Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

Orion: Zero Knowledge Proof with Linear Prover Time

  • Conference paper
  • First Online:
Advances in Cryptology – CRYPTO 2022 (CRYPTO 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13510))

Included in the following conference series:

Abstract

Zero-knowledge proof is a powerful cryptographic primitive that has found various applications in the real world. However, existing schemes with succinct proof size suffer from a high overhead on the proof generation time that is super-linear in the size of the statement represented as an arithmetic circuit, limiting their efficiency and scalability in practice. In this paper, we present Orion, a new zero-knowledge argument system that achieves O(N) prover time of field operations and hash functions and \(O(\log ^2 N)\) proof size. Orion is concretely efficient and our implementation shows that the prover time is 3.09 s and the proof size is 1.5 MB for a circuit with \(2^{20}\) multiplication gates. The prover time is the fastest among all existing succinct proof systems, and the proof size is an order of magnitude smaller than a recent scheme proposed in Golovnev et al. 2021.

In particular, we develop two new techniques leading to the efficiency improvement. (1) We propose a new algorithm to test whether a random bipartite graph is a lossless expander graph or not based on the densest subgraph algorithm. It allows us to sample lossless expanders with an overwhelming probability. The technique improves the efficiency and/or security of all existing zero-knowledge argument schemes with a linear prover time. The testing algorithm based on densest subgraph may be of independent interest for other applications of expander graphs. (2) We develop an efficient proof composition scheme, code switching, to reduce the proof size from square root to polylogarithmic in the size of the computation. The scheme is built on the encoding circuit of a linear code and shows that the witness of a second zero-knowledge argument is the same as the message in the linear code. The proof composition only introduces a small overhead on the prover time.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Ames, S., Hazay, C., Ishai, Y., Venkitasubramaniam, M.: Lightweight sublinear arguments without a trusted setup. In: CCS, Ligero (2017)

    Google Scholar 

  2. armfazh. flo-shani-aesni. https://github.com/armfazh/flo-shani-aesni

  3. libIOP. https://github.com/scipr-lab/libiop

  4. Bünz, B., Bootle, J., Boneh, D., Poelstra, A., Wuille, P., Maxwell, G.: Bulletproofs: short proofs for confidential transactions and more. In: IEEE S &P (2018)

    Google Scholar 

  5. Baum, C., Bootle, J., Cerulli, A., Del Pino, R., Groth, J., Lyubashevsky, V.: Sub-linear lattice-based zero-knowledge arguments for arithmetic circuits. In: CRYPTO (2018)

    Google Scholar 

  6. Ben-Sasson, E., Chiesa, A., Garman, C., Green, M., Miers, I., Tromer, E., Virza, M.: Decentralized anonymous payments from bitcoin. In: IEEE S &P, Zerocash (2014)

    Google Scholar 

  7. Bootle, J., Cerulli, A., Ghadafi, E., Groth, J., Hajiabadi, M., Jakobsen, S.K.: Linear-time zero-knowledge proofs for arithmetic circuit satisfiability. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10626, pp. 336–365. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70700-6_12

    Chapter  Google Scholar 

  8. Bootle, J., Chiesa, A., Groth, J.: Linear-time arguments with sublinear verification from tensor codes. In: TCC (2020)

    Google Scholar 

  9. Bootle, J., Chiesa, A., Liu, S.: Zero-knowledge IOPs with linear-time prover and polylogarithmic-time verifier. In: Dunkelman, O., Dziembowski, S. (eds.) Advances in Cryptology - EUROCRYPT 2022. EUROCRYPT 2022. Lecture Notes in Computer Science, vol. 13276, pp. 275–304. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-07085-3_10

  10. Boneh, D., Drake, J., Fisch, B., Gabizon, A.: Halo infinite: Recursive zk-SNARKs from any additive polynomial commitment scheme. Cryptology ePrint Archive, Report 2020/1536 (2020)

    Google Scholar 

  11. Bhadauria, R., Fang, Z., Hazay, C., Venkitasubramaniam, M., Xie, T., Zhang, Y.: Ligero++: a new optimized sublinear IOP. In: CCS (2020)

    Google Scholar 

  12. Braun, B., Feldman, A.J., Ren, Z., Setty, S.T.V., Blumberg, A.J., Walfish, M.: Verifying computations with state. In: SOSP (2013)

    Google Scholar 

  13. Bünz, B., Fisch, B., Szepieniec, A.: Transparent SNARKs from DARK compilers. In: Eurocrypt (2020)

    Google Scholar 

  14. Bootle, J., Lyubashevsky, V., Nguyen, N.K., Seiler, G.: A non-PCP approach to succinct quantum-safe zero-knowledge. In: CRYPTO (2020)

