Cryptology ePrint Archive: Report 2018/907

Proving the correct execution of concurrent services in zero-knowledge

Srinath Setty and Sebastian Angel and Trinabh Gupta and Jonathan Lee

Abstract: This paper introduces Spice, a system for building verifiable state machines (VSMs). A VSM is a request-processing service that produces proofs establishing that requests were executed correctly according to a specification. Such proofs are succinct (a verifier can check them efficiently without reexecution) and zero-knowledge (a verifier learns nothing about the content of the requests, responses, or the internal state of the service). Recent systems for proving the correct execution of stateful computations---Pantry, Geppetto, CTV, vSQL, etc.--implicitly implement VSMs, but they incur prohibitive costs. Spice reduces these costs significantly with a new storage primitive. More notably, Spice’s storage primitive supports multiple writers, making Spice the first system that can succinctly prove the correct execution of concurrent services. We find that Spice running on a cluster of 16 servers achieves 488--1167 transactions/second for a variety of applications including inter-bank transactions, cloud-hosted ledgers, and dark pools. This represents an 18,000--685,000× higher throughput than prior work.

Category / Keywords: implementation / zero knowledge, verifiable state machines, concurrent services, succinct proofs

Original Publication (with minor differences): USENIX OSDI 2018

Date: received 24 Sep 2018, last revised 11 Mar 2019

Contact author: srinath at microsoft com

Available format(s): PDF | BibTeX Citation

Version: 20190311:151233 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]