Skip to main content
Springer Nature Link
Log in

Efficient KZG-Based Univariate Sum-Check and Lookup Argument

  • Conference paper
  • First Online:
Public-Key Cryptography – PKC 2024 (PKC 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14602))

Included in the following conference series:

  • 645 Accesses

Abstract

We propose a novel KZG-based sum-check scheme, dubbed \(\textsf{Losum}\), with optimal efficiency. Particularly, its proving cost is one multi-scalar-multiplication of size k—the number of non-zero entries in the vector, its verification cost is one pairing plus one group scalar multiplication, and the proof consists of only one group element.

Using \(\textsf{Losum}\) as a component, we then construct a new lookup argument, named \(\textsf{Locq}\), which enjoys a smaller proof size and a lower verification cost compared to the state of the arts \(\textsf{cq}\), \(\textsf{cq}\)+ and \(\textsf{cq}\)++. Specifically, the proving cost of \(\textsf{Locq}\) is comparable to \(\textsf{cq}\), keeping the advantage that the proving cost is independent of the table size after preprocessing. For verification, \(\textsf{Locq}\) costs four pairings, while \(\textsf{cq}\), \(\textsf{cq}\)+ and \(\textsf{cq}\)++ require five, five and six pairings, respectively. For proof size, a \(\textsf{Locq}\) proof consists of four \(\mathbb {G}_1\) elements and one \(\mathbb {G}_2\) element; when instantiated with the BLS12-381 curve, the proof size of \(\textsf{Locq}\) is 2304 bits, while \(\textsf{cq}\), \(\textsf{cq}\)+ and \(\textsf{cq}\)++ have 3840, 3328 and 2944 bits, respectively. Moreover, \(\textsf{Locq}\) is zero-knowledge as \(\textsf{cq}\)+ and \(\textsf{cq}\)++, whereas \(\textsf{cq}\) is not. \(\textsf{Locq}\) is more efficient even compared to the non-zero-knowledge (and more efficient) versions of \(\textsf{cq}\)+ and \(\textsf{cq}\)++.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Concurrent to this work.

  2. 2.

    This requires the table has been randomized by a mask when computing its commitment, before putting it into the lookup argument.

  3. 3.

    The cost of one scalar multiplication can be ignored compared to the pairing.

  4. 4.

    As long as \(\mathbb {F}\) is sufficiently large, as required by all succinct arguments.

  5. 5.

    https://zka.lc.

References

  1. Bootle, J., Cerulli, A., Groth, J., Jakobsen, S., Maller, M.: Arya: nearly linear-time zero-knowledge proofs for correct program execution. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11272, pp. 595–626. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03326-2_20

    Chapter  Google Scholar 

  2. Ben-Sasson, E., Chiesa, A., Riabzev, M., Spooner, N., Virza, M., Ward, N.P.: Aurora: transparent succinct arguments for R1CS. In: Ishai, Y., Rijmen, V. (eds.) Advances in Cryptology – EUROCRYPT 2019, vol. 11476, pp. 103–128. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17653-2_4, http://link.springer.com/10.1007/978-3-030-17653-2_4

  3. Blum, M., Evans, W.S., Gemmell, P., Kannan, S., Naor, M.: Checking the correctness of memories. In: 32nd Annual Symposium on Foundations of Computer Science, San Juan, Puerto Rico, 1–4 October 1991, pp. 90–99. IEEE Computer Society (1991)

    Google Scholar 

  4. Chen, B., Bünz, B., Boneh, D., Zhang, Z.: HyperPlonk: plonk with linear-time prover and high-degree custom gates (2022). https://eprint.iacr.org/2022/1355

  5. Campanelli, M., Faonio, A., Fiore, D., Li, T., Lipmaa, H.: Lookup arguments: improvements, extensions and applications to zero-knowledge decision trees (2023)

    Google Scholar 

  6. Chiesa, A., Hu, Y., Maller, M., Mishra, P., Vesely, N., Ward, N.: Marlin: preprocessing zkSNARKs with universal and updatable SRS. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12105, pp. 738–768. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45721-1_26

    Chapter  Google Scholar 

  7. Chiesa, A., Ojha, D., Spooner, N.: Fractal: post-quantum and transparent recursive proofs from holography. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12105, pp. 769–793. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45721-1_27

    Chapter  Google Scholar 

  8. Eagen, L., Fiore, D., Gabizon, A.: CQ: cached quotients for fast lookups (2022). https://eprint.iacr.org/2022/1763

  9. Fuchsbauer, G., Kiltz, E., Loss, J.: The algebraic group model and its applications. Technical report 620 (2017). http://eprint.iacr.org/2017/620

  10. Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987). https://doi.org/10.1007/3-540-47721-7_12

    Chapter  Google Scholar 

  11. Gabizon, A., Khovratovich, D.: Flookup: fractional decomposition-based lookups in quasi-linear time independent of table size (2022). https://eprint.iacr.org/2022/1447

  12. Goldwasser, S., Kalai, Y.T., Rothblum, G.N.: Delegating computation: interactive proofs for muggles. In: Proceedings of the Fourtieth Annual ACM Symposium on Theory of Computing - STOC 2008, p. 113. ACM Press (2008). http://dl.acm.org/citation.cfm?doid=1374376.1374396

  13. Goldberg, L., Papini, S., Riabzev, M.: Cairo – a Turing-complete STARK-friendly CPU architecture. Technical report 1063 (2021). http://eprint.iacr.org/2021/1063

