Cryptology ePrint Archive: Report 2013/879

Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture

Eli Ben-Sasson and Alessandro Chiesa and Eran Tromer and Madars Virza

Abstract: We build a system that provides succinct non-interactive zero-knowledge proofs (zk-SNARKs) for program executions on a von Neumann RISC architecture. The system has two components: a cryptographic proof system for verifying satisfiability of arithmetic circuits, and a circuit generator to translate program executions to such circuits. Our design of both components improves in functionality and efficiency over prior work, as follows.

Our circuit generator is the first to be universal: it does not need to know the program, but only a bound on its running time. Moreover, the size of the output circuit depends additively (rather than multiplicatively) on program size, allowing verification of larger programs.

The cryptographic proof system improves proving and verification times, by leveraging new algorithms and a pairing library tailored to the protocol.

We evaluated our system for programs with up to 10,000 instructions, running for up to 32,000 machine steps, each of which can arbitrarily access random-access memory; and also demonstrated it executing programs that use just-in-time compilation. Our proofs are 230 bytes long at 80 bits of security, or 288 bytes long at 128 bits of security. Typical verification time is 5 milliseconds, regardless of the original program's running time.

Category / Keywords: cryptographic protocols / zero-knowledge, succinct arguments, computationally-sound proofs

Original Publication (with minor differences): USENIX Security 2014

Date: received 30 Dec 2013, last revised 19 May 2015

Contact author: alexch at mit edu

Available format(s): PDF | BibTeX Citation

Version: 20150519:172604 (All versions of this report)

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]