PipeZK: Accelerating Zero-Knowledge Proof with a Pipelined Architecture

Zero-knowledge proof (ZKP) is a promising cryptographic protocol for both computation integrity and privacy. It can be used in many privacy-preserving applications including verifiable cloud outsourcing and blockchains. The major obstacle of using ZKP in practice is its time-consuming step for proof generation, which consists of large-size polynomial computations and multi-scalar multiplications on elliptic curves. To efficiently and practically support ZKP in real-world applications, we propose PipeZK, a pipelined accelerator with two subsystems to handle the aforementioned two intensive compute tasks, respectively. The first subsystem uses a novel dataflow to decompose large kernels into smaller ones that execute on bandwidth-efficient hardware modules, with optimized off-chip memory accesses and on-chip compute resources. The second subsystem adopts a lightweight dynamic work dispatch mechanism to share the heavy processing units, with minimized resource underutilization and load imbalance. When evaluated in 28 nm, PipeZK can achieve 10x speedup on standard cryptographic benchmarks, and 5x on a widely-used cryptocurrency application, Zcash.

[1]  T.-H. Hubert Chan,et al.  How to Vote Privately Using Bitcoin , 2015, ICICS.

[2]  Alan George,et al.  Inside the FFT Black Box: Serial and Parallel Fast Fourier Transform Algorithms , 2019 .

[3]  Mary Maller,et al.  Marlin: Preprocessing zkSNARKs with Universal and Updatable SRS , 2020, IACR Cryptol. ePrint Arch..

[4]  Nicholas Pippenger,et al.  On the evaluation of powers and related problems , 1976, 17th Annual Symposium on Foundations of Computer Science (sfcs 1976).

[5]  Christof Paar,et al.  A Scalable GF(p) Elliptic Curve Processor Architecture for Programmable Hardware , 2001, CHES.

[6]  Dario Fiore,et al.  Vector Commitments and Their Applications , 2013, Public Key Cryptography.

[7]  Joseph Bonneau,et al.  Coda: Decentralized Cryptocurrency at Scale , 2020, IACR Cryptol. ePrint Arch..

[8]  P. L. Montgomery Modular multiplication without trial division , 1985 .

[9]  William P. Marnane,et al.  Co-\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$Z$$\end{document} ECC scalar multiplications for hardware, software , 2012, Journal of Cryptographic Engineering.

[10]  George Danezis,et al.  Pinocchio coin: building zerocoin from a succinct pairing-based proof system , 2013, PETShop '13.

[11]  Hamad Alrimeih,et al.  Fast and Flexible Hardware Support for ECC Over Multiple Standard Prime Fields , 2014, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[12]  Xiaojun Wang,et al.  Low latency flexible FPGA implementation of point multiplication on elliptic curves over GF(p) , 2017, Int. J. Circuit Theory Appl..

[13]  Chris Peikert,et al.  On Ideal Lattices and Learning with Errors over Rings , 2010, JACM.

[14]  Ariel Gabizon,et al.  PLONK: Permutations over Lagrange-bases for Oecumenical Noninteractive arguments of Knowledge , 2019, IACR Cryptol. ePrint Arch..

[15]  Nir Bitansky,et al.  Succinct Non-Interactive Arguments via Linear Interactive Proofs , 2013, Journal of Cryptology.

[16]  Daniel M. Gordon,et al.  A Survey of Fast Exponentiation Methods , 1998, J. Algorithms.

[17]  Craig Gentry,et al.  Quadratic Span Programs and Succinct NIZKs without PCPs , 2013, IACR Cryptol. ePrint Arch..

[18]  Eli Ben-Sasson,et al.  Interactive Oracle Proofs , 2016, TCC.

[19]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[20]  Craig Gentry,et al.  Non-interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers , 2010, CRYPTO.

[21]  Elaine Shi,et al.  Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[22]  Jens Groth,et al.  On the Size of Pairing-Based Non-interactive Arguments , 2016, EUROCRYPT.

[23]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[24]  Vivek Kapoor,et al.  Elliptic curve cryptography , 2008, UBIQ.

[25]  Frederik Vercauteren,et al.  FPGA-Based High-Performance Parallel Architecture for Homomorphic Computing on Encrypted Data , 2019, 2019 IEEE International Symposium on High Performance Computer Architecture (HPCA).

[26]  Craig Gentry,et al.  Pinocchio: Nearly Practical Verifiable Computation , 2013, 2013 IEEE Symposium on Security and Privacy.

[27]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[28]  Ion Stoica,et al.  DIZK: A Distributed Zero Knowledge Proof System , 2018, IACR Cryptol. ePrint Arch..

[29]  Dawn Song,et al.  Zero Knowledge Proofs for Decision Tree Predictions and Accuracy , 2020, CCS.

[30]  Jonathan Katz,et al.  A Zero-Knowledge Version of vSQL , 2017, IACR Cryptol. ePrint Arch..

[31]  Eli Ben-Sasson,et al.  Computational Integrity with a Public Random String from Quasi-Linear PCPs , 2017, EUROCRYPT.

[32]  Jonathan Katz,et al.  vSQL: Verifying Arbitrary SQL Queries over Dynamic Outsourced Databases , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[33]  Mats Torkelson,et al.  A new approach to pipeline FFT processor , 1996, Proceedings of International Conference on Parallel Processing.

[34]  Eli Ben-Sasson,et al.  Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[35]  Tsz-Wo Sze,et al.  Schönhage-Strassen algorithm with MapReduce for multiplying terabit integers , 2012, SNC '11.

[36]  Cédric Fournet,et al.  Cinderella: Turning Shabby X.509 Certificates into Elegant Anonymous Credentials with the Magic of Verifiable Computation , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[37]  Srinath T. V. Setty,et al.  Spartan: Efficient and general-purpose zkSNARKs without trusted setup , 2020, IACR Cryptol. ePrint Arch..

[38]  Amr M. Youssef,et al.  Verifiable Sealed-Bid Auction on the Ethereum Blockchain , 2018, IACR Cryptol. ePrint Arch..