Sonic

Maller, Mary; Bowe, Sean; Kohlweiss, Markulf; Meiklejohn, Sarah

doi:10.1145/3319535.3339817

Cited by 185 publications

(10 citation statements)

References 57 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, the aforementioned schemes have a better communication complexity (O λ (1)) and, while asymptotically the verifier has the same complexity (O λ (log |C|)), in their case it works mainly on the field while ours works in the group, which is less efficient. Also, while the prover complexity in [32,20,15] is quasi-linear in |C| and ours is linear, theirs works mainly in the field. We report some concrete numbers in Table 1 for the overhead of each scheme (we do not include concrete numbers for other schemes in communication and verification since they are constant while ours are logarithmic in |C|).…”

Section: Our Contributionmentioning

confidence: 92%

“…As far as we know, all recently proposed efficient and fully-succinct updateable schemes [32,20,15] rely on the Algebraic Group Model [18] or other Knowledge Type assumptions apart from the Random Oracle Model, while in our case the Random Oracle Model and a standard assumption is enough. However, the aforementioned schemes have a better communication complexity (O λ (1)) and, while asymptotically the verifier has the same complexity (O λ (log |C|)), in their case it works mainly on the field while ours works in the group, which is less efficient.…”

Section: Our Contributionmentioning

confidence: 95%

“…The authors also presented a scheme which is updateable, but it has a universal common reference string of size quadratic in the maximal size of all supported circuits (although from the global setup a linear, circuit-specific string can be derived). Maller et al presented Sonic [32], which improved this to a linear CRS by exploiting the reduction of [10]. Several works [20,15,19] have tried to improve the efficiency of Sonic concretely.…”

Section: Related Workmentioning

confidence: 99%

“…To overcome this, we delegate this computation to the prover who gives a succinct proof for the correct computation of [β]. To achieve that, we assume a specific structure for the circuit (basically that the gates have bounded fan-in and fan-out) and apply techniques similar to [32] adapted to our setting. These conditions can be imposed by pre-processing the circuit appropriately without asymptotically increasing the circuit size.…”

Section: Our Techniquesmentioning

confidence: 99%

See 3 more Smart Citations

Updateable Inner Product Argument with Logarithmic Verifier and Applications

Daza

Ràfols

Zacharakis

2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

We propose an improvement for the inner product argument of Bootle et al. (EUROCRYPT'16). The new argument replaces the unstructured common reference string (the commitment key) by a structured one. We give two instantiations of this argument, for two different distributions of the CRS. In the designated verifier setting, this structure can be used to reduce verification from linear to logarithmic in the circuit size. The argument can be compiled to the publicly verifiable setting in asymmetric bilinear groups. The new common reference string can easily be updateable. The argument can be directly used to improve verification of Bulletproofs range proofs (IEEE SP'18). On the other hand, to use the improved argument to prove circuit satisfiability with logarithmic verification, we adapt recent techniques from Sonic (ACM CCS'19) to work with the new common reference string. The resulting argument is secure under standard assumptions (in the Random Oracle Model), in contrast with Sonic and recent works that improve its efficiency (Plonk, Marlin, AuroraLight), which, apart from the Random Oracle Model, need either the Algebraic Group Model or Knowledge Type assumptions.

show abstract

Section: Our Contributionmentioning

confidence: 92%

Section: Our Contributionmentioning

confidence: 95%

Section: Related Workmentioning

confidence: 99%

Section: Our Techniquesmentioning

confidence: 99%

See 2 more Smart Citations

Updateable Inner Product Argument with Logarithmic Verifier and Applications

Daza

Ràfols

Zacharakis

2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…The resulting scheme satisfies perfect completeness and zero-knowledge with computational soundness. 5) Sonic [120] is a zero-knowledge scheme based on the updatable CRS model of Groth [117] using a polynomial commitment scheme, pairings and arithmetic circuits. Trusted setup for the CRS is needed and can be implemented, for example, with secure multiparty computation.…”

Section: Schemes Based On Linear Pcps and The Discrete Logarithm Problemmentioning

confidence: 99%

Non-Interactive Zero-Knowledge for Blockchain: A Survey

2020

View full text Add to dashboard Cite

We survey the state-of-the-art non-interactive zero-knowledge argument schemes and their applications in confidential transactions and private smart contracts on blockchain. The main goal of this paper is to serve as a reference for blockchain application developers in finding the most suitable scheme for a particular use case. We give an overview and compare the state-of-the-art protocols for confidential transactions and private smart contracts regarding the protection of the transaction graph and amounts, data and functionality. However, our main focus is on state-of-the-art zero-knowledge argument schemes. We briefly describe their backgrounds, proof lengths and computational complexities and discuss their cryptographic security models. Our focus is on seminal, otherwise notable and, especially, implemented methods that are ready to be applied in practice. We also survey the existing implementations of transforming computations into circuit representations required by those methods. We note that the existing schemes have different strengths and drawbacks regarding usability, setup, proof length and proving and verification costs.

show abstract

Hardware acceleration of number theoretic transform for zk‐SNARK

Zhao

Ding

Wang

et al. 2023

Engineering Reports

View full text Add to dashboard Cite

Zk‐SNARK unleashes the great potential of ZKP (zero‐knowledge proof) in the blockchain, distributed storage, and so forth. However, the proof‐generation of zk‐SNARK is excessively time intensive, making it a challenge to deploy a high‐performance zk‐SNARK in most real applications. As a result, NTT (Number Theoretic Transform), one of the most time‐consuming parts in proof‐generation, needs to be accelerated significantly. To address this issue, we propose a novel and efficient “data reordering" technique to enable a highly pipelined architecture, on which an FPGA‐based hardware accelerator is designed to support the large‐bitwidth and large‐scale NTT tasks in zk‐SNARK. This two‐level pipelined architecture can effectively reduce the data dependency and memory access requirements, meanwhile, can be flexibly scaled to different scales of FPGAs. To balance computing efficiency and flexibility, the OpenCL equipped with HLS is used to implement the heterogeneous acceleration system. We prototype the accelerator on the AMD‐Xilinx Alveo U50 card (UltraScale+ XCU50 FPGA). The evaluation results show that (1) our accelerator shows high scalability for different scales of FPGAs with a stable performance improvement; (2) it performs 1.95 faster than the one in PipeZK; (3) and it achieves 27.98 , 1.74 speedup and 6.9 , 6 energy efficiency improvement than AMD Ryzen 9 5900X single core and 12 cores respectively when integrated into the well‐known ZKP open‐source project, Bellman.

show abstract

Sonic

Cited by 185 publications

References 57 publications

Updateable Inner Product Argument with Logarithmic Verifier and Applications

Updateable Inner Product Argument with Logarithmic Verifier and Applications

Non-Interactive Zero-Knowledge for Blockchain: A Survey

Hardware acceleration of number theoretic transform for zk‐SNARK

Contact Info

Product

Resources

About