Paper 2023/1240
$\mathsf{FREPack}$: Improved SNARK Frontend for Highly Repetitive Computations
Abstract
Modern SNARK designs typically follow a frontend-backend paradigm: The frontend compiles a user's program into some equivalent circuit representation, while the backend calls for a SNARK specifically made for proving circuit satisfiability. While these circuits are often defined over small fields, the backend prover always needs to lift the computation to much larger fields to ensure soundness. This gap introduces concrete overheads for ZK applications like zkRollups, where group-based SNARKs are used to provide constant-size proofs for Merkle tree openings. For a class of highly repetitive computations, we propose $\mathsf{FREPack}$, an improved frontend that effectively bridges this gap. The larger the gap between circuit's small field and backend's large field, the more $\mathsf{FREPack}$ reduces the circuit size, making it particularly well-suited for group-based backends. Our implementation shows that, for proving $\approx 300$ iterations of SHA-256, $\mathsf{FREPack}$ improves the performance of Groth16 by $3.6\times$, Nova by $3.8\times$, and Spartan by $5.9\times$.
Metadata
- Available format(s)
-
PDF
- Category
- Cryptographic protocols
- Publication info
- Preprint.
- Keywords
- zero knowledge proofs
- Contact author(s)
-
srirams @ berkeley edu
yinuo yz @ gmail com - History
- 2024-10-03: last of 3 revisions
- 2023-08-16: received
- See all versions
- Short URL
- https://ia.cr/2023/1240
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/1240,
author = {Sriram Sridhar and Yinuo Zhang},
title = {$\mathsf{{FREPack}}$: Improved {SNARK} Frontend for Highly Repetitive Computations},
howpublished = {Cryptology {ePrint} Archive, Paper 2023/1240},
year = {2023},
url = {https://eprint.iacr.org/2023/1240}
}
