Cryptology ePrint Archive: Report 2015/1093

C$\emptyset$C$\emptyset$: A Framework for Building Composable Zero-Knowledge Proofs

Ahmed Kosba and Zhichao Zhao and Andrew Miller and Yi Qian and Hubert Chan and Charalampos Papamanthou and Rafael Pass and abhi shelat and Elaine Shi

Abstract: Non-interactive zero-knowledge proofs are a powerful cryptographic primitive used in privacy-preserving protocols. We design and build C$\emptyset$C$\emptyset$, the first system enabling developers to build efficient, composable, non-interactive zero-knowledge proofs for generic, user-defined statements. C$\emptyset$C$\emptyset$ extends state-of-the-art SNARK constructions by applying known strengthening transformations to yield UC-composable zero-knowledge proofs suitable for modular use in larger cryptographic protocols.

To attain fast practical performance, C$\emptyset$C$\emptyset$ includes a library of several ``SNARK-friendly'' cryptographic primitives. These primitives are used in the strengthening transformations in order to reduce the overhead of achieving composable security. Our open-source library of optimized arithmetic circuits for these functions are up to 40$\times$ more efficient than standard implementations and are thus of independent interest for use in other NIZK projects.

Finally, we evaluate C$\emptyset$C$\emptyset$ on applications such as anonymous credentials, private smart contracts, and nonoutsourceable proof-of-work puzzles and demonstrate 5$\times$ to 8$\times$ speedup in these application settings compared to naive implementations.

Category / Keywords: cryptographic protocols / SNARK, Universal Composability, NIZK

Date: received 10 Nov 2015, last revised 9 Oct 2016

Contact author: elaine at cs cornell edu

Available format(s): PDF | BibTeX Citation

Version: 20161009:175249 (All versions of this report)

Short URL: ia.cr/2015/1093

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]