Constant-Overhead Zero-Knowledge for RAM Programs

We show a constant-overhead interactive zero-knowledge (ZK) proof system for RAM programs, that is, a ZK proof in which the communication complexity as well as the running times of the prover and verifier scale linearly in the size of the memory N and the running time T of the underlying RAM program. Besides yielding an asymptotic improvement of prior work, our implementation gives concrete performance improvements for RAM-based ZK proofs. In particular, our implementation supports ZK proofs of private read/write accesses to 64~MB of memory (224 32-bit words) using only 34~bytes of communication per access, a more than 80x improvement compared to the recent BubbleRAM protocol. We also design a lightweight RISC CPU that can efficiently emulate the MIPS-I instruction set, and for which our ZK proof communicates only ~320 bytes per cycle, more than 10x less than the BubbleRAM CPU. In a 100 Mbps network, we can perform zero-knowledge executions of our CPU (with 64~MB of main memory and 4~MB of program memory) at a clock rate of 6.6 KHz.

[1]  Kang Yang,et al.  QuickSilver: Efficient and Affordable Zero-Knowledge Proofs for Circuits and Polynomials over Any Field , 2021, IACR Cryptol. ePrint Arch..

[2]  Vladimir Kolesnikov,et al.  A 2.1 KHz Zero-Knowledge Processor with BubbleRAM , 2020, CCS.

[3]  Jens Groth,et al.  On the Size of Pairing-Based Non-interactive Arguments , 2016, EUROCRYPT.

[4]  Dawn Xiaodong Song,et al.  Libra: Succinct Zero-Knowledge Proofs with Optimal Prover Computation , 2019, IACR Cryptol. ePrint Arch..

[5]  Yuval Ishai,et al.  Ligero: Lightweight Sublinear Arguments Without a Trusted Setup , 2017, Designs, Codes and Cryptography.

[6]  Kang Yang,et al.  Fast, Scalable, and Communication-Efficient Zero-Knowledge Proofs for Boolean and Arithmetic Circuits , 2020, IACR Cryptol. ePrint Arch..

[7]  Zuocheng Ren,et al.  Efficient RAM and control flow in verifiable outsourced computation , 2015, NDSS.

[8]  Jonathan Katz,et al.  Secure two-party computation in sublinear (amortized) time , 2012, CCS.

[9]  Eli Ben-Sasson,et al.  Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture , 2014, USENIX Security Symposium.

[10]  Alex J. Malozemoff,et al.  Mac'n'Cheese: Zero-Knowledge Proofs for Arithmetic Circuits with Nested Disjunctions , 2020, IACR Cryptol. ePrint Arch..

[11]  Vladimir Kolesnikov,et al.  Zero Knowledge for Everything and Everyone: Fast ZK Processor with Cached ORAM for ANSI C Programs , 2021, 2021 IEEE Symposium on Security and Privacy (SP).

[12]  Jens Groth,et al.  Efficient Zero-Knowledge Arguments for Arithmetic Circuits in the Discrete Log Setting , 2016, EUROCRYPT.

[13]  Eli Ben-Sasson,et al.  SNARKs for C: Verifying Program Executions Succinctly and in Zero Knowledge , 2013, CRYPTO.

[14]  Jonathan Katz,et al.  Improved Non-Interactive Zero Knowledge with Applications to Post-Quantum Signatures , 2018, IACR Cryptol. ePrint Arch..

[15]  Florian Kerschbaum,et al.  Zero-knowledge using garbled circuits: how to prove non-algebraic statements efficiently , 2013, IACR Cryptol. ePrint Arch..

[16]  Abhi Shelat,et al.  Secure Stable Matching at Scale , 2016, CCS.

[17]  Jonathan Katz,et al.  Secure Computation of MIPS Machine Code , 2016, ESORICS.

[18]  Ron Rothblum,et al.  Time- and Space-Efficient Arguments from Groups of Unknown Order , 2021, IACR Cryptol. ePrint Arch..

[19]  Dan Boneh,et al.  Bulletproofs: Short Proofs for Confidential Transactions and More , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[20]  David Heath,et al.  Stacked Garbling for Disjunctive Zero-Knowledge Proofs , 2020, IACR Cryptol. ePrint Arch..

[21]  Craig Gentry,et al.  Quadratic Span Programs and Succinct NIZKs without PCPs , 2013, IACR Cryptol. ePrint Arch..

[22]  Alon Rosen,et al.  Public-Coin Zero-Knowledge Arguments with (almost) Minimal Time and Space Overheads , 2020, IACR Cryptol. ePrint Arch..

[23]  Mehdi Tibouchi,et al.  LWE Without Modular Reduction and Improved Side-Channel Attacks Against BLISS , 2018, IACR Cryptol. ePrint Arch..

[24]  Alex J. Malozemoff,et al.  Mac'n'Cheese: Zero-Knowledge Proofs for Boolean and Arithmetic Circuits with Nested Disjunctions , 2021, CRYPTO.

[25]  Payman Mohassel,et al.  Sublinear Zero-Knowledge Arguments for RAM Programs , 2017, EUROCRYPT.

[26]  Rafail Ostrovsky,et al.  Line-Point Zero Knowledge and Its Applications , 2020, IACR Cryptol. ePrint Arch..

[27]  Srinath T. V. Setty,et al.  Spartan: Efficient and general-purpose zkSNARKs without trusted setup , 2020, IACR Cryptol. ePrint Arch..

[28]  Payman Mohassel,et al.  Efficient Zero-Knowledge Proofs of Non-algebraic Statements with Sublinear Amortized Cost , 2015, CRYPTO.

[29]  Claudio Orlandi,et al.  Privacy-Free Garbled Circuits with Applications To Efficient Zero-Knowledge , 2015, IACR Cryptol. ePrint Arch..