    Google Scholar 

  15. Baum, C., Malozemoff, A.J., Rosen, M., Scholl, P.: Mac’n’cheese: zero-knowledge proofs for arithmetic circuits with nested disjunctions. In: CRYPTO (2021)

    Google Scholar 

  16. Ben-Sasson, E., Bentov, I., Horesh, Y., Riabzev, M.: Scalable zero knowledge with no trusted setup. In: CRYPTO (2019)

    Google Scholar 

  17. Ben-Sasson, E., Chiesa, A., Genkin, D., Tromer, E., Virza, M.: Verifying program executions succinctly and in zero knowledge. In: CRYPTO, SNARKs for C (2013)

    Google Scholar 

  18. Ben-Sasson, E., Chiesa, A., Riabzev, M., Spooner, N., Virza, M., Ward, N.P.: Aurora: transparent succinct arguments for R1CS. In: Eurocrypt (2019)

    Google Scholar 

  19. Ben-Sasson, E., Chiesa, A., Tromer, E., Virza, M.: Scalable zero knowledge via cycles of elliptic curves. In: CRYPTO (2014)

    Google Scholar 

  20. Chase, M., et al.: Post-quantum zero-knowledge and signatures from symmetric-key primitives. In: CCS (2017)

    Google Scholar 

  21. Costello, C., Zahur, S.: Versatile verifiable computation. In: IEEE S &P, Geppetto (2015)

    Google Scholar 

  22. Chiesa, A., Yuncong, H., Maller, M., Mishra, P., Vesely, N., Ward, N.: Preprocessing zksnarks with universal and updatable SRS. In: Eurocrypt, Marlin (2020)

    Google Scholar 

  23. Chiesa, A., Ojha, D., Spooner, N.: Post-quantum and transparent recursive proofs from holography. In: Eurocrypt, Fractal (2020)

    Google Scholar 

  24. Capalbo, M., Reingold, O., Vadhan, S., Wigderson, A.: Randomness conductors and constant-degree lossless expanders. In: STOC (2002)

    Google Scholar 

  25. Czumaj, A., Sohler, C.: Testing expansion in bounded-degree graphs. In: IEEE FOCS (2007)

    Google Scholar 

  26. Druk, E., Ishai, Y.: Linear-time encodable codes meeting the gilbert-varshamov bound and their cryptographic applications. In: ITCS (2014)

    Google Scholar 

  27. Dinic, E.A.: Algorithm for solution of a problem of maximum flow in networks with power estimation. In: Soviet Math. Doklady (1970)

    Google Scholar 

  28. Dittmer, S., Ishai, Y., Ostrovsky, R.: Line-point zero knowledge and its applications. In: ITC (2021)

    Google Scholar 

  29. Esgin, M.F., Steinfeld, R., Liu, J.K., Liu, D.: Lattice-based zero-knowledge proofs: new techniques for shorter and faster constructions and applications. In: CRYPTO (2019)

    Google Scholar 

  30. Fang, Z., Darais, D., Near, J., Zhang, Y.: Zero knowledge static program analysis. In: CCS (2021)

    Google Scholar 

  31. Fiore, D., Fournet, C., Ghosh, E., Kohlweiss, M., Ohrimenko, O., Parno, B.: Hash first, argue later: adaptive verifiable computations on outsourced data. In: CCS (2016)

    Google Scholar 

  32. Feng, B., Qin, L., Zhang, Z., Ding, Y., Chu, S.: ZEN: efficient zero-knowledge proofs for neural networks. Cryptology ePrint Archive, Report 2021/087 (2021)

    Google Scholar 

  33. Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: CRYPTO (1986)

    Google Scholar 

  34. Grubbs, P., Arun, A., Bonneau, J., Walfish, M.: Zero-knowledge middleboxes. In: USENIX Security, Ye Zhang (2022)

    Google Scholar 

  35. Gilbert, E.N.: A comparison of signalling alphabets. Bell Syst. Tech. J. 31(3), 504–522 (1952)

    Google Scholar 

  36. Groth, J., Kohlweiss, M., Maller, M., Meiklejohn, S., Miers, I.: Updatable and universal common reference strings with applications to zk-SNARKs. In: CRYPTO (2018)

