Skip to main content
Springer Nature Link
Log in

\(\textsf{Testudo}\): Linear Time Prover SNARKs with Constant Size Proofs and Square Root Size Universal Setup

  • Conference paper
  • First Online:
Progress in Cryptology – LATINCRYPT 2023 (LATINCRYPT 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14168))

Abstract

We present Testudo, a new FFT-less SNARK with a near linear-time prover, constant-time verifier, constant-size proofs and a square-root-size universal setup. Testudo is based on a variant of Spartan [28]–and hence does not require FFTs–as well as a new, fast multivariate polynomial commitment scheme (PCS) with a square-root-sized trusted setup that is derived from PST [25] and IPPs [9]. To achieve constant-size SNARK proofs in Testudo we then combine our PCS openings proofs recursively with a Groth16 SNARK. We also evaluate Testudo and its building blocks: to compute a PCS opening proof for a polynomial of size \(2^{25}\), our new scheme opening procedure achieves a 110x speed-up compared to PST and 3x compared to Gemini [6], since opening computations are heavily parallelizable and operate on smaller polynomials. Furthermore, a Testudo proof for a witness of size \(2^{30} ({\approx } 1\,\text {GB})\) requires a setup of size only \(2^{15}\) (\(\approx \)tens of kilobytes). Finally, we show that a Testudo variant for proving data-parallel computations is almost 10x faster at verifying \(2^{10}\) Poseidon-based Merkle tree opening proofs than the regular version .

N. Gailly—Work done mainly while the author was affiliated with Protocol Labs.

M. Mihali—Work done mainly while the author was affiliated with UCL and Protocol Labs.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    To maximize backward compatibility to already deployed systems, we require that our SNARK system works with R1CS-based circuits.

  2. 2.

    Our prover runs N multi-exponentiations of size N, which is roughly \(O(N \frac{\lambda }{\log N})\) group operations with \(\lambda > \log N\) for security reason.

  3. 3.

    We only care about multilinear polynomials for Testudo but the sumcheck protocol can be run on any multivariate polynomial.

  4. 4.

    Such a polynomial of degree at most 1 in each variable always exists for any function f mapping \(\{0,1\}\rightarrow \mathbb {F}\) [30].

  5. 5.

    The current version of the repository is available at https://github.com/cryptonetlab/testudo.

References

  1. Aranha, D.F., El Housni, Y., Guillevic, A.: A survey of elliptic curves for proof systems. Cryptology ePrint Archive, Report 2022/586 (2022). https://eprint.iacr.org/2022/586

  2. Arkworks contributors (2023). arkworks zksnark ecosystem

  3. Belling, A., Soleimanian, A., Bégassat, O.: Recursion over public-coin interactive proof systems; faster hash verification. Cryptology ePrint Archive, Report 2022/1072 (2022). https://eprint.iacr.org/2022/1072

  4. Bellperson contributors (2023). The bellperson zk-SNARK library

  5. Ben-Sasson, E., Bentov, I., Horesh, Y., Riabzev, M.: Scalable, transparent, and post-quantum secure computational integrity. Cryptology ePrint Archive, Report 2018/046 (2018). https://eprint.iacr.org/2018/046

  6. Bootle, J., Chiesa, A., Hu, Y., Orrù, M.: Gemini: elastic SNARKs for diverse environments. In: Dunkelman, O., Dziembowski, S. (eds.) EUROCRYPT 2022. LNCS, vol. 13276, pp. 427–457. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-07085-3_15

    Chapter  Google Scholar 

  7. Bowe, S., Gabizon, A., Miers, I.: Scalable multi-party computation for zk-SNARK parameters in the random beacon model. Cryptology ePrint Archive, Report 2017/1050 (2017). https://eprint.iacr.org/2017/1050

  8. Bünz, B., Bootle, J., Boneh, D., Poelstra, A., Wuille, P., Maxwell, G.: Bulletproofs: short proofs for confidential transactions and more. In: 2018 IEEE Symposium on Security and Privacy. IEEE Computer Society Press (2018)

    Google Scholar 

  9. Bünz, B., Maller, M., Mishra, P., Tyagi, N., Vesely, P.: Proofs for inner pairing products and applications. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13092, pp. 65–97. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92078-4_3

    Chapter  Google Scholar 

  10. Campanelli, M., Fiore, D., Querol, A.: LegoSNARK: modular design and composition of succinct zero-knowledge proofs. In: ACM CCS 2019. ACM Press (2019)

    Google Scholar 

  11. Chen, B., Bünz, B., Boneh, D., Zhang, Z.: HyperPlonk: plonk with linear-time prover and high-degree custom gates. Cryptology ePrint Archive, Report 2022/1355 (2022). https://eprint.iacr.org/2022/1355

  12. Chiesa, A., Hu, Y., Maller, M., Mishra, P., Vesely, N., Ward, N.: Marlin: preprocessing zkSNARKs with universal and updatable SRS. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12105, pp. 738–768. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45721-1_26

    Chapter  Google Scholar 

  13. El Housni, Y., Guillevic, A.: Optimized and secure pairing-friendly elliptic curves suitable for one layer proof composition. In: Krenn, S., Shulman, H., Vaudenay, S. (eds.) CANS 2020. LNCS, vol. 12579, pp. 259–279. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-65411-5_13