  14. Groth, Jens: On the size of pairing-based non-interactive arguments. In: Fischlin, Marc, Coron, Jean-Sébastien. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 305–326. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49896-5_11, http://link.springer.com/10.1007/978-3-662-49896-5_11

  15. Gabizon, A., Williamson, Z.J.: Plookup: a simplified polynomial protocol for lookup tables. Technical report 315 (2020). http://eprint.iacr.org/2020/315

  16. Haböck, U.: Multivariate lookups based on logarithmic derivatives (2022)

    Google Scholar 

  17. Kung, H.-T.: Fast evaluation and interpolation. Carnegie-Mellon University, Department of Computer Science (1973)

    Google Scholar 

  18. Kate, A., Zaverucha, G.M., Goldberg, I.: Constant-size commitments to polynomials and their applications. In: Abe, M. (eds.) Advances in Cryptology – ASIACRYPT 2010. ASIACRYPT 2010. LNCS, vol. 6477, pp. 177–194. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17373-8_11, http://link.springer.com/10.1007/978-3-642-17373-8_11

  19. Lund, C., Fortnow, L., Karloff, H.J., Nisan, N.: Algebraic methods for interactive proof systems. In: 31st Annual Symposium on Foundations of Computer Science, vol. 1, pp. 2–10. IEEE Computer Society (1990)

    Google Scholar 

  20. Team Miden. Miden VM Documentation (2022). https://maticnetwork.github.io/miden/

  21. Pearson, L., Fitzgerald, J., Masip, H., Bellés-Munoz, M., Munoz-Tapia, J.L.: PlonKup: reconciling PlonK with Plookup. Technical report 086 (2022). https://eprint.iacr.org/2022/086

  22. Parno, B., Howell, J., Gentry, C., Raykova, M.: Pinocchio: nearly practical verifiable computation. In: 2013 IEEE Symposium on Security and Privacy, pp. 238–252. IEEE, May 2013. http://ieeexplore.ieee.org/document/6547113/

  23. Posen, J., Kattis, A.A.: Caulk+: table-independent lookup arguments. Cryptology ePrint Archive (2022). https://eprint.iacr.org/2022/957

  24. Team RiscZero. RISC Zero: General-Purpose Verifiable Computing (2022). https://risczero.com/

  25. Team Scroll. Scroll (2022). https://scroll.io/

  26. Setty, S.: Spartan: efficient and general-purpose zkSNARKs without trusted setup. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12172, pp. 704–737. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56877-1_25

    Chapter  Google Scholar 

  27. Szepieniec, A., Lemmens, A., Sauer, J.F., Threadbare, B.: The Tip5 Hash Function for Recursive STARKs (2023)

    Google Scholar 

  28. Setty, S., Thaler, J., Wahby, R.: Unlocking the lookup singularity with Lasso (2023)

    Google Scholar 

  29. Triton VM. Triton VM, September 2022

    Google Scholar 

  30. Xie, T., Zhang, J., Zhang, Y., Papamanthou, C., Song, D.: Libra: succinct zero-knowledge proofs with optimal prover computation. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11694, pp. 733–764. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26954-8_24

    Chapter  Google Scholar 

  31. Zapico, A., Buterin, V., Khovratovich, D., Maller, M., Nitulescu, A., Simkin, M.: Caulk: lookup arguments in sublinear time. Technical report 621 (2022)

    Google Scholar 

  32. Zapico, A., Gabizon, A., Khovratovich, D., Maller, M., Ràfols, C.: Baloo: nearly optimal lookup arguments (2022). https://eprint.iacr.org/2022/1565

  33. zkSync Team. zkSync (2022). https://zksync.io/

  34. Zhang, J., Xie, T., Zhang, Y., Song, D.: Transparent polynomial delegation and its applications to zero knowledge proof. In: 2020 IEEE Symposium on Security and Privacy, SP 2020, pp. 859–876. IEEE (2020)

    Google Scholar 

Download references

Acknowledgement

This work is partially supported by Shanghai Science and Technology Innovation Action Plan (Grant No. 23511101100), the National Key Research and Development Project (Grant No. 2020YFA0712300) and the National Natural Science Foundation of China (Grant No. 62272294). We thank Ren Zhang and Alan Szepieniec for their valuable comments and feedback. We thank the anonymous reviewers for their careful examination of our work and their insightful comments and constructive suggestions.

Author information

Authors and Affiliations

  1. Shanghai Jiao Tong University, Shanghai, China

    Yuncong Zhang, Shi-Feng Sun & Dawu Gu

  2. Shanghai Jiao Tong University (Wuxi) Blockchain Advanced Research Center, Wuxi, China

    Dawu Gu

Authors
  1. Yuncong Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shi-Feng Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dawu Gu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Shi-Feng Sun or Dawu Gu .

Editor information

Editors and Affiliations

  1. The University of Sydney, Sydney, NSW, Australia

    Qiang Tang

  2. The Australian National University, Acton, ACT, Australia

    Vanessa Teague

Rights and permissions

Reprints and permissions

Copyright information

© 2024 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zhang, Y., Sun, SF., Gu, D. (2024). Efficient KZG-Based Univariate Sum-Check and Lookup Argument. In: Tang, Q., Teague, V. (eds) Public-Key Cryptography – PKC 2024. PKC 2024. Lecture Notes in Computer Science, vol 14602. Springer, Cham. https://doi.org/10.1007/978-3-031-57722-2_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-57722-2_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-57721-5

  • Online ISBN: 978-3-031-57722-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships