Paper 2022/566

AntMan: Interactive Zero-Knowledge Proofs with Sublinear Communication

Chenkai Weng, Kang Yang, Zhaomin Yang, Xiang Xie, and Xiao Wang

Abstract

Recent works on interactive zero-knowledge (ZK) protocols provide a new paradigm with high efficiency and scalability. However, these protocols suffer from high communication overhead, often linear to the circuit size. In this paper, we proposed two new ZK protocols with communication sublinear to the circuit size, while maintaining a similar level of computational efficiency. -- We designed a ZK protocol that can prove $B$ executions of any circuit $C$ in communication $O(B+|C|)$ field elements (with free addition gates), while the best prior work requires a communication of $$ field elements. Our protocol is enabled by a new tool called as information-theoretic polynomial authentication code, which may be of independent interest. -- We developed an optimized implementation of this protocol which shows high practicality. For example, with $$, $$, and under 50 Mbps bandwidth and 16 threads, QuickSilver, a state-of-the-art ZK protocol based on vector oblivious linear evaluation (VOLE), can only prove $$ million MULT gates per second (mgps) and send one field element per gate; our protocol can prove $$ mgps ($$ improvement) and send $$ field elements per gate ($$ improvement) under the same hardware configuration. -- Extending the above idea, we constructed a ZK protocol that can prove a single execution of any circuit $$ in communication $$. This is the first ZK protocol with sublinear communication for an arbitrary circuit in the VOLE-based ZK family.