Mystique: Efficient Conversions for Zero-Knowledge Proofs with Applications to Machine Learning

Recent progress in interactive zero-knowledge (ZK) proofs has improved the efficiency of proving large-scale computations significantly. Nevertheless, real-life applications (e.g., in the context of private inference using deep neural networks) often involve highly complex computations, and existing ZK protocols lack the expressiveness and scalability to prove results about such computations efficiently. In this paper, we design, develop, and evaluate a ZK system (Mystique) that allows for efficient conversions between arithmetic and Boolean values, between publicly committed and privately authenticated values, and between fixed-point and floating-point numbers. Targeting large-scale neural-network inference, we also present an improved ZK protocol for matrix multiplication that yields a 7× improvement compared to the state-of-the-art. Finally, we incorporate Mystique in Rosetta, a TensorFlow-based privacy-preserving framework. Mystique is able to prove correctness of an inference on a private image using a committed (private) ResNet-101 model in 28 minutes, and can do the same task when the model is public in 5 minutes, with only a 0.02% decrease in accuracy compared to a non-ZK execution when testing on the CIFAR10 dataset. Our system is the first to support ZK proofs about neural-network models with over 100 layers with virtually no loss of accuracy.

[1]  Alex J. Malozemoff,et al.  Mac'n'Cheese: Zero-Knowledge Proofs for Arithmetic Circuits with Nested Disjunctions , 2020, IACR Cryptol. ePrint Arch..

[2]  Emmanuela Orsini,et al.  Zaphod: Efficiently Combining LSSS and Garbled Circuits in SCALE , 2019, IACR Cryptol. ePrint Arch..

[3]  V. Strassen Gaussian elimination is not optimal , 1969 .

[4]  Yael Tauman Kalai,et al.  Delegating computation: interactive proofs for muggles , 2008, STOC.

[5]  Dragos Rotaru,et al.  MArBled Circuits: Mixing Arithmetic and Boolean Circuits with Active Security , 2019, IACR Cryptol. ePrint Arch..

[6]  Jon Howell,et al.  Geppetto: Versatile Verifiable Computation , 2015, 2015 IEEE Symposium on Security and Privacy.

[7]  Xiao Wang,et al.  Ferret: Fast Extension for Correlated OT with Small Communication , 2020, IACR Cryptol. ePrint Arch..

[8]  Rafail Ostrovsky,et al.  Zero-knowledge from secure multiparty computation , 2007, STOC '07.

[9]  Peter Scholl,et al.  Low Cost Constant Round MPC Combining BMR and Oblivious Transfer , 2017, Journal of Cryptology.

[10]  Nir Bitansky,et al.  From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again , 2012, ITCS '12.

[11]  Jesper Madsen,et al.  ZKBoo: Faster Zero-Knowledge for Boolean Circuits , 2016, USENIX Security Symposium.

[12]  Carsten Baum,et al.  Concretely-Efficient Zero-Knowledge Arguments for Arithmetic Circuits and Their Application to Lattice-Based Cryptography , 2020, IACR Cryptol. ePrint Arch..

[13]  Yuval Ishai,et al.  Compressing Vector OLE , 2018, CCS.

[14]  Jens Groth,et al.  Efficient Zero-Knowledge Arguments for Arithmetic Circuits in the Discrete Log Setting , 2016, EUROCRYPT.

[15]  Florian Kerschbaum,et al.  Zero-knowledge using garbled circuits: how to prove non-algebraic statements efficiently , 2013, IACR Cryptol. ePrint Arch..

[16]  Rafail Ostrovsky,et al.  Line-Point Zero Knowledge and Its Applications , 2020, IACR Cryptol. ePrint Arch..

[17]  Yehuda Lindell,et al.  High-Throughput Secure Three-Party Computation for Malicious Adversaries and an Honest Majority , 2017, IACR Cryptol. ePrint Arch..

[18]  Eli Ben-Sasson,et al.  Aurora: Transparent Succinct Arguments for R1CS , 2019, IACR Cryptol. ePrint Arch..

[19]  Kang Yang,et al.  Fast, Scalable, and Communication-Efficient Zero-Knowledge Proofs for Boolean and Arithmetic Circuits , 2020, IACR Cryptol. ePrint Arch..

[20]  Zuocheng Ren,et al.  Efficient RAM and control flow in verifiable outsourced computation , 2015, NDSS.

[21]  Mark Chen,et al.  Language Models are Few-Shot Learners , 2020, NeurIPS.

[22]  Srinath T. V. Setty,et al.  Spartan: Efficient and general-purpose zkSNARKs without trusted setup , 2020, IACR Cryptol. ePrint Arch..

