Paper 2024/265

Beyond the circuit: How to Minimize Foreign Arithmetic in ZKP Circuits

Michele Orrù, French National Centre for Scientific Research
George Kadianakis, Ethereum Foundation
Mary Maller, Ethereum Foundation, PQShield
Greg Zaverucha, Microsoft Research

Zero-knowledge circuits are frequently required to prove gadgets that are not optimised for the constraint system in question. A particularly daunting task is to embed foreign arithmetic such as Boolean operations, field arithmetic, or public-key cryptography. We construct techniques for offloading foreign arithmetic from a zero-knowledge circuit including: (i) equality of discrete logarithms across different groups; (ii) scalar multiplication without requiring elliptic curve operations; (iii) proving knowledge of an AES encryption. To achieve our goal, we employ techniques inherited from rejection sampling and lookup protocols. We implement and provide concrete benchmarks for our protocols.

Available format(s)
Cryptographic protocols
Publication info
zero-knowledgeargument of knowledgediscrete logarithm equalityaes
Contact author(s)
m @ orru net
george kadianakis @ ethereum org
mary maller @ ethereum org
gregz @ microsoft com
2024-02-19: approved
2024-02-16: received
See all versions
Short URL
No rights reserved


      author = {Michele Orrù and George Kadianakis and Mary Maller and Greg Zaverucha},
      title = {Beyond the circuit: How to Minimize Foreign Arithmetic in {ZKP} Circuits},
      howpublished = {Cryptology ePrint Archive, Paper 2024/265},
      year = {2024},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.