Paper 2018/907

Proving the correct execution of concurrent services in zero-knowledge

Srinath Setty, Sebastian Angel, Trinabh Gupta, and Jonathan Lee


This paper introduces Spice, a system for building verifiable state machines (VSMs). A VSM is a request-processing service that produces proofs establishing that requests were executed correctly according to a specification. Such proofs are succinct (a verifier can check them efficiently without reexecution) and zero-knowledge (a verifier learns nothing about the content of the requests, responses, or the internal state of the service). Recent systems for proving the correct execution of stateful computations---Pantry, Geppetto, CTV, vSQL, etc.--implicitly implement VSMs, but they incur prohibitive costs. Spice reduces these costs significantly with a new storage primitive. More notably, Spice’s storage primitive supports multiple writers, making Spice the first system that can succinctly prove the correct execution of concurrent services. We find that Spice running on a cluster of 16 servers achieves 488--1167 transactions/second for a variety of applications including inter-bank transactions, cloud-hosted ledgers, and dark pools. This represents an 18,000--685,000× higher throughput than prior work.

Available format(s)
Publication info
Published elsewhere. MINOR revision.USENIX OSDI 2018
zero knowledgeverifiable state machinesconcurrent servicessuccinct proofs
Contact author(s)
srinath @ microsoft com
2019-03-11: last of 2 revisions
2018-09-25: received
See all versions
Short URL
Creative Commons Attribution


      author = {Srinath Setty and Sebastian Angel and Trinabh Gupta and Jonathan Lee},
      title = {Proving the correct execution of concurrent services in zero-knowledge},
      howpublished = {Cryptology ePrint Archive, Paper 2018/907},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.