    Chapter  Google Scholar 

  14. El Housni, Y., Guillevic, A.: Families of SNARK-friendly 2-chains of elliptic curves. In: Dunkelman, O., Dziembowski, S. (eds.) EUROCRYPT 2022. LNCS, vol. 13276, pp. 367–396. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-07085-3_13

    Chapter  Google Scholar 

  15. Gabizon, A., Williamson, Z.J., Ciobotaru, O.: PLONK: permutations over lagrange-bases for oecumenical noninteractive arguments of knowledge. Cryptology ePrint Archive, Report 2019/953 (2019). https://eprint.iacr.org/2019/953

  16. Gailly, N., Maller, M., Nitulescu, A.: SnarkPack: practical SNARK aggregation. In: Eyal, I., Garay, J. (eds.) FC 2022. LNCS, vol. 13411, pp. 203–229. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-18283-9_10

    Chapter  Google Scholar 

  17. Goldwasser, S., Kalai, Y.T., Rothblum, G.N.: Delegating computation: interactive proofs for muggles. In: 40th ACM STOC. ACM Press (2008)

    Google Scholar 

  18. Groth, J.: On the size of pairing-based non-interactive arguments. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 305–326. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49896-5_11

    Chapter  Google Scholar 

  19. Groth, J., Kohlweiss, M., Maller, M., Meiklejohn, S., Miers, I.: Updatable and universal common reference strings with applications to zk-SNARKs. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10993, pp. 698–728. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96878-0_24

    Chapter  Google Scholar 

  20. Kate, A., Zaverucha, G.M., Goldberg, I.: Constant-size commitments to polynomials and their applications. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 177–194. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17373-8_11

    Chapter  Google Scholar 

  21. P Labs (2023). Filecoin: A Decentralized Storage Network

  22. Lund, C., Fortnow, L., Karloff, H.J., Nisan, N.: Algebraic methods for interactive proof systems. In: 31st FOCS. IEEE Computer Society Press (1990)

    Google Scholar 

  23. Michele Orrù, G.K.: (2023). zka.lc

  24. Naehrig, M., Barreto, P.S.L.M., Schwabe, P.: On compressible pairings and their computation. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 371–388. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-68164-9_25

    Chapter  Google Scholar 

  25. Papamanthou, C., Shi, E., Tamassia, R.: Signatures of correct computation. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 222–242. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36594-2_13

    Chapter  Google Scholar 

  26. Ristretto contributors (2023). The Ristretto Group

  27. Setty, S.: Spartan: efficient and general-purpose zkSNARKs without trusted setup. Cryptology ePrint Archive, Report 2019/550 (2019). https://eprint.iacr.org/2019/550

  28. Setty, S.: Spartan: efficient and general-purpose zkSNARKs without trusted setup. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12172, pp. 704–737. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56877-1_25

    Chapter  Google Scholar 

  29. Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997). https://doi.org/10.1007/3-540-69053-0_18

    Chapter  Google Scholar 

  30. Thaler, J.: (2015–2023). Proofs, Arguments, and Zero-Knowledge

  31. Xie, T., et al.: zkBridge: trustless cross-chain bridges made practical. In: ACM CCS 2022. ACM Press (2022)

    Google Scholar 

  32. Zhang, J., Xie, T., Zhang, Y., Song, D.: Transparent polynomial delegation and its applications to zero knowledge proof. In: 2020 IEEE Symposium on Security and Privacy. IEEE Computer Society Press (2020)

    Google Scholar 

  33. Zhang, Y., Genkin, D., Katz, J., Papadopoulos, D., Papamanthou, C.: A zero-knowledge version of vSQL. Cryptology ePrint Archive, Report 2017/1146 (2017). https://eprint.iacr.org/2017/1146

  34. zk Harness contributors (2023). zk-Harness

Download references

Author information

Authors and Affiliations

  1. Protocol Labs, Aarhus, Denmark

    Matteo Campanelli

  2. Aarhus, Denmark

    Nicolas Gailly

  3. Protocol Labs & CCNY, Aarhus, Denmark

    Rosario Gennaro

  4. UCL, London, UK

    Philipp Jovanovic

  5. Aztec Labs, Johannesburg, South Africa

    Mara Mihali

  6. Georgetown & a16z Crypto Research, Washington, D.C., USA

    Justin Thaler

Authors
  1. Matteo Campanelli
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nicolas Gailly
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rosario Gennaro
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Philipp Jovanovic
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mara Mihali
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Justin Thaler
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Matteo Campanelli .

Editor information

Editors and Affiliations

  1. Technology Innovation Institute, Abu Dhabi, United Arab Emirates

    Abdelrahaman Aly

  2. NTT Social Informatics Laboratories, Tokyo, Japan

    Mehdi Tibouchi

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Campanelli, M., Gailly, N., Gennaro, R., Jovanovic, P., Mihali, M., Thaler, J. (2023). \(\textsf{Testudo}\): Linear Time Prover SNARKs with Constant Size Proofs and Square Root Size Universal Setup. In: Aly, A., Tibouchi, M. (eds) Progress in Cryptology – LATINCRYPT 2023. LATINCRYPT 2023. Lecture Notes in Computer Science, vol 14168. Springer, Cham. https://doi.org/10.1007/978-3-031-44469-2_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-44469-2_17

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-44468-5

  • Online ISBN: 978-3-031-44469-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation