Paper 2015/1093

C$\emptyset$C$\emptyset$: A Framework for Building Composable Zero-Knowledge Proofs

Ahmed Kosba, Zhichao Zhao, Andrew Miller, Yi Qian, Hubert Chan, Charalampos Papamanthou, Rafael Pass, abhi shelat, and Elaine Shi

Abstract

Non-interactive zero-knowledge proofs are a powerful cryptographic primitive used in privacy-preserving protocols. We design and build C$\emptyset$C$\emptyset$, the first system enabling developers to build efficient, composable, non-interactive zero-knowledge proofs for generic, user-defined statements. C$\emptyset$C$\emptyset$ extends state-of-the-art SNARK constructions by applying known strengthening transformations to yield UC-composable zero-knowledge proofs suitable for modular use in larger cryptographic protocols. To attain fast practical performance, C$\emptyset$C$\emptyset$ includes a library of several ``SNARK-friendly'' cryptographic primitives. These primitives are used in the strengthening transformations in order to reduce the overhead of achieving composable security. Our open-source library of optimized arithmetic circuits for these functions are up to 40$\times$ more efficient than standard implementations and are thus of independent interest for use in other NIZK projects. Finally, we evaluate C$\emptyset$C$\emptyset$ on applications such as anonymous credentials, private smart contracts, and nonoutsourceable proof-of-work puzzles and demonstrate 5$\times$ to 8$\times$ speedup in these application settings compared to naive implementations.