Paper 2024/674
SigmaSuite: How to Minimize Foreign Arithmetic in ZKP Circuits While Keeping Succinct Final Verification.
Abstract
Foreign field arithmetic often creates significant additional overheads in zero-knowledge proof circuits. Previous work has offloaded foreign arithmetic from proof circuits by using effective and often simple primitives such as Sigma protocols. While these successfully move the foreign field work outside of the circuit, the costs for the Sigma protocol’s verifier still remains high. In use cases where the verifier is constrained computationally this poses a major challenge. One such use case would be in proof composition where foreign arithmetic causes a blowup in the costs for the verifier circuit. In this work we show that by using folding scheme with Sigmabus and other such uniform verifier offloading techniques, we can remove foreign field arithmetic from zero-knowledge proof circuits while achieving succinct final verification. We do this by applying prior techniques iteratively and accumulate the resulting verifier work into one folding proof of size O(|F|) group elements, where F is the size of a single Sigma verifier’s computation. Then by using an existing zkSNARK we can further compress to a proof size of O(log |F|) which can be checked succinctly by a computationally constrained verifier.
Metadata
- Available format(s)
-
PDF
- Category
- Cryptographic protocols
- Publication info
- Preprint.
- Keywords
- SNARKsproof compositionforeign field arithmetic
- Contact author(s)
- wyatt @ icme io
- History
- 2024-05-03: approved
- 2024-05-02: received
- See all versions
- Short URL
- https://ia.cr/2024/674
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/674,
author = {Wyatt Benno},
title = {{SigmaSuite}: How to Minimize Foreign Arithmetic in {ZKP} Circuits While Keeping Succinct Final Verification.},
howpublished = {Cryptology {ePrint} Archive, Paper 2024/674},
year = {2024},
url = {https://eprint.iacr.org/2024/674}
}
