Less is more: refinement proofs for probabilistic proofs

Abstract

There has been intense interest over the last decade in implementations of _probabilistic proofs_ (IPs, SNARKs, PCPs, and so on): protocols in which an untrusted party proves to a verifier that a given computation was executed properly, possibly in zero knowledge. Nevertheless, implementations still do not scale beyond small computations. A central source of overhead is the _front-end_: translating from the abstract computation to a set of equivalent arithmetic constraints. This paper introduces a general-purpose framework, called Distiller, in which a user translates to constraints not the original computation but an abstracted _specification_ of it. Distiller is the first in this area to perform such transformations in a way that is provably safe. Furthermore, by taking the idea of "encode a check in the constraints" to its literal logical extreme, Distiller exposes many new opportunities for constraint reduction, resulting in cost reductions for benchmark computations of 1.3–50$\times$, and in some cases, better asymptotics.

Available format(s)
Category
Applications
Publication info
Preprint.
Keywords
probabilistic proofs zero knowledge outsourced computation refinement proofs formal methods widgets gadgets R1CS
Contact author(s)
kunmingj @ andrew cmu edu
dc4451 @ nyu edu
zd2131 @ nyu edu
mwalfish @ cs nyu edu
wies @ cs nyu edu
History
2022-11-10: approved
See all versions
Short URL
https://ia.cr/2022/1557

CC BY

BibTeX

@misc{cryptoeprint:2022/1557,
author = {Kunming Jiang and Devora Chait-Roth and Zachary DeStefano and Michael Walfish and Thomas Wies},
title = {Less is more: refinement proofs for probabilistic proofs},
howpublished = {Cryptology ePrint Archive, Paper 2022/1557},
year = {2022},
note = {\url{https://eprint.iacr.org/2022/1557}},
url = {https://eprint.iacr.org/2022/1557}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.