Paper 2023/1240

FREPack: Improved SNARK Frontend for Highly Repetitive Computations

Sriram Sridhar, University of California, Berkeley
Yinuo Zhang, University of California, Berkeley
Abstract

Modern SNARK designs typically follow a frontend-backend paradigm: The frontend compiles a user's program into some equivalent circuit representation, while the backend calls for a SNARK specifically made for proving circuit satisfiability. While these circuits are often defined over small fields, the backend prover always needs to lift the computation to much larger fields to ensure soundness. This gap introduces concrete overheads for ZK applications like zkRollups, where group-based SNARKs are used to provide constant-size proofs for Merkle tree openings. For a class of highly repetitive computations, we propose , an improved frontend that effectively bridges this gap. The larger the gap between circuit's small field and backend's large field, the more reduces the circuit size, making it particularly well-suited for group-based backends. Our implementation shows that, for proving iterations of SHA-256, improves the performance of Groth16 by , Nova by , and Spartan by .

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
zero knowledge proofs
Contact author(s)
srirams @ berkeley edu
yinuo yz @ gmail com
History
2024-10-03: last of 3 revisions
2023-08-16: received
See all versions
Short URL
https://ia.cr/2023/1240
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2023/1240,
      author = {Sriram Sridhar and Yinuo Zhang},
      title = {$\mathsf{{FREPack}}$: Improved {SNARK} Frontend for Highly Repetitive Computations},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1240},
      year = {2023},
      url = {https://eprint.iacr.org/2023/1240}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.