Doubly Efficient Interactive Proofs for General Arithmetic Circuits with Linear Prover Time

Jiaheng Zhang; Tianyi Liu; Weijie Wang; Yinuo Zhang; Dawn Song; Xiang Xie; Yupeng Zhang

doi:10.1145/3460120.3484767

Doubly Efficient Interactive Proofs for General Arithmetic Circuits with Linear Prover Time

Jiaheng Zhang
, Tianyi Liu
, Weijie Wang
, Yinuo Zhang
, Dawn Song
, Xiang Xie
, Yupeng Zhang

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

We propose a new doubly efficient interactive proof protocol for general arithmetic circuits. The protocol generalizes the interactive proof for layered circuits proposed by Goldwasser, Kalai and Rothblum to arbitrary circuits, while preserving the optimal prover complexity that is strictly linear to the size of the circuits. The proof size remains succinct for low depth circuits and the verifier time is sublinear for structured circuits. We then construct a new zero knowledge argument scheme for general arithmetic circuits using our new interactive proof protocol together with polynomial commitments. Our key technique is a new sumcheck equation that reduces a claim about the output of one layer to claims about its input only, instead of claims about all the layers above which inevitably incurs an overhead proportional to the depth of the circuit. We developed efficient algorithms for the prover to run this sumcheck protocol and to combine multiple claims back into one in linear time in the size of the circuit. Not only does our new protocol achieve optimal prover complexity asymptotically, but it is also efficient in practice. Our experiments show that it only takes 0.3 seconds to generate the proof for a circuit with more than 600,000 gates, which is 13 times faster than the original interactive proof protocol on the corresponding layered circuit. The proof size is 208 kilobytes and the verifier time is 66 milliseconds. Our implementation can take general arithmetic circuits directly, without transforming them to layered circuits with a high overhead on the size of the circuit.

Original language	English (US)
Title of host publication	CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security
Publisher	Association for Computing Machinery
Pages	159-177
Number of pages	19
ISBN (Electronic)	9781450384544
DOIs	https://doi.org/10.1145/3460120.3484767
State	Published - Nov 12 2021
Externally published	Yes
Event	27th ACM Annual Conference on Computer and Communication Security, CCS 2021 - Virtual, Online, Korea, Republic of Duration: Nov 15 2021 → Nov 19 2021

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)	1543-7221

Conference

Conference	27th ACM Annual Conference on Computer and Communication Security, CCS 2021
Country/Territory	Korea, Republic of
City	Virtual, Online
Period	11/15/21 → 11/19/21

Keywords

interactive proofs
zero knowledge proofs

ASJC Scopus subject areas

Software
Computer Networks and Communications

Online availability

10.1145/3460120.3484767

Library availability

Discover UIUC Full Text

Cite this

Zhang, J., Liu, T., Wang, W., Zhang, Y., Song, D., Xie, X., & Zhang, Y. (2021). Doubly Efficient Interactive Proofs for General Arithmetic Circuits with Linear Prover Time. In CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (pp. 159-177). (Proceedings of the ACM Conference on Computer and Communications Security). Association for Computing Machinery. https://doi.org/10.1145/3460120.3484767

Doubly Efficient Interactive Proofs for General Arithmetic Circuits with Linear Prover Time. / Zhang, Jiaheng; Liu, Tianyi; Wang, Weijie et al.
CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, 2021. p. 159-177 (Proceedings of the ACM Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Zhang, J, Liu, T, Wang, W, Zhang, Y, Song, D, Xie, X & Zhang, Y 2021, Doubly Efficient Interactive Proofs for General Arithmetic Circuits with Linear Prover Time. in CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. Proceedings of the ACM Conference on Computer and Communications Security, Association for Computing Machinery, pp. 159-177, 27th ACM Annual Conference on Computer and Communication Security, CCS 2021, Virtual, Online, Korea, Republic of, 11/15/21. https://doi.org/10.1145/3460120.3484767

Zhang J, Liu T, Wang W, Zhang Y, Song D, Xie X et al. Doubly Efficient Interactive Proofs for General Arithmetic Circuits with Linear Prover Time. In CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery. 2021. p. 159-177. (Proceedings of the ACM Conference on Computer and Communications Security). doi: 10.1145/3460120.3484767

Zhang, Jiaheng ; Liu, Tianyi ; Wang, Weijie et al. / Doubly Efficient Interactive Proofs for General Arithmetic Circuits with Linear Prover Time. CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, 2021. pp. 159-177 (Proceedings of the ACM Conference on Computer and Communications Security).

@inproceedings{5d40456edc1f4b45bda41d217c5f34da,

title = "Doubly Efficient Interactive Proofs for General Arithmetic Circuits with Linear Prover Time",

abstract = "We propose a new doubly efficient interactive proof protocol for general arithmetic circuits. The protocol generalizes the interactive proof for layered circuits proposed by Goldwasser, Kalai and Rothblum to arbitrary circuits, while preserving the optimal prover complexity that is strictly linear to the size of the circuits. The proof size remains succinct for low depth circuits and the verifier time is sublinear for structured circuits. We then construct a new zero knowledge argument scheme for general arithmetic circuits using our new interactive proof protocol together with polynomial commitments. Our key technique is a new sumcheck equation that reduces a claim about the output of one layer to claims about its input only, instead of claims about all the layers above which inevitably incurs an overhead proportional to the depth of the circuit. We developed efficient algorithms for the prover to run this sumcheck protocol and to combine multiple claims back into one in linear time in the size of the circuit. Not only does our new protocol achieve optimal prover complexity asymptotically, but it is also efficient in practice. Our experiments show that it only takes 0.3 seconds to generate the proof for a circuit with more than 600,000 gates, which is 13 times faster than the original interactive proof protocol on the corresponding layered circuit. The proof size is 208 kilobytes and the verifier time is 66 milliseconds. Our implementation can take general arithmetic circuits directly, without transforming them to layered circuits with a high overhead on the size of the circuit.",

keywords = "interactive proofs, zero knowledge proofs",

author = "Jiaheng Zhang and Tianyi Liu and Weijie Wang and Yinuo Zhang and Dawn Song and Xiang Xie and Yupeng Zhang",

note = "Funding Information: We greatly thank Yuval Ishai for proposing the interesting problem of interactive proofs for general circuits and for the helpful discussions on the paper. This material is based upon work supported by the National Science Foundation (NSF) under Grant No. TWC-1518899, DARPA under Grant No. N66001-15-C-4066 and DARPA under Contract No. HR001120C0087. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of NSF, DARPA. Publisher Copyright: {\textcopyright} 2021 Owner/Author.; 27th ACM Annual Conference on Computer and Communication Security, CCS 2021 ; Conference date: 15-11-2021 Through 19-11-2021",

year = "2021",

month = nov,

day = "12",

doi = "10.1145/3460120.3484767",

language = "English (US)",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery",

pages = "159--177",

booktitle = "CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security",

address = "United States",

}

TY - GEN

T1 - Doubly Efficient Interactive Proofs for General Arithmetic Circuits with Linear Prover Time

AU - Zhang, Jiaheng

AU - Liu, Tianyi

AU - Wang, Weijie

AU - Zhang, Yinuo

AU - Song, Dawn

AU - Xie, Xiang

AU - Zhang, Yupeng

N1 - Funding Information: We greatly thank Yuval Ishai for proposing the interesting problem of interactive proofs for general circuits and for the helpful discussions on the paper. This material is based upon work supported by the National Science Foundation (NSF) under Grant No. TWC-1518899, DARPA under Grant No. N66001-15-C-4066 and DARPA under Contract No. HR001120C0087. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of NSF, DARPA. Publisher Copyright: © 2021 Owner/Author.

PY - 2021/11/12

Y1 - 2021/11/12

N2 - We propose a new doubly efficient interactive proof protocol for general arithmetic circuits. The protocol generalizes the interactive proof for layered circuits proposed by Goldwasser, Kalai and Rothblum to arbitrary circuits, while preserving the optimal prover complexity that is strictly linear to the size of the circuits. The proof size remains succinct for low depth circuits and the verifier time is sublinear for structured circuits. We then construct a new zero knowledge argument scheme for general arithmetic circuits using our new interactive proof protocol together with polynomial commitments. Our key technique is a new sumcheck equation that reduces a claim about the output of one layer to claims about its input only, instead of claims about all the layers above which inevitably incurs an overhead proportional to the depth of the circuit. We developed efficient algorithms for the prover to run this sumcheck protocol and to combine multiple claims back into one in linear time in the size of the circuit. Not only does our new protocol achieve optimal prover complexity asymptotically, but it is also efficient in practice. Our experiments show that it only takes 0.3 seconds to generate the proof for a circuit with more than 600,000 gates, which is 13 times faster than the original interactive proof protocol on the corresponding layered circuit. The proof size is 208 kilobytes and the verifier time is 66 milliseconds. Our implementation can take general arithmetic circuits directly, without transforming them to layered circuits with a high overhead on the size of the circuit.

AB - We propose a new doubly efficient interactive proof protocol for general arithmetic circuits. The protocol generalizes the interactive proof for layered circuits proposed by Goldwasser, Kalai and Rothblum to arbitrary circuits, while preserving the optimal prover complexity that is strictly linear to the size of the circuits. The proof size remains succinct for low depth circuits and the verifier time is sublinear for structured circuits. We then construct a new zero knowledge argument scheme for general arithmetic circuits using our new interactive proof protocol together with polynomial commitments. Our key technique is a new sumcheck equation that reduces a claim about the output of one layer to claims about its input only, instead of claims about all the layers above which inevitably incurs an overhead proportional to the depth of the circuit. We developed efficient algorithms for the prover to run this sumcheck protocol and to combine multiple claims back into one in linear time in the size of the circuit. Not only does our new protocol achieve optimal prover complexity asymptotically, but it is also efficient in practice. Our experiments show that it only takes 0.3 seconds to generate the proof for a circuit with more than 600,000 gates, which is 13 times faster than the original interactive proof protocol on the corresponding layered circuit. The proof size is 208 kilobytes and the verifier time is 66 milliseconds. Our implementation can take general arithmetic circuits directly, without transforming them to layered circuits with a high overhead on the size of the circuit.

KW - interactive proofs

KW - zero knowledge proofs

UR - https://www.scopus.com/pages/publications/85119357200

UR - https://www.scopus.com/pages/publications/85119357200#tab=citedBy

U2 - 10.1145/3460120.3484767

DO - 10.1145/3460120.3484767

M3 - Conference contribution

AN - SCOPUS:85119357200

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 159

EP - 177

BT - CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery

T2 - 27th ACM Annual Conference on Computer and Communication Security, CCS 2021

Y2 - 15 November 2021 through 19 November 2021

ER -

Doubly Efficient Interactive Proofs for General Arithmetic Circuits with Linear Prover Time

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this