Linear-time zero-knowledge proofs for arithmetic circuit satisfiability

Jonathan Bootle; Andrea Cerulli; Essam Ghadafi; Jens Groth; Mohammad Hajiabadi; Sune K. Jakobsen

doi:10.1007/978-3-319-70700-6_12

Linear-time zero-knowledge proofs for arithmetic circuit satisfiability

Jonathan Bootle, Andrea Cerulli, Essam Ghadafi, Jens Groth, Mohammad Hajiabadi, Sune K. Jakobsen

School of Electrical Engineering and Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

40 Scopus citations

Abstract

We give computationally efficient zero-knowledge proofs of knowledge for arithmetic circuit satisfiability over a large field. For a circuit with N addition and multiplication gates, the prover only uses O(N) multiplications and the verifier only uses O(N) additions in the field. If the commitments we use are statistically binding, our zero-knowledge proofs have unconditional soundness, while if the commitments are statistically hiding we get computational soundness. Our zero-knowledge proofs also have sub-linear communication if the commitment scheme is compact. Our construction proceeds in three steps. First, we give a zeroknowledge proof for arithmetic circuit satisfiability in an ideal linear commitment model where the prover may commit to secret vectors of field elements, and the verifier can receive certified linear combinations of those vectors. Second, we show that the ideal linear commitment proof can be instantiated using error-correcting codes and non-interactive commitments. Finally, by choosing efficient instantiations of the primitives we obtain linear-time zero-knowledge proofs.

Original language	English (US)
Title of host publication	Advances in Cryptology – ASIACRYPT 2017 - 23rd International Conference on the Theory and Applications of Cryptology and Information Security, Proceedings
Editors	Tsuyoshi Takagi, Thomas Peyrin
Publisher	Springer Verlag
Pages	336-365
Number of pages	30
ISBN (Print)	9783319706993
DOIs	https://doi.org/10.1007/978-3-319-70700-6_12
State	Published - 2017
Event	23rd Annual International Conference on Theory and Application of Cryptology and Information Security, ASIACRYPT 2017 - Hong Kong, Hong Kong Duration: Dec 3 2017 → Dec 7 2017

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	10626 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	23rd Annual International Conference on Theory and Application of Cryptology and Information Security, ASIACRYPT 2017
Country/Territory	Hong Kong
City	Hong Kong
Period	12/3/17 → 12/7/17

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-319-70700-6_12

Cite this

Bootle, J., Cerulli, A., Ghadafi, E., Groth, J., Hajiabadi, M., & Jakobsen, S. K. (2017). Linear-time zero-knowledge proofs for arithmetic circuit satisfiability. In T. Takagi, & T. Peyrin (Eds.), Advances in Cryptology – ASIACRYPT 2017 - 23rd International Conference on the Theory and Applications of Cryptology and Information Security, Proceedings (pp. 336-365). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10626 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-70700-6_12

Bootle, Jonathan ; Cerulli, Andrea ; Ghadafi, Essam et al. / Linear-time zero-knowledge proofs for arithmetic circuit satisfiability. Advances in Cryptology – ASIACRYPT 2017 - 23rd International Conference on the Theory and Applications of Cryptology and Information Security, Proceedings. editor / Tsuyoshi Takagi ; Thomas Peyrin. Springer Verlag, 2017. pp. 336-365 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{3c70d79a01a04079a240e19147660d33,

title = "Linear-time zero-knowledge proofs for arithmetic circuit satisfiability",

abstract = "We give computationally efficient zero-knowledge proofs of knowledge for arithmetic circuit satisfiability over a large field. For a circuit with N addition and multiplication gates, the prover only uses O(N) multiplications and the verifier only uses O(N) additions in the field. If the commitments we use are statistically binding, our zero-knowledge proofs have unconditional soundness, while if the commitments are statistically hiding we get computational soundness. Our zero-knowledge proofs also have sub-linear communication if the commitment scheme is compact. Our construction proceeds in three steps. First, we give a zeroknowledge proof for arithmetic circuit satisfiability in an ideal linear commitment model where the prover may commit to secret vectors of field elements, and the verifier can receive certified linear combinations of those vectors. Second, we show that the ideal linear commitment proof can be instantiated using error-correcting codes and non-interactive commitments. Finally, by choosing efficient instantiations of the primitives we obtain linear-time zero-knowledge proofs.",

author = "Jonathan Bootle and Andrea Cerulli and Essam Ghadafi and Jens Groth and Mohammad Hajiabadi and Jakobsen, {Sune K.}",

note = "Publisher Copyright: {\textcopyright} International Association for Cryptologic Research 2017.; 23rd Annual International Conference on Theory and Application of Cryptology and Information Security, ASIACRYPT 2017 ; Conference date: 03-12-2017 Through 07-12-2017",

year = "2017",

doi = "10.1007/978-3-319-70700-6_12",

language = "English (US)",

isbn = "9783319706993",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "336--365",

editor = "Tsuyoshi Takagi and Thomas Peyrin",

booktitle = "Advances in Cryptology – ASIACRYPT 2017 - 23rd International Conference on the Theory and Applications of Cryptology and Information Security, Proceedings",

address = "Germany",

}

Bootle, J, Cerulli, A, Ghadafi, E, Groth, J, Hajiabadi, M & Jakobsen, SK 2017, Linear-time zero-knowledge proofs for arithmetic circuit satisfiability. in T Takagi & T Peyrin (eds), Advances in Cryptology – ASIACRYPT 2017 - 23rd International Conference on the Theory and Applications of Cryptology and Information Security, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10626 LNCS, Springer Verlag, pp. 336-365, 23rd Annual International Conference on Theory and Application of Cryptology and Information Security, ASIACRYPT 2017, Hong Kong, Hong Kong, 12/3/17. https://doi.org/10.1007/978-3-319-70700-6_12

Linear-time zero-knowledge proofs for arithmetic circuit satisfiability. / Bootle, Jonathan; Cerulli, Andrea; Ghadafi, Essam et al.
Advances in Cryptology – ASIACRYPT 2017 - 23rd International Conference on the Theory and Applications of Cryptology and Information Security, Proceedings. ed. / Tsuyoshi Takagi; Thomas Peyrin. Springer Verlag, 2017. p. 336-365 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10626 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Linear-time zero-knowledge proofs for arithmetic circuit satisfiability

AU - Bootle, Jonathan

AU - Cerulli, Andrea

AU - Ghadafi, Essam

AU - Groth, Jens

AU - Hajiabadi, Mohammad

AU - Jakobsen, Sune K.

PY - 2017

Y1 - 2017

N2 - We give computationally efficient zero-knowledge proofs of knowledge for arithmetic circuit satisfiability over a large field. For a circuit with N addition and multiplication gates, the prover only uses O(N) multiplications and the verifier only uses O(N) additions in the field. If the commitments we use are statistically binding, our zero-knowledge proofs have unconditional soundness, while if the commitments are statistically hiding we get computational soundness. Our zero-knowledge proofs also have sub-linear communication if the commitment scheme is compact. Our construction proceeds in three steps. First, we give a zeroknowledge proof for arithmetic circuit satisfiability in an ideal linear commitment model where the prover may commit to secret vectors of field elements, and the verifier can receive certified linear combinations of those vectors. Second, we show that the ideal linear commitment proof can be instantiated using error-correcting codes and non-interactive commitments. Finally, by choosing efficient instantiations of the primitives we obtain linear-time zero-knowledge proofs.

AB - We give computationally efficient zero-knowledge proofs of knowledge for arithmetic circuit satisfiability over a large field. For a circuit with N addition and multiplication gates, the prover only uses O(N) multiplications and the verifier only uses O(N) additions in the field. If the commitments we use are statistically binding, our zero-knowledge proofs have unconditional soundness, while if the commitments are statistically hiding we get computational soundness. Our zero-knowledge proofs also have sub-linear communication if the commitment scheme is compact. Our construction proceeds in three steps. First, we give a zeroknowledge proof for arithmetic circuit satisfiability in an ideal linear commitment model where the prover may commit to secret vectors of field elements, and the verifier can receive certified linear combinations of those vectors. Second, we show that the ideal linear commitment proof can be instantiated using error-correcting codes and non-interactive commitments. Finally, by choosing efficient instantiations of the primitives we obtain linear-time zero-knowledge proofs.

UR - http://www.scopus.com/inward/record.url?scp=85037841927&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85037841927&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-70700-6_12

DO - 10.1007/978-3-319-70700-6_12

M3 - Conference contribution

AN - SCOPUS:85037841927

SN - 9783319706993

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 336

EP - 365

BT - Advances in Cryptology – ASIACRYPT 2017 - 23rd International Conference on the Theory and Applications of Cryptology and Information Security, Proceedings

A2 - Takagi, Tsuyoshi

A2 - Peyrin, Thomas

PB - Springer Verlag

T2 - 23rd Annual International Conference on Theory and Application of Cryptology and Information Security, ASIACRYPT 2017

Y2 - 3 December 2017 through 7 December 2017

ER -

Bootle J, Cerulli A, Ghadafi E, Groth J, Hajiabadi M, Jakobsen SK. Linear-time zero-knowledge proofs for arithmetic circuit satisfiability. In Takagi T, Peyrin T, editors, Advances in Cryptology – ASIACRYPT 2017 - 23rd International Conference on the Theory and Applications of Cryptology and Information Security, Proceedings. Springer Verlag. 2017. p. 336-365. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-70700-6_12

Linear-time zero-knowledge proofs for arithmetic circuit satisfiability

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this