    Google Scholar 

  37. Goldwasser, S., Kalai, Y.T., Rothblum, G.: Delegating computation: interactive proofs for muggles. In: STOC (2008)

    Google Scholar 

  38. Golovnev, A., Lee, J., Setty, S., Thaler, J., Wahby, R.S.: Brakedown: linear-time and post-quantum snarks for r1cs. Cryptology ePrint Archive (2021). https://ia.cr/2021/1043

  39. Giacomelli, I., Madsen, J., Orlandi, C.: Faster zero-knowledge for boolean circuits. In: USENIX Security, ZKBoo (2016)

    Google Scholar 

  40. Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186–208 (1989)

    Article  MathSciNet  Google Scholar 

  41. Goldberg, A.V.: Finding a maximum density subgraph. University of California Berkeley (1984)

    Google Scholar 

  42. Goldreich, O., Ron, D.: On testing expansion in bounded-degree graphs. In: Goldreich, O. (ed.) Studies in Complexity and Cryptography. Miscellanea on the Interplay between Randomness and Computation. LNCS, vol. 6650, pp. 68–75. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22670-0_9

    Chapter  Google Scholar 

  43. Gabizon, A., Williamson, Z.J., Ciobotaru, O.: Plonk: Permutations over Lagrange-bases for oecumenical noninteractive arguments of knowledge. Cryptology ePrint Archive, Report 2019/953 (2019)

    Google Scholar 

  44. Hoory, S., Linial, N., Wigderson, A.: Expander graphs and their applications. Bull. Amer. Math. Soc. 43(4), 439–561 (2006)

    Article  MathSciNet  Google Scholar 

  45. Ishai, Y., Su, H., Wu, D.J.: Shorter and faster post-quantum designated-verifier zksnarks from lattices. In: CCS (2021)

    Google Scholar 

  46. Kilian, J.: A note on efficient zero-knowledge proofs and arguments (extended abstract). In: STOC (1992)

    Google Scholar 

  47. Katz, J., Kolesnikov, V., Wang, X.: Improved non-interactive zero knowledge with applications to post-quantum signatures. In: CCS (2018)

    Google Scholar 

  48. Kosba, A.E., Papadopoulos, D., Papamanthou, C., Song, D.: MIRAGE: succinct arguments for randomized algorithms with applications to universal zk-SNARKs. In: USENIX Security (2020)

    Google Scholar 

  49. Khot, S., Saket, R.: Hardness of bipartite expansion. In: ESA (2016)

    Google Scholar 

  50. Lee, S., Ko, H., Kim, J., Oh, H.: vCNN: Verifiable convolutional neural network based on zk-SNARKs. Cryptology ePrint Archive, Report 2020/584 (2020)

    Google Scholar 

  51. Liu, T., Xie, X., Zhang, Y.: zkCNN: zero knowledge proofs for convolutional neural network predictions and accuracy. In: CCS (2021)

    Google Scholar 

  52. Maller, M., Bowe, S., Kohlweiss, M., Meiklejohn, S.: Sonic: zero-knowledge snarks from linear-size universal and updatable structured reference strings. In: CCS (2019)

    Google Scholar 

  53. Micali, S.: Computationally sound proofs. SIAM J. Comput. 30(4), 1253–1298 (2000)

    Article  MathSciNet  Google Scholar 

  54. Mie, T.: Short PCPPs verifiable in polylogarithmic time with O(1) queries. Ann. Math. Artif. Intell. 56(3), 313–338 (2009)

    Article  MathSciNet  Google Scholar 

  55. Nachmias, A., Shapira, A.: Testing the expansion of a graph. Electr. Colloquium Comput. Complex. (ECCC) 14, 01 (2007)

    Google Scholar 

  56. Parno, B., Howell, J., Gentry, C., Raykova, M.: Nearly practical verifiable computation. In: IEEE S &P, Pinocchio (2013)

    Google Scholar 

  57. Pippenger, N.: On the evaluation of powers and related problems. In: SFCS, IEEE Computer Society (1976)

    Google Scholar 

  58. Ron-Zewi, N., Rothblum, R.D.: Local proofs approaching the witness length. In: FOCS (2020)

    Google Scholar 

  59. Setty, S.: Spartan: Efficient and general-purpose zkSNARKs without trusted setup. In: CRYPTO (2020)

    Google Scholar 

  60. Setty, S., Lee, J.: Quarks: quadruple-efficient transparent zkSNARKs. Cryptology ePrint Archive, Report 2020/1275 (2020)

    Google Scholar 

  61. Spielman, D.A.: Linear-time encodable and decodable error-correcting codes. IEEE Trans. Inf. Theor. 42(6), 1723–1731 (1996)

