Cryptology ePrint Archive: Report 2022/566

AntMan: Interactive Zero-Knowledge Proofs with Sublinear Communication

Chenkai Weng and Kang Yang and Zhaomin Yang and Xiang Xie and Xiao Wang

Abstract: Recent works on interactive zero-knowledge (ZK) protocols provide a new paradigm with high efficiency and scalability. However, these protocols suffer from high communication overhead, often linear to the circuit size. In this paper, we proposed two new ZK protocols with communication sublinear to the circuit size, while maintaining a similar level of computational efficiency. -- We designed a ZK protocol that can prove $B$ executions of any circuit $C$ in communication $O(B + |C|)$ field elements (with free addition gates), while the best prior work requires a communication of $O(B|C|)$ field elements. Our protocol is enabled by a new tool called as information-theoretic polynomial authentication code, which may be of independent interest. -- We developed an optimized implementation of this protocol which shows high practicality. For example, with $B=2048$, $|C|=2^{20}$, and under 50 Mbps bandwidth and 16 threads, QuickSilver, a state-of-the-art ZK protocol based on vector oblivious linear evaluation (VOLE), can only prove $0.78$ million MULT gates per second (mgps) and send one field element per gate; our protocol can prove $14$ mgps ($18\times$ improvement) and send $0.0064$ field elements per gate ($156\times$ improvement) under the same hardware configuration. -- Extending the above idea, we constructed a ZK protocol that can prove a single execution of any circuit $C$ in communication $O(|C|^{3/4})$. This is the first ZK protocol with sublinear communication for an arbitrary circuit in the VOLE-based ZK family.

Category / Keywords: cryptographic protocols / zero-knowledge proofs

Date: received 9 May 2022

Contact author: ckweng at u northwestern edu, yangk at sklc org, yangzhaomin at matrixelements com, xiexiang at matrixelements com, wangxiao at cs northwestern edu

Available format(s): PDF | BibTeX Citation

Version: 20220510:082503 (All versions of this report)

Short URL: ia.cr/2022/566


[ Cryptology ePrint archive ]