Skip to main content
Springer Nature Link
Log in

Practical Zero-Knowledge Proofs for Circuit Evaluation

  • Conference paper
Cryptography and Coding (IMACC 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5921))

Included in the following conference series:

Abstract

Showing that a circuit is satisfiable without revealing information is a key problem in modern cryptography. The related (and more general) problem of showing that a circuit evaluates to a particular value if executed on the input contained in a public commitment has potentially multiple practical applications. Although numerous solutions for the problem had been proposed, their practical applicability is poorly understood.

In this paper, we take an important step towards moving existent solutions to practice. We implement and evaluate four solutions for the problem. We investigate solutions both in the common reference string model and the random oracle model. In particular, in the CRS model we use the recent techniques of Groth–Sahai for proofs that use bilinear groups in the asymmetric pairings environment. We provide various optimizations to the different solutions we investigate. We present timing results for two circuits the larger of which is an implementation of AES that uses about 30000 gates.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  2. Bellare, M., Garay, J., Rabin, T.: Fast batch verification for modular exponentiation and digital signatures. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 236–250. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  3. Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Conference on Computer and Communication Security – CCS 1993, pp. 62–73. ACM, New York (1993)

    Chapter  Google Scholar 

  4. Blum, M., Feldman, P., Micali, S.: Non-interactive zero-knowledge and its applications. In: Symposium on Theoretical Computer Science – STOC 1988, pp. 103–112. ACM, New York (1988)

    Google Scholar 

  5. Boneh, D., Goh, E.-J., Nissim, K.: Evaluating 2-DNF formulas on ciphertexts. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 325–341. Springer, Heidelberg (2005)

    Google Scholar 

  6. Boyar, J., DamgÃ¥rd, I., Peralta, R.: Short non-interactive cryptographic proofs. Journal of Cryptology 13, 449–472 (2000)

    Article  MATH  Google Scholar 

  7. Brickell, E., Gordon, D., McCurley, K., Wilson, D.: Fast exponentiation with precomputation. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 200–207. Springer, Heidelberg (1993)

    Chapter  Google Scholar 

  8. Camenisch, J., Hohenberger, S., Pedersen, M.: Batch verification of short signatures. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 246–263. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  9. Camenisch, J., Stadler, M.: Efficient group signature schemes for large groups. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 410–424. Springer, Heidelberg (1997)

    Google Scholar 

  10. Cramer, R., DamgÃ¥rd, I.: Zero-knowledge proofs for finite field arithmetic, or: Can zero-knowledge be for free? In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 424–441. Springer, Heidelberg (1998)

    Google Scholar 

  11. Cramer, R., DamgÃ¥rd, I., Schoenmakers, B.: Proofs of partial knowledge. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (1994)

    Google Scholar 

  12. DamgÃ¥rd, I.: Non-interactive circuit based proofs and non-interactive proofs of knowledge with preprocessing. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 341–355. Springer, Heidelberg (1993)

    Chapter  Google Scholar 

  13. De Santis, A., Di Crescenzo, G., Persiano, G.: Non-interactive zero-knowledge: A low-randomness characterization of NP. In: Wiedermann, J., Van Emde Boas, P., Nielsen, M. (eds.) ICALP 1999. LNCS, vol. 1644, pp. 271–280. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  14. De Santis, A., Di Crescenzo, G., Persiano, G.: Randomness-optimal characterization of two NP proof systems. In: Rolim, J.D.P., Vadhan, S.P. (eds.) RANDOM 2002. LNCS, vol. 2483, pp. 179–193. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  15. Feige, U., Lapidot, D., Shamir, A.: Non-interactive zero-knowledge proofs based on a single random string. In: Symposium of Foundations of Computer Science – FOCS 1990, pp. 308–317 (1990)

    Google Scholar 

  16. Galraith, S., Paterson, K., Smart, N.P.: Pairings for cryptographers. Discrete Applied Mathematics 156, 3113–3121 (2008)

    Article  MathSciNet  Google Scholar 

  17. Granger, R., Smart, N.P.: On computing products of pairings. Cryptology ePrint Archive, Report 2006/172 (2006), http://eprint.iacr.org/2006/172/

  18. Groth, J., Ostrovsky, R., Sahai, A.: Non-interactive Zaps and new techniques for NIZK. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 97–111. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  19. Groth, J., Ostrovsky, R., Sahai, A.: Perfect Non-interactive zero-knowledge for NP. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 339–358. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  20. Groth, J., Ostrovsky, R., Sahai, A.: New techniques for non-interactive zero-knowledge. Full version of [18] and [19], http://www.brics.dk/~jg/NIZKJournal3.ps

  21. Groth, J., Sahai, A.: Efficient non-interactive proof systems for bilinear groups. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 415–432. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  22. Hess, F., Smart, N.P., Vercauteren, F.: The Eta pairing revisited. IEEE Transactions on Information Theory 52, 4595–4602 (2006)

    Article  MathSciNet  Google Scholar 

  23. Kilian, J., Petrank, E.: An efficient non-interactive proof system for NP with general assumptions. Journal of Cryptology 11, 1–27 (1998)

    Article  MATH  MathSciNet  Google Scholar 

  24. Nguyen, K.Q., Bao, F., Mu, Y., Varadharajan, V.: Zero-knowledge proofs of possession of digital signatures and its applications. In: Varadharajan, V., Mu, Y. (eds.) ICICS 1999. LNCS, vol. 1726, pp. 103–118. Springer, Heidelberg (1999)

    Google Scholar 

  25. Okamoto, T.: Provable secure and practical identification schemes and corresponding signature schemes. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 31–53. Springer, Heidelberg (1993)

    Google Scholar 

  26. Schnorr, C.P.: Efficient signature generation by smart cards. Journal of Cryptology 4, 161–174 (1991)

    Article  MATH  Google Scholar 

  27. SECG. Standards for Efficient Cryptography, SEC 2: Recommended elliptic curve domain parameters, http://www.secg.org .

  28. Szydlo, M.: Risk assurance for hedge funds using zero knowledge proofs. In: S. Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 156–171. Springer, Heidelberg (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dept. Computer Science, University of Bristol, Merchant Venturers Building, Woodland Road, Bristol, BS8 1UB, United Kingdom

    Essam Ghadafi, Nigel P. Smart & Bogdan Warinschi

Authors
  1. Essam Ghadafi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nigel P. Smart
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bogdan Warinschi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. The Selmer Centre Department of Informatics, University of Bergen, P.O. Box 7800, N-5020, Bergen, Norway

    Matthew G. Parker

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ghadafi, E., Smart, N.P., Warinschi, B. (2009). Practical Zero-Knowledge Proofs for Circuit Evaluation. In: Parker, M.G. (eds) Cryptography and Coding. IMACC 2009. Lecture Notes in Computer Science, vol 5921. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10868-6_28

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-10868-6_28

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-10867-9

  • Online ISBN: 978-3-642-10868-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics