/10.1109/SP.2015.23

[15]

Ronald Cramer, Ivan Damgård, and Berry Schoenmakers. 1994. Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols. In CRYPTO'94 (LNCS ), Yvo Desmedt (Ed.), Vol. 839. Springer, Heidelberg, 174--187. https://doi.org/10.1007/3--540--48658--5_19

[16]

Alfredo De Santis and Giuseppe Persiano. 1992. Zero-Knowledge Proofs of Knowledge Without Interaction (Extended Abstract). In 33rd FOCS . IEEE Computer Society Press, 427--436. https://doi.org/10.1109/SFCS.1992.267809

[17]

Jack Doerner and abhi shelat. 2017. Scaling ORAM for Secure Computation. In ACM CCS 2017, Bhavani M. Thuraisingham, David Evans, Tal Malkin, and Dongyan Xu (Eds.). ACM Press, 523--535. https://doi.org/10.1145/3133956.3133967

[18]

Tore Kasper Frederiksen, Jesper Buus Nielsen, and Claudio Orlandi. 2015. Privacy-Free Garbled Circuits with Applications to Efficient Zero-Knowledge. In EUROCRYPT 2015, Part II (LNCS ), Elisabeth Oswald and Marc Fischlin (Eds.), Vol. 9057. Springer, Heidelberg, 191--219. https://doi.org/10.1007/978--3--662--46803--6_7

[19]

Rosario Gennaro, Craig Gentry, Bryan Parno, and Mariana Raykova. 2013. Quadratic Span Programs and Succinct NIZKs without PCPs. In EUROCRYPT 2013 (LNCS ), Thomas Johansson and Phong Q. Nguyen (Eds.), Vol. 7881. Springer, Heidelberg, 626--645. https://doi.org/10.1007/978--3--642--38348--9_37

[20]

Irene Giacomelli, Jesper Madsen, and Claudio Orlandi. 2016. ZKBoo: Faster Zero-Knowledge for Boolean Circuits. In USENIX Security 2016, Thorsten Holz and Stefan Savage (Eds.). USENIX Association, 1069--1083.

[21]

Oded Goldreich, Silvio Micali, and Avi Wigderson. 1991. Proofs That Yield Nothing but Their Validity or All Languages in NP Have Zero-knowledge Proof Systems. J. ACM, Vol. 38, 3 (July 1991), 690--728. https://doi.org/10.1145/116825.116852

Digital Library

[22]

Shafi Goldwasser, Silvio Micali, and Charles Rackoff. 1985. The Knowledge Complexity of Interactive Proof-Systems (Extended Abstract). In 17th ACM STOC. ACM Press, 291--304. https://doi.org/10.1145/22145.22178

Digital Library

[23]

Jens Groth. 2016. On the Size of Pairing-Based Non-interactive Arguments. In EUROCRYPT 2016, Part II (LNCS ), Marc Fischlin and Jean-Sé bastien Coron (Eds.), Vol. 9666. Springer, Heidelberg, 305--326. https://doi.org/10.1007/978--3--662--49896--5_11

[24]

David Heath and Vladimir Kolesnikov. 2020. Stacked Garbling for Disjunctive Zero-Knowledge Proofs. Cryptology ePrint Archive, Report 2020/136. (2020). https://eprint.iacr.org/2020/136.

[25]

Zhangxiang Hu, Payman Mohassel, and Mike Rosulek. 2015. Efficient Zero-Knowledge Proofs of Non-algebraic Statements with Sublinear Amortized Cost. In CRYPTO 2015, Part II (LNCS ), Rosario Gennaro and Matthew J. B. Robshaw (Eds.), Vol. 9216. Springer, Heidelberg, 150--169. https://doi.org/10.1007/978--3--662--48000--7_8

Digital Library

[26]

Yuval Ishai, Eyal Kushilevitz, Rafail Ostrovsky, and Amit Sahai. 2007. Zero-knowledge from secure multiparty computation. 39th ACM STOC, David S. Johnson and Uriel Feige (Eds.). ACM Press, 21--30. https://doi.org/10.1145/1250790.1250794

[27]

Marek Jawurek, Florian Kerschbaum, and Claudio Orlandi. 2013. Zero-knowledge using garbled circuits: how to prove non-algebraic statements efficiently. In ACM CCS 2013, Ahmad-Reza Sadeghi, Virgil D. Gligor, and Moti Yung (Eds.). ACM Press, 955--966. https://doi.org/10.1145/2508859.2516662

Digital Library

[28]

Jonathan Katz, Vladimir Kolesnikov, and Xiao Wang. 2018. Improved Non-Interactive Zero Knowledge with Applications to Post-Quantum Signatures. In ACM CCS 2018, David Lie, Mohammad Mannan, Michael Backes, and XiaoFeng Wang (Eds.). ACM Press, 525--537. https://doi.org/10.1145/3243734.3243805

Digital Library

[29]

