Cryptology ePrint Archive: Report 2021/529

SnarkPack: Practical SNARK Aggregation

Nicolas Gailly and Mary Maller and Anca Nitulescu

Abstract: Zero-knowledgeSNARKs(zk-SNARKs) are non-interactive proof systems with short and efficiently verifiable proofs. zk-SNARKs are widely used in decentralised systems to address privacy and scalability concerns. One of the main applications is the blockchain, were SNARKs are used to prove computations with private inputs and reduce on-chain footprint verification and transaction sizes.

We design and implement SnarkPack, a new argument that further reduces the size of SNARK proofs by means of aggregation. Our goal is to provide an off-the-shelf solution that is practical in the following sense: (1) it is compatible with existing deployed systems, (2) it does not require any extra setup.

SnarkPack is designed to work with Groth16 scheme and has logarithmic size proofs and a verifier that runs in logarithmic time in the number of proofs to be aggregated. Most importantly, SnarkPack reuses the public parameters from Groth16 system, so it does not require a separate trusted setup ceremony.

The key tool for our construction is a new commitment scheme that uses as public parameters two existing ”powers of tau” ceremony transcripts. The commitment scheme allows us to instantiate the inner product pairing arguments (IPP) of Bünz et al. without additional trusted setup.

SnarkPack can aggregate 8192 proofs in 8.7s and verify them in 33ms, including un-serialization time, yielding a verification mechanism that is exponentially faster than batching and previous solutions in the field.

Category / Keywords: implementation / public-key cryptography, SNARKs, proof aggregation, bilinear pairings

Date: received 21 Apr 2021, last revised 17 May 2021

Contact author: anca at protocol ai

Available format(s): PDF | BibTeX Citation

Version: 20210517:085940 (All versions of this report)

Short URL: ia.cr/2021/529


[ Cryptology ePrint archive ]