Cryptology ePrint Archive: Report 2018/962

Zexe: Enabling Decentralized Private Computation

Sean Bowe and Alessandro Chiesa and Matthew Green and Ian Miers and Pratyush Mishra and Howard Wu

Abstract: Ledger-based systems that enable rich applications often suffer from two limitations. First, validating a transaction requires re-executing the state transition that it attests to. Second, transactions not only reveal which application had a state transition but also reveal the application's internal state. Unfortunately, expensive re-execution and lack of privacy rule out many use cases.

We design, implement, and evaluate ZEXE, a ledger-based system where users can execute offline computations and subsequently produce transactions, attesting to the correctness of these computations, that satisfy two main properties. First, transactions hide all information about the offline computations. Second, transactions can be validated by anyone in constant time, regardless of the offline computation.

The core of ZEXE is a protocol for a new cryptographic primitive that we introduce, *decentralized private computation* (DPC). The security guarantees of DPC are concisely expressed via an ideal functionality, which our protocol provably achieves. In order to achieve an efficient implementation of our protocol, we leverage tools in the area of cryptographic proofs, including succinct zero knowledge proofs and recursive proof composition. Overall, transactions in ZEXE are 968 bytes *regardless of the offline computation*, and generating them takes less than 2 minutes plus a time that grows with the offline computation.

To facilitate real-world deployments, ZEXE also provides support for delegating the process of producing a transaction to an untrusted worker, and support for threshold transactions and blind transactions.

Category / Keywords: cryptographic protocols / decentralized computation; zero knowledge proofs; succinct arguments

Date: received 8 Oct 2018

Contact author: alexch at berkeley edu

Available format(s): PDF | BibTeX Citation

Version: 20181014:133800 (All versions of this report)

Short URL: ia.cr/2018/962


[ Cryptology ePrint archive ]