Paper 2021/710

VOProof: Efficient zkSNARKs from Vector Oracle Compilers

Yuncong Zhang, Shanghai Jiao Tong University
Alan Szepieniec, Nervos
Ren Zhang, Cryptape Co. Ltd., Nervos
Shi-Feng Sun, Shanghai Jiao Tong University
Geng Wang, Shanghai Jiao Tong University
Dawu Gu, Shanghai Jiao Tong University
Abstract

The design of zkSNARKs is increasingly complicated and requires familiarity with a broad class of cryptographic and algebraic tools. This complexity in zkSNARK design also increases the difficulty in zkSNARK implementation, analysis, and optimization. To address this complexity, we develop a new workflow for designing and implementing zkSNARKs, called $\mathsf{VOProof}$. In $\mathsf{VOProof}$, the designer only needs to construct a \emph{Vector Oracle (VO) protocol} that is intuitive and straightforward to design, and then feeds this protocol to our \emph{VO compiler} to transform it into a fully functional zkSNARK. This new workflow conceals most algebraic and cryptographic operations inside the compiler, so that the designer is no longer required to understand these cumbersome and error prone procedures. Moreover, our compiler can be fine-tuned to compile one VO protocol into multiple zkSNARKs with different tradeoffs. We apply $\mathsf{VOProof}$ to construct three general-purpose zkSNARKs targeting three popular representations of arithmetic circuits: the Rank-1 Constraint System (R1CS), the Hadamard Product Relation (HPR), and the $\mathsf{PLONK}$ circuit. These zkSNARKs have shorter and more intuitive descriptions, thus are easier to implement and optimize compared to prior works. To evaluate their performance, we implement a Python framework for describing VO protocols and compiling them into working Rust code of zkSNARKs. Our evaluation shows that the $\mathsf{VOProof}$-based zkSNARKs have competitive performance, especially in proof size and verification time, e.g., both reduced by roughly $50\%$ compared to $\mathsf{Marlin}$ (Chiesa et al., EUROCRYPT 2020). These improvements make the $\mathsf{VOProof}$-based zkSNARKs more preferable in blockchain scenarios where the proof size and verification time are critical.

Note: Fix a confusing notation: use $\mathsf{mask}(a..b)$ instead of $\vec{1}_{[a..b]}$ for masking vectors.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Major revision. ACM CCS 2022
DOI
10.1145/3548606.3559387
Keywords
Zero-KnowledgeSNARKPIOPVector Oracle
Contact author(s)
shjdzhangyuncong @ sjtu edu cn
alan @ nervos org
ren @ nervos org
shifeng sun @ sjtu edu cn
wanggxx @ sjtu edu cn
dwgu @ sjtu edu cn
History
2024-02-27: last of 6 revisions
2021-05-28: received
See all versions
Short URL
https://ia.cr/2021/710
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/710,
      author = {Yuncong Zhang and Alan Szepieniec and Ren Zhang and Shi-Feng Sun and Geng Wang and Dawu Gu},
      title = {{VOProof}: Efficient {zkSNARKs} from Vector Oracle Compilers},
      howpublished = {Cryptology {ePrint} Archive, Paper 2021/710},
      year = {2021},
      doi = {10.1145/3548606.3559387},
      url = {https://eprint.iacr.org/2021/710}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.