[23]  Ivan Damgård,et al.  Semi-Homomorphic Encryption and Multiparty Computation , 2011, IACR Cryptol. ePrint Arch..

[24]  David Heath,et al.  Stacked Garbling for Disjunctive Zero-Knowledge Proofs , 2020, IACR Cryptol. ePrint Arch..

[25]  Eli Ben-Sasson,et al.  Scalable Zero Knowledge Via Cycles of Elliptic Curves , 2014, Algorithmica.

[26]  Dawn Xiaodong Song,et al.  MIRAGE: Succinct Arguments for Randomized Algorithms with Applications to Universal zk-SNARKs , 2020, IACR Cryptol. ePrint Arch..

[27]  Mariana Raykova,et al.  Distributed Vector-OLE: Improved Constructions and Implementation , 2019, IACR Cryptol. ePrint Arch..

[28]  Jonathan Katz,et al.  Improved Non-Interactive Zero Knowledge with Applications to Post-Quantum Signatures , 2018, IACR Cryptol. ePrint Arch..

[29]  Tal Malkin,et al.  Garbling Gadgets for Boolean and Arithmetic Circuits , 2016, IACR Cryptol. ePrint Arch..

[30]  Marcel Keller,et al.  Improved Primitives for MPC over Mixed Arithmetic-Binary Circuits , 2020, IACR Cryptol. ePrint Arch..

[31]  Dan Boneh,et al.  Bulletproofs: Short Proofs for Confidential Transactions and More , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[32]  Yuval Ishai,et al.  Efficient Two-Round OT Extension and Silent Non-Interactive Secure Computation , 2019, IACR Cryptol. ePrint Arch..

[33]  Martin R. Albrecht,et al.  Ciphers for MPC and FHE , 2015, IACR Cryptol. ePrint Arch..

[34]  Dan Boneh,et al.  Halo Infinite: Recursive zk-SNARKs from any Additive Polynomial Commitment Scheme , 2020, IACR Cryptol. ePrint Arch..

[35]  Kang Yang,et al.  QuickSilver: Efficient and Affordable Zero-Knowledge Proofs for Circuits and Polynomials over Any Field , 2021, IACR Cryptol. ePrint Arch..

[36]  Cédric Fournet,et al.  Hash First, Argue Later: Adaptive Verifiable Computations on Outsourced Data , 2016, CCS.

[37]  Claudio Orlandi,et al.  A New Approach to Practical Active-Secure Two-Party Computation , 2012, IACR Cryptol. ePrint Arch..

[38]  Daniel Slamanig,et al.  Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives , 2017, CCS.

[39]  Rusins Freivalds,et al.  Probabilistic Machines Can Use Less Running Time , 1977, IFIP Congress.

[40]  Dawn Song,et al.  Zero Knowledge Proofs for Decision Tree Predictions and Accuracy , 2020, CCS.

[41]  Marcel Keller,et al.  New Primitives for Actively-Secure MPC over Rings with Applications to Private Machine Learning , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[42]  Ivan Damgård,et al.  The TinyTable Protocol for 2-Party Secure Computation, or: Gate-Scrambling Revisited , 2017, CRYPTO.

[43]  Abhi Shelat,et al.  Doubly-Efficient zkSNARKs Without Trusted Setup , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[44]  Claudio Orlandi,et al.  Privacy-Free Garbled Circuits with Applications To Efficient Zero-Knowledge , 2015, IACR Cryptol. ePrint Arch..

[45]  Nicholas Spooner,et al.  Fractal: Post-Quantum and Transparent Recursive Proofs from Holography , 2020, IACR Cryptol. ePrint Arch..

[46]  Yuval Ishai,et al.  Ligero: Lightweight Sublinear Arguments Without a Trusted Setup , 2017, Designs, Codes and Cryptography.

[47]  Yehuda Lindell,et al.  Optimized Honest-Majority MPC for Malicious Adversaries — Breaking the 1 Billion-Gate Per Second Barrier , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[48]  Craig Gentry,et al.  Pinocchio: Nearly Practical Verifiable Computation , 2013, 2013 IEEE Symposium on Security and Privacy.

[49]  Eli Ben-Sasson,et al.  Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture , 2014, USENIX Security Symposium.

[50]  Eli Ben-Sasson,et al.  Scalable Zero Knowledge with No Trusted Setup , 2019, CRYPTO.

[51]  Vladimir Kolesnikov,et al.  A 2.1 KHz Zero-Knowledge Processor with BubbleRAM , 2020, CCS.