Arya: Nearly Linear-Time Zero-Knowledge Proofs for Correct Program Execution

Bootle, Jonathan; Cerulli, Andrea; Groth, Jens; Jakobsen, S.; Maller, Mary

doi:10.1007/978-3-030-03326-2_20

Cited by 26 publications

(4 citation statements)

References 49 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The routing network has asymptotic complexity O(t log(t)), where t is the trace length, and large constants. A more efficient permutation proof, first explored by [15,41], shows that two secret lists…”

Section: Reverie Our Second Main Technical Contribution In This Work Ismentioning

confidence: 99%

See 1 more Smart Citation

Efficient Proofs of Software Exploitability for Real-world Processors

Green

Hall-Andersen

Hennenfent³

et al. 2023

PoPETs

View full text Add to dashboard Cite

We consider the problem of proving in zero-knowledge the existence of vulnerabilities in executables compiled to run on real-world processors. We demonstrate that it is practical to prove knowledge of real exploits for real-world processor architectures without the need for source code and without limiting our consideration to narrow vulnerability classes. To achieve this, we devise a novel circuit compiler and a toolchain that produces highly optimized, non-interactive zero-knowledge proofs for programs executed on the MSP430, an ISA commonly used in embedded hardware. Our toolchain employs a highly optimized circuit compiler and a number of novel optimizations to construct efficient proofs for program binaries. To demonstrate the capability of our system, we test our toolchain by constructing proofs for challenges in the Microcorruption capture the flag exercises.

show abstract

Section: Reverie Our Second Main Technical Contribution In This Work Ismentioning

confidence: 99%

“…We implement the unknown permutation proof using the circuit defined in Figure 2 over a large ring, based on techniques first introduced by Bootle et al [15], and first explored by Neff [41]. This stand-alone circuit receives two secret shared lists and a public randomly selected challenge x.…”

Section: Memory Permutation Proof (Over Z Q )mentioning

confidence: 99%

Efficient Proofs of Software Exploitability for Real-world Processors

Green

Hall-Andersen

Hennenfent³

et al. 2023

PoPETs

View full text Add to dashboard Cite

show abstract

“…In ZK S C, lists (which play the role of arrays) have rather restrictive typing rules associated with them, making sure that computations with them can be converted into circuit operations. Having the keys in $post and in an arbitrary domain requires the use of Oblivious RAM (ORAM) [11], which has had a number of solutions proposed in the context of ZK proofs [5,20,28]. A general method for ORAM in ZKP context [28] performs no correctness checks while the load and store operations are executed.…”

Section: Useful Constructionsmentioning

confidence: 99%

ZK-SecreC: a Domain-Specific Language for Zero Knowledge Proofs

Bogdanov¹,

Jääger²,

Laud³

et al. 2022

Preprint

View full text Add to dashboard Cite

We present ZK S C, a domain-specific language for zero-knowledge proofs. We present the rationale for its design, its syntax and semantics, and demonstrate its usefulness on the basis of a number of non-trivial examples. The design features a type system, where each piece of data is assigned both a confidentiality and an integrity type, which are not orthogonal to each other. We perform an empiric evaluation of the statements produced by its compiler in terms of their size. We also show the integration of the compiler with the implementation of a zero-knowledge proof technique, and evaluate the running time of both Prover and Verifier.

show abstract

“…In the decades since their introduction, zero-knowledge proofs have been used to support a wide variety of potential applications, ranging from verifiable outsourced computation [11,16,24,59] to anonymous credentials [6,27,28,32,39], with a multitude of other settings that also require a balance between privacy and integrity [17,19,29,31,36]. In recent years, cryptocurrencies have been one increasingly popular real-world application [10,44,52,57], with general zero-knowledge protocols now deployed in both Zcash and Ethereum.…”

Section: Introductionmentioning

confidence: 99%

Sonic

Maller

Bowe²,

Kohlweiss

et al. 2019

Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

Self Cite

179

View full text Add to dashboard Cite

Ever since their introduction, zero-knowledge proofs have become an important tool for addressing privacy and scalability concerns in a variety of applications. In many systems each client downloads and verifies every new proof, and so proofs must be small and cheap to verify. The most practical schemes require either a trusted setup, as in (pre-processing) zk-SNARKs, or verification complexity that scales linearly with the complexity of the relation, as in Bulletproofs. The structured reference strings required by most zk-SNARK schemes can be constructed with multi-party computation protocols, but the resulting parameters are specific to an individual relation. Groth et al. discovered a zk-SNARK protocol with a universal structured reference string that is also updatable, but the string scales quadratically in the size of the supported relations.Here we describe a zero-knowledge SNARK, Sonic, which supports a universal and continually updatable structured reference string that scales linearly in size. We also describe a generally useful technique in which untrusted "helpers" can compute advice that allows batches of proofs to be verified more efficiently. Sonic proofs are constant size, and in the "helped" batch verification context the marginal cost of verification is comparable with the most efficient SNARKs in the literature.

show abstract

Arya: Nearly Linear-Time Zero-Knowledge Proofs for Correct Program Execution

Cited by 26 publications

References 49 publications

Efficient Proofs of Software Exploitability for Real-world Processors

Efficient Proofs of Software Exploitability for Real-world Processors

ZK-SecreC: a Domain-Specific Language for Zero Knowledge Proofs

Sonic

Contact Info

Product

Resources

About