Marcel Keller, Emmanuela Orsini, and Peter Scholl. 2015. Actively Secure OT Extension with Optimal Overhead. In CRYPTO 2015, Part I (LNCS ), Rosario Gennaro and Matthew J. B. Robshaw (Eds.), Vol. 9215. Springer, Heidelberg, 724--741. https://doi.org/10.1007/978--3--662--47989--6_35

[30]

Vladimir Kolesnikov and Thomas Schneider. 2008a. Improved Garbled Circuit: Free XOR Gates and Applications. In ICALP 2008, Part II (LNCS ), Luca Aceto, Ivan Damgård, Leslie Ann Goldberg, Magnús M. Halldórsson, Anna Ingólfsdóttir, and Igor Walukiewicz (Eds.), Vol. 5126. Springer, Heidelberg, 486--498. https://doi.org/10.1007/978--3--540--70583--3_40

Digital Library

[31]

Vladimir Kolesnikov and Thomas Schneider. 2008b. A Practical Universal Circuit Construction and Secure Evaluation of Private Functions. In FC 2008 (LNCS ), Gene Tsudik (Ed.), Vol. 5143. Springer, Heidelberg, 83--97.

Digital Library

[32]

Steve Lu and Rafail Ostrovsky. 2013. How to Garble RAM Programs. In EUROCRYPT 2013 (LNCS ), Thomas Johansson and Phong Q. Nguyen (Eds.), Vol. 7881. Springer, Heidelberg, 719--734. https://doi.org/10.1007/978--3--642--38348--9_42

[33]

Payman Mohassel, Mike Rosulek, and Alessandra Scafuro. 2017. Sublinear Zero-Knowledge Arguments for RAM Programs. In EUROCRYPT 2017, Part I (LNCS ), Jean-Sé bastien Coron and Jesper Buus Nielsen (Eds.), Vol. 10210. Springer, Heidelberg, 501--531. https://doi.org/10.1007/978--3--319--56620--7_18

[34]

Bryan Parno, Jon Howell, Craig Gentry, and Mariana Raykova. 2013. Pinocchio: Nearly Practical Verifiable Computation. In 2013 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 238--252. https://doi.org/10.1109/SP.2013.47

[35]

Michael Raskin and Mark Simkin. 2019. Perfectly Secure Oblivious RAM with Sublinear Bandwidth Overhead., Vol. 11922 (2019).

Digital Library

[36]

Claus-Peter Schnorr. 1990. Efficient Identification and Signatures for Smart Cards. In CRYPTO'89 (LNCS ), Gilles Brassard (Ed.), Vol. 435. Springer, Heidelberg, 239--252. https://doi.org/10.1007/0--387--34805-0_22

[37]

Ebrahim M. Songhori, Siam U. Hussain, Ahmad-Reza Sadeghi, Thomas Schneider, and Farinaz Koushanfar. 2015. TinyGarble: Highly Compressed and Scalable Sequential Garbled Circuits. In 2015 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 411--428. https://doi.org/10.1109/SP.2015.32

[38]

Abraham Waksman. 1968. A Permutation Network. J. ACM, Vol. 15, 1 (Jan. 1968), 159--163. https://doi.org/10.1145/321439.321449

Digital Library

[39]

Xiao Wang, T.-H. Hubert Chan, and Elaine Shi. 2015. Circuit ORAM: On Tightness of the Goldreich-Ostrovsky Lower Bound. In ACM CCS 2015, Indrajit Ray, Ninghui Li, and Christopher Kruegel (Eds.). ACM Press, 850--861. https://doi.org/10.1145/2810103.2813634

Digital Library

[40]

Xiao Wang, Alex J. Malozemoff, and Jonathan Katz. 2016b. EMP-toolkit: Efficient MultiParty computation toolkit . https://github.com/emp-toolkit . (2016).

[41]

Xiao Shaun Wang, S. Dov Gordon, Allen McIntosh, and Jonathan Katz. 2016a. Secure Computation of MIPS Machine Code. In ESORICS 2016, Part II (LNCS ), Ioannis G. Askoxylakis, Sotiris Ioannidis, Sokratis K. Katsikas, and Catherine A. Meadows (Eds.), Vol. 9879. Springer, Heidelberg, 99--117. https://doi.org/10.1007/978--3--319--45741--3_6

[42]

Tiancheng Xie, Jiaheng Zhang, Yupeng Zhang, Charalampos Papamanthou, and Dawn Song. 2019. Libra: Succinct Zero-Knowledge Proofs with Optimal Prover Computation. In CRYPTO 2019, Part III (LNCS ), Alexandra Boldyreva and Daniele Micciancio (Eds.), Vol. 11694. Springer, Heidelberg, 733--764. https://doi.org/10.1007/978--3-030--26954--8_24

[43]

