Paper 2018/907

Proving the correct execution of concurrent services in zero-knowledge

Srinath Setty, Sebastian Angel, Trinabh Gupta, and Jonathan Lee

Abstract

This paper introduces Spice, a system for building verifiable state machines (VSMs). A VSM is a request-processing service that produces proofs establishing that requests were executed correctly according to a specification. Such proofs are succinct (a verifier can check them efficiently without reexecution) and zero-knowledge (a verifier learns nothing about the content of the requests, responses, or the internal state of the service). Recent systems for proving the correct execution of stateful computations---Pantry, Geppetto, CTV, vSQL, etc.--implicitly implement VSMs, but they incur prohibitive costs. Spice reduces these costs significantly with a new storage primitive. More notably, Spice’s storage primitive supports multiple writers, making Spice the first system that can succinctly prove the correct execution of concurrent services. We find that Spice running on a cluster of 16 servers achieves 488--1167 transactions/second for a variety of applications including inter-bank transactions, cloud-hosted ledgers, and dark pools. This represents an 18,000--685,000× higher throughput than prior work.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. Minor revision. USENIX OSDI 2018
Keywords
zero knowledgeverifiable state machinesconcurrent servicessuccinct proofs
Contact author(s)
srinath @ microsoft com
History
2019-03-11: last of 2 revisions
2018-09-25: received
See all versions
Short URL
https://ia.cr/2018/907
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/907,
      author = {Srinath Setty and Sebastian Angel and Trinabh Gupta and Jonathan Lee},
      title = {Proving the correct execution of concurrent services in zero-knowledge},
      howpublished = {Cryptology {ePrint} Archive, Paper 2018/907},
      year = {2018},
      url = {https://eprint.iacr.org/2018/907}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.