Succinct Zero-Knowledge Batch Proofs for Set Accumulators

Matteo Campanelli; Dario Fiore; Semin Han; Jihye Kim; Dimitris Kolonelos; Hyunok Oh

Paper 2021/1672

Succinct Zero-Knowledge Batch Proofs for Set Accumulators

Matteo Campanelli

, Protocol Labs

Dario Fiore

, IMDEA Software Institute

Semin Han

, Hanyang University

Jihye Kim

, Kookmin University

Dimitris Kolonelos

, IMDEA Software Institute, Spain, Universidad Politecnica de Madrid

Hyunok Oh

, Hanyang University

Abstract

Cryptographic accumulators are a common solution to proving information about a large set . They allow one to compute a short digest of and short certificates of some of its basic properties, notably membership of an element. Accumulators also allow one to track set updates: a new accumulator is obtained by inserting/deleting a given element. In this work we consider the problem of generating membership and update proofs for {\em batches} of elements so that we can succinctly prove additional properties of the elements (i.e., proofs are of constant size regardless of the batch size), and we can preserve privacy. Solving this problem would allow obtaining blockchain systems with improved privacy and scalability. The state-of-the-art approach to achieve this goal is to combine accumulators (typically Merkle trees) with zkSNARKs. This solution is however expensive for provers and does not scale for large batches of elements. In particular, there is no scalable solution for proving batch membership proofs when we require zero-knowledge (a standard definition of privacy-preserving protocols). In this work we propose new techniques to efficiently use zkSNARKs with RSA accumulators. We design and implement two main schemes: 1) \harisa, which proves batch membership in zero-knowledge; 2) \insarisa, which proves batch updates. For batch membership, the prover in \harisa is orders of magnitude faster than existing approaches based on Merkle trees (depending on the hash function). For batch updates we get similar cost savings compared to approaches based on Merkle trees; we also improve over the recent solution of Ozdemir et al. [USENIX'20].

Note: Updated benchmarks; included witness generation discussion; other editorial changes.

Metadata

Available format(s): PDF
Category: Cryptographic protocols
Publication info: Published elsewhere. ACM CCS 2022
Keywords: snarks zero-knowledge set-membership rsa accumulators
Contact author(s): matteo @ protocol ai
dario fiore @ imdea org
seminhan @ hanyang ac kr
jihyek @ kookmin ac kr
dimitris kolonelos @ imdea org
hoh @ hanyang ac kr
History: 2022-10-21: last of 4 revisions; 2021-12-21: received; See all versions
Short URL: https://ia.cr/2021/1672
License: CC BY

BibTeX

@misc{cryptoeprint:2021/1672,
      author = {Matteo Campanelli and Dario Fiore and Semin Han and Jihye Kim and Dimitris Kolonelos and Hyunok Oh},
      title = {Succinct Zero-Knowledge Batch Proofs for Set Accumulators},
      howpublished = {Cryptology {ePrint} Archive, Paper 2021/1672},
      year = {2021},
      url = {https://eprint.iacr.org/2021/1672}
}