Samee Zahur, Xiao Shaun Wang, Mariana Raykova, Adria Gascón, Jack Doerner, David Evans, and Jonathan Katz. 2016. Revisiting Square-Root ORAM: Efficient Random Access in Multi-party Computation. In 2016 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 218--234. https://doi.org/10.1109/SP.2016.21

Cited By

Laufer EOzdemir ABoneh DLuo BLiao XXu JKirda ELie D(2024)zkPi: Proving Lean Theorems in Zero-KnowledgeProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670322(4301-4315)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670322
Cuéllar SHarris BParker JPernsteiner STromer ECalandrino JTroncoso C(2023)CheeseclothProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620602(6525-6540)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620602
Yang YHeath DHazay CKolesnikov VVenkitasubramaniam MMeng WJensen CCremers CKirda E(2023)Batchman and Robin: Batched and Non-batched Branching for Interactive ZKProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623169(1452-1466)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3623169
Show More Cited By

Index Terms

A 2.1 KHz Zero-Knowledge Processor with BubbleRAM
1. Theory of computation
  1. Computational complexity and cryptography
    1. Cryptographic protocols

Recommendations

Secure multiparty protocols and zero-knowledge proof systems tolerating a faulty minority

A multiparty protocol to compute a function f(x ₁, ..., x _n) operates as follows: each of n processors holds an input x _i, and jointly they must compute and reveal f(x ₁, ..., x _n) without revealing any additional information about the inputs. The ...
Strengthening Zero-Knowledge Protocols Using Signatures

Recently there has been an interest in zero-knowledge protocols with stronger properties, such as concurrency, simulation soundness, non-malleability, and universal composability. In this paper we show a novel technique to convert a large class of ...
Resettable Zero-Knowledge

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security

October 2020

2180 pages

ISBN:9781450370899

DOI:10.1145/3372297

General Chairs:
Jay Ligatti
University of South Florida, USA
,
Xinming Ou
University of South Florida, USA
,
Program Chairs:
Jonathan Katz
University of Maryland, USA
,
Giovanni Vigna
University of California-Santa Barbara, USA

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 November 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

NSF
Sandia National Laboratories

Conference

CCS '20

Sponsor:

SIGSAC

CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security

November 9 - 13, 2020

Virtual Event, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
1,030
Total Downloads

Downloads (Last 12 months)130
Downloads (Last 6 weeks)18

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Laufer EOzdemir ABoneh DLuo BLiao XXu JKirda ELie D(2024)zkPi: Proving Lean Theorems in Zero-KnowledgeProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670322(4301-4315)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670322
Cuéllar SHarris BParker JPernsteiner STromer ECalandrino JTroncoso C(2023)CheeseclothProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620602(6525-6540)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620602
Yang YHeath DHazay CKolesnikov VVenkitasubramaniam MMeng WJensen CCremers CKirda E(2023)Batchman and Robin: Batched and Non-batched Branching for Interactive ZKProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623169(1452-1466)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3623169
Steffen SBichsel BVechev MYin HStavrou ACremers CShi E(2022)ZapperProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security10.1145/3548606.3560622(2735-2749)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3548606.3560622
Luo NAntonopoulos THarris WPiskac RTromer EWang XYin HStavrou ACremers CShi E(2022)Proving UNSAT in Zero KnowledgeProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security10.1145/3548606.3559373(2203-2217)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3548606.3559373
Yang YHeath DKolesnikov VDevecsery D(2022)EZEE: Epoch Parallel Zero Knowledge for ANSI C2022 IEEE 7th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP53844.2022.00015(109-123)Online publication date: Jun-2022
https://doi.org/10.1109/EuroSP53844.2022.00015
Du YGenkin DGrubbs P(2022)Snapshot-Oblivious RAMs: Sub-logarithmic Efficiency for Short TranscriptsAdvances in Cryptology – CRYPTO 202210.1007/978-3-031-15985-5_6(152-181)Online publication date: 11-Oct-2022
https://doi.org/10.1007/978-3-031-15985-5_6
Delpech de Saint Guilhem COrsini ETanguy TVerbauwhede M(2022)Efficient Proof of RAM Programs from Any Public-Coin Zero-Knowledge SystemSecurity and Cryptography for Networks10.1007/978-3-031-14791-3_27(615-638)Online publication date: 5-Sep-2022
https://doi.org/10.1007/978-3-031-14791-3_27
Heath DYang YDevecsery DKolesnikov V(2021)Zero Knowledge for Everything and Everyone: Fast ZK Processor with Cached ORAM for ANSI C Programs2021 IEEE Symposium on Security and Privacy (SP)10.1109/SP40001.2021.00089(1538-1556)Online publication date: May-2021
https://doi.org/10.1109/SP40001.2021.00089
Heath DKolesnikov VPeceny S(2021)Garbling, Stacked and StaggeredAdvances in Cryptology – ASIACRYPT 202110.1007/978-3-030-92075-3_9(245-274)Online publication date: 1-Dec-2021
https://doi.org/10.1007/978-3-030-92075-3_9
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten