Zero-Knowledge Succinct Arguments with a Linear-Time Prover

We construct a zero knowledge argument system with polylogarithmic communication complexity where the prover runs in linear time and the verifier runs in polylogarithmic time. This achieves a central goal in the area of efficient zero knowledge. Our result is a direct consequence of a new interactive oracle proof (IOP) that simultaneously achieves linear-time proving and zero knowledge. We construct an IOP where, for the satisfiability of an N -gate arithmetic circuit over any field of size Ω(N), the prover uses O(N) field operations and the verifier uses polylog(N) field operations (with proof lengthO(N) and query complexity polylog(N)). Polylogarithmic verification is achieved in the holographic setting for every circuit (the verifier has oracle access to a linear-time-computable encoding of the circuit whose satisfiability is being proved).

[1]  David Heath,et al.  Stacked Garbling for Disjunctive Zero-Knowledge Proofs , 2020, IACR Cryptol. ePrint Arch..

[2]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[3]  Dawn Song,et al.  Transparent Polynomial Delegation and Its Applications to Zero Knowledge Proof , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[4]  Yuval Ishai,et al.  Interactive Locking, Zero-Knowledge PCPs, and Unconditional Cryptography , 2010, Electron. Colloquium Comput. Complex..

[5]  Eli Ben-Sasson,et al.  Aurora: Transparent Succinct Arguments for R1CS , 2019, IACR Cryptol. ePrint Arch..

[6]  Oded Goldreich,et al.  On the Complexity of Interactive Proofs with Bounded Communication , 1998, Inf. Process. Lett..

[7]  Ron Rothblum,et al.  Local Proofs Approaching the Witness Length [Extended Abstract] , 2020, 2020 IEEE 61st Annual Symposium on Foundations of Computer Science (FOCS).

[8]  Srinath T. V. Setty,et al.  Spartan: Efficient and general-purpose zkSNARKs without trusted setup , 2020, IACR Cryptol. ePrint Arch..

[9]  R. Cramer,et al.  Linear Zero-Knowledgde. A Note on Efficient Zero-Knowledge Proofs and Arguments , 1996 .

[10]  Craig Gentry,et al.  Quadratic Span Programs and Succinct NIZKs without PCPs , 2013, IACR Cryptol. ePrint Arch..

[11]  Daniel Slamanig,et al.  Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives , 2017, CCS.

[12]  Yuval Ishai,et al.  On Zero-Knowledge PCPs : Limitations , Simplifications , and Applications ∗ , 2015 .

[13]  Eli Ben-Sasson,et al.  Interactive Oracle Proofs with Constant Rate and Query Complexity , 2017, ICALP.

[14]  David G. Kirkpatrick,et al.  Addition Requirements for Matrix and Transposed Matrix Products , 1988, J. Algorithms.

[15]  Weijie Wang,et al.  Doubly Efficient Interactive Proofs for General Arithmetic Circuits with Linear Prover Time , 2021, IACR Cryptol. ePrint Arch..

[16]  Eli Ben-Sasson,et al.  Zero Knowledge Protocols from Succinct Constraint Detection , 2017, TCC.

[17]  Daniel A. Spielman,et al.  Linear-time encodable and decodable error-correcting codes , 1995, STOC '95.

[18]  Jens Groth,et al.  Efficient Zero-Knowledge Arguments for Arithmetic Circuits in the Discrete Log Setting , 2016, EUROCRYPT.

[19]  Guy N. Rothblum,et al.  Constant-Round Interactive Proofs for Delegating Computation , 2016, Electron. Colloquium Comput. Complex..

[20]  Mary Maller,et al.  Marlin: Preprocessing zkSNARKs with Universal and Updatable SRS , 2020, IACR Cryptol. ePrint Arch..

[21]  Abhi Shelat,et al.  Doubly-Efficient zkSNARKs Without Trusted Setup , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[22]  Yuval Ishai,et al.  Low-Complexity Cryptographic Hash Functions , 2017, ITCS.

[23]  Avi Wigderson,et al.  On interactive proofs with a laconic prover , 2001, computational complexity.

[24]  Justin Thaler,et al.  Time-Optimal Interactive Proofs for Circuit Evaluation , 2013, CRYPTO.

[25]  Leonid A. Levin,et al.  Checking computations in polylogarithmic time , 1991, STOC '91.

[26]  Jesper Madsen,et al.  ZKBoo: Faster Zero-Knowledge for Boolean Circuits , 2016, USENIX Security Symposium.

[27]  Yuval Ishai,et al.  Linear-time encodable codes meeting the gilbert-varshamov bound and their cryptographic applications , 2014, ITCS.

[28]  Thilo Mie,et al.  Short PCPPs verifiable in polylogarithmic time with O(1) queries , 2009, Annals of Mathematics and Artificial Intelligence.

[29]  Abhiram Kothapalli,et al.  A Direct Construction for Asymptotically Optimal zkSNARKs , 2020, IACR Cryptology ePrint Archive.

[30]  Yuval Ishai,et al.  Probabilistically Checkable Proofs of Proximity with Zero-Knowledge , 2014, TCC.

[31]  Nicholas Spooner,et al.  Fractal: Post-Quantum and Transparent Recursive Proofs from Holography , 2020, IACR Cryptol. ePrint Arch..

[32]  Sanjeev Arora,et al.  Probabilistic checking of proofs: a new characterization of NP , 1998, JACM.

[33]  Dawn Xiaodong Song,et al.  Libra: Succinct Zero-Knowledge Proofs with Optimal Prover Computation , 2019, IACR Cryptol. ePrint Arch..

[34]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[35]  Andrea Cerulli,et al.  Efficient zero-knowledge proofs and their applications , 2019 .

[36]  Jens Groth,et al.  Linear-Time Zero-Knowledge Proofs for Arithmetic Circuit Satisfiability , 2017, IACR Cryptol. ePrint Arch..

[37]  Eli Ben-Sasson,et al.  Quasi-Linear Size Zero Knowledge from Linear-Algebraic PCPs , 2016, TCC.

[38]  Dan Boneh,et al.  Bulletproofs: Short Proofs for Confidential Transactions and More , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[39]  Eli Ben-Sasson,et al.  Scalable Zero Knowledge with No Trusted Setup , 2019, CRYPTO.

[40]  Srinath Setty,et al.  Quarks: Quadruple-efficient transparent zkSNARKs , 2020, IACR Cryptol. ePrint Arch..

[41]  Jonathan Katz,et al.  Improved Non-Interactive Zero Knowledge with Applications to Post-Quantum Signatures , 2018, IACR Cryptol. ePrint Arch..

[42]  Yuval Ishai,et al.  Ligero: Lightweight Sublinear Arguments Without a Trusted Setup , 2017, Designs, Codes and Cryptography.

[43]  Eli Ben-Sasson,et al.  Short PCPs with Polylog Query Complexity , 2008, SIAM J. Comput..

[44]  Nir Bitansky,et al.  Succinct Non-Interactive Arguments via Linear Interactive Proofs , 2013, Journal of Cryptology.

[45]  Yuval Ishai,et al.  Proximity Gaps for Reed–Solomon Codes , 2020, 2020 IEEE 61st Annual Symposium on Foundations of Computer Science (FOCS).

[46]  Eli Ben-Sasson,et al.  Interactive Oracle Proofs , 2016, TCC.

[47]  A. Chiesa,et al.  Linear-Time Arguments with Sublinear Verification from Tensor Codes , 2020, IACR Cryptology ePrint Archive.

[48]  Eli Ben-Sasson,et al.  On the concrete efficiency of probabilistically-checkable proofs , 2013, STOC '13.

[49]  Joe Kilian,et al.  Probabilistically checkable proofs with zero knowledge , 1997, STOC '97.

[50]  Yuval Ishai,et al.  On Efficient Zero-Knowledge PCPs , 2012, TCC.

[51]  Yuval Ishai,et al.  Zero Knowledge LTCs and Their Applications , 2013, APPROX-RANDOM.

[52]  Kang Yang,et al.  Fast, Scalable, and Communication-Efficient Zero-Knowledge Proofs for Boolean and Arithmetic Circuits , 2020, IACR Cryptol. ePrint Arch..

[53]  Rafail Ostrovsky,et al.  Zero-knowledge from secure multiparty computation , 2007, STOC '07.

[54]  Hao Chen,et al.  Secure Computation from Random Error Correcting Codes , 2007, EUROCRYPT.