Paper 2024/1405

Lego-DLC: batching module for commit-carrying SNARK under Pedersen Engines

Abstract

The synergy of commitments and zk-SNARKs is widely used in various applications, particularly in fields like blockchain, to ensure data privacy and integrity without revealing secret information. However, proving multiple commitments in a batch imposes a large overhead on a zk-SNARK system. One solution to alleviate the burden is the use of commit-and-prove SNARK (CP-SNARK) approach. LegoSNARK defines a new notion called commit-carrying SNARK (cc-SNARK), a special- ized form of CP-SNARK, and introduces a compiler to build commit-carrying SNARKs into commit-and-prove SNARKs. Us- ing this compiler, the paper shows a commit-and-prove version of Groth16 that improves the proving time (about 5,000×). However, proving $l$-multiple commitments simultaneously with this compiler faces a performance issue, as the linking system in LegoSNARK requires $O(l)$ pairings on the verifier side. To enhance efficiency, we propose a new batching module called Lego-DLC, designed for handling multiple commitments. This module is built by combining a $\Sigma$-protocol with commitment- carrying SNARKs under Pedersen engines in which our mod- ule can support all commit-carrying SNARKs under Pedersen engines. In this paper, we provide the concrete instantiations for Groth16 and Plonk. In the performance comparison, for $2^{16}$ commitments, with a verification time of just 0.064s—over 30x faster than LegoSNARK’s 1.972s—our approach shows remarkable efficiency. The slightly longer prover time of 1.413s (compared to LegoSNARK’s 0.177s), around 8x is a small trade- off for this performance gain.