Cryptology ePrint Archive: Report 2020/351

Optimized and secure pairing-friendly elliptic curves suitable for one layer proof composition

Youssef El Housni and Aurore Guillevic

Abstract: A zero-knowledge proof is a method by which one can prove knowledge of general non-deterministic polynomial (NP) statements. SNARKs are in addition non-interactive, short and cheap to verify. This property makes them suitable for recursive proof composition, that is proofs attesting to the validity of other proofs. Recursive proof composition has been empirically demonstrated for pairing-based SNARKs via tailored constructions of expensive elliptic curves. We thus construct on top of the curve BLS12-377 a new pairing-friendly elliptic curve which is STNFS-secure and optimized for one layer composition. We show that it is at least five times faster to verify a composed SNARK proof on this curve compared to the previous state-of-the-art. We propose to name the new curve BW6-761.

Category / Keywords: implementation / elliptic curve, bilinear pairing, zkSNARK, proof composition

Date: received 24 Mar 2020, last revised 30 Mar 2020

Contact author: youssef el housni at fr ey com,aurore guillevic@inria fr

Available format(s): PDF | BibTeX Citation

Note: The C++ implementation is available here: https://github.com/EYBlockchain/zk-swap-libff/tree/ey/libff/algebra/curves/bw6_761SageMath (Python) and Magma scripts are available at https://gitlab.inria.fr/zk-curves/bw6-761/

Version: 20200330:085807 (All versions of this report)

Short URL: ia.cr/2020/351


[ Cryptology ePrint archive ]