You are looking at a specific version 20200330:085807 of this paper. See the latest version.

Paper 2020/351

Optimized and secure pairing-friendly elliptic curves suitable for one layer proof composition

Youssef El Housni and Aurore Guillevic

Abstract

A zero-knowledge proof is a method by which one can prove knowledge of general non-deterministic polynomial (NP) statements. SNARKs are in addition non-interactive, short and cheap to verify. This property makes them suitable for recursive proof composition, that is proofs attesting to the validity of other proofs. Recursive proof composition has been empirically demonstrated for pairing-based SNARKs via tailored constructions of expensive elliptic curves. We thus construct on top of the curve BLS12-377 a new pairing-friendly elliptic curve which is STNFS-secure and optimized for one layer composition. We show that it is at least five times faster to verify a composed SNARK proof on this curve compared to the previous state-of-the-art. We propose to name the new curve BW6-761.

Note: The C++ implementation is available here: https://github.com/EYBlockchain/zk-swap-libff/tree/ey/libff/algebra/curves/bw6_761SageMath (Python) and Magma scripts are available at https://gitlab.inria.fr/zk-curves/bw6-761/

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint. MINOR revision.
Keywords
elliptic curvebilinear pairingzkSNARKproof composition
Contact author(s)
youssef el housni @ fr ey com,aurore guillevic @ inria fr
History
2020-10-09: last of 3 revisions
2020-03-26: received
See all versions
Short URL
https://ia.cr/2020/351
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.