    Article  MathSciNet  Google Scholar 

  62. Song, D., Zuckerman, D., Tygar, J.D.: Expander graphs for digital stream authentication and robust overlay networks. In: S &P, IEEE (2002)

    Google Scholar 

  63. Varshamov, R.R.: Estimate of the number of signals in error correcting codes. Docklady Akad. Nauk, SSSR 117, 739–741 (1957)

    Google Scholar 

  64. Wahby, R.S.: lcpc authors. lcpc. https://github.com/conroi/lcpc

  65. Wahby, R.S., Setty, S.T.V., Ren, Z., Blumberg, A.J., Walfish, M.: Efficient RAM and control flow in verifiable outsourced computation. In: NDSS (2015)

    Google Scholar 

  66. Wahby, R.S., Tzialla, I., Shelat, A., Thaler, J., Walfish, M.: Doubly-efficient zkSNARKs without trusted setup. In: S &P (2018)

    Google Scholar 

  67. Weng, C/. Yang, K., Katz, J., Wang, X.: Wolverine: fast, scalable, and communication-efficient zero-knowledge proofs for boolean and arithmetic circuits. In: S &P (2020)

    Google Scholar 

  68. Weng, C., Yang, K., Xie, X., Katz, J., Wang, X.: Mystique: efficient conversions for zero-knowledge proofs with applications to machine learning. In: USENIX Security (2021)

    Google Scholar 

  69. Xie, T., Zhang, J., Zhang, Y., Papamanthou, C., Song, D.: Succinct zero-knowledge proofs with optimal prover computation. In: CRYPTO, Libra (2019)

    Google Scholar 

  70. Yang, K., Sarkar, P., Weng, C., Wang, X.: Quicksilver: efficient and affordable zero-knowledge proofs for circuits and polynomials over any field. In: CCS (2021)

    Google Scholar 

  71. Zcash. https://z.cash/

  72. Zhang, J., Fang, Z., Zhang, Y., Song, D.: Zero knowledge proofs for decision tree predictions and accuracy. In: CCS (2020)

    Google Scholar 

  73. Zhang, Y., Genkin, D., Katz, J., Papadopoulos, D., Papamanthou, C.: vSQL: verifying arbitrary SQL queries over dynamic outsourced databases. In: S &P (2017)

    Google Scholar 

  74. Zhang, Y., Genkin, D., Katz, J., Papadopoulos, D., Papamanthou, C.: A zero-knowledge version of vSQL. Cryptology ePrint Archive: Report 2017/1146 (2017)

    Google Scholar 

  75. Zhang, Y., Genkin, D., Katz, J., Papadopoulos, D., Papamanthou, C.: vRAM: faster verifiable RAM with program-independent preprocessing. In: S &P (2018)

    Google Scholar 

  76. An incomplete guide to rollups. https://vitalik.ca/general/2021/01/05/rollup.html

  77. Zhang, J., et al.: Doubly efficient interactive proofs for general arithmetic circuits with linear prover time. In: CCS (2021)

    Google Scholar 

  78. Zhang, J., Xie, T., Zhang, Y., Song, D.: Transparent polynomial delegation and its applications to zero knowledge proof. In: S &P, IEEE (2020)

    Google Scholar 

Download references

Acknowledgements

We thank Yuval Ishai for helpful discussions and valuable feedback on the paper. The material is supported by DARPA under Contract No. HR001120C0087, the NSF award #2144625 and the Center for Long-Term Cybersecurity (CLTC). Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of DARPA, NSF or CLTC.

Author information

Authors and Affiliations

  1. University of California, Berkeley, Berkeley, USA

    Tiancheng Xie & Dawn Song

  2. Texas A &M University, College Station, USA

    Yupeng Zhang

Authors
  1. Tiancheng Xie
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yupeng Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dawn Song
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dawn Song .

Editor information

Editors and Affiliations

  1. New York University, New York, NY, USA

    Yevgeniy Dodis

  2. University of Florida, Gainesville, FL, USA

    Thomas Shrimpton

Rights and permissions

Reprints and permissions

Copyright information

© 2022 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Xie, T., Zhang, Y., Song, D. (2022). Orion: Zero Knowledge Proof with Linear Prover Time. In: Dodis, Y., Shrimpton, T. (eds) Advances in Cryptology – CRYPTO 2022. CRYPTO 2022. Lecture Notes in Computer Science, vol 13510. Springer, Cham. https://doi.org/10.1007/978-3-031-15985-5_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-15985-5_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-15984-8

  • Online ISBN: 978-3-031-15985-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation