Paper 2018/962

Zexe: Enabling Decentralized Private Computation

Sean Bowe, Alessandro Chiesa, Matthew Green, Ian Miers, Pratyush Mishra, and Howard Wu


Ledger-based systems that support rich applications often suffer from two limitations. First, validating a transaction requires re-executing the state transition that it attests to. Second, transactions not only reveal which application had a state transition but also reveal the application's internal state. We design, implement, and evaluate ZEXE, a ledger-based system where users can execute offline computations and subsequently produce transactions, attesting to the correctness of these computations, that satisfy two main properties. First, transactions *hide all information* about the offline computations. Second, transactions can be *validated in constant time* by anyone, regardless of the offline computation. The core of ZEXE is a construction for a new cryptographic primitive that we introduce, *decentralized private computation* (DPC) schemes. In order to achieve an efficient implementation of our construction, we leverage tools in the area of cryptographic proofs, including succinct zero knowledge proofs and recursive proof composition. Overall, transactions in ZEXE are 968 bytes regardless of the offline computation, and generating them takes less than a minute plus a time that grows with the offline computation. We demonstrate how to use ZEXE to realize privacy-preserving analogues of popular applications: private decentralized exchanges for user-defined fungible assets and regulation-friendly private stablecoins.

Note: The revised version includes a new section on applications, and a note about a "denial-of-funds" attack on the private DEX application.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Major revision. IEEE S&P 2020
decentralized computationzero knowledge proofssuccinct arguments
Contact author(s)
alexch @ berkeley edu
2021-03-30: last of 3 revisions
2018-10-14: received
See all versions
Short URL
Creative Commons Attribution


      author = {Sean Bowe and Alessandro Chiesa and Matthew Green and Ian Miers and Pratyush Mishra and Howard Wu},
      title = {Zexe: Enabling Decentralized Private Computation},
      howpublished = {Cryptology ePrint Archive, Paper 2018/962},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.