Efficient Generic Arithmetic for KKW: Practical Linear MPC-in-the-Head NIZK on Commodity Hardware Without Trusted Setup

David Heath; Vladimir Kolesnikov; Jiahui Lu

doi:10.1007/978-3-030-78086-9_31

Efficient Generic Arithmetic for KKW: Practical Linear MPC-in-the-Head NIZK on Commodity Hardware Without Trusted Setup

David Heath, Vladimir Kolesnikov, Jiahui Lu

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Katz et al., CCS 2018 (KKW) is a popular and efficient MPC-in-the-head non-interactive ZKP (NIZK) scheme, which is the technical core of the post-quantum signature scheme Picnic, currently considered for standardization by NIST. The KKW approach simultaneously is concretely efficient, even on commodity hardware, and does not rely on trusted setup. Importantly, the approach scales linearly in the circuit size with low constants with respect to proof generation time, proof verification time, proof size, and RAM consumption. However, KKW works with Boolean circuits only and hence incurs significant cost for circuits that include arithmetic operations. In this work, we extend KKW with a suite of efficient arithmetic operations over arbitrary rings and Boolean conversions. Rings Z2k are important for NIZK as they naturally match the basic operations of modern programs and CPUs. In particular, we: – present a suitable ring representation consistent with KKW, – construct efficient conversion operators that translate between arithmetic and Boolean representations, and – demonstrate how to efficiently operate over the arithmetic representation, including a vector dot product of length-n vectors with cost equal to that of a single multiplication. These improvements substantially improve KKW for circuits with arithmetic. As one example, we can multiply 100 × 100 square matrices of 32 bit number using 3200 × smaller proof size than standard KKW (100 × improvement from our dot product construction and 32 × from moving to an arithmetic representation). We discuss in detail proof size and resource consumption and argue the practicality of running large proofs on commodity hardware.

Original language	English (US)
Title of host publication	Cyber Security Cryptography and Machine Learning - 5th International Symposium, CSCML 2021, Proceedings
Editors	Shlomi Dolev, Oded Margalit, Benny Pinkas, Alexander Schwarzmann
Publisher	Springer
Pages	414-431
Number of pages	18
ISBN (Print)	9783030780852
DOIs	https://doi.org/10.1007/978-3-030-78086-9_31
State	Published - 2021
Externally published	Yes
Event	5th International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2021 - Be'er Sheva, Israel Duration: Jul 8 2021 → Jul 9 2021

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	12716 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	5th International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2021
Country/Territory	Israel
City	Be'er Sheva
Period	7/8/21 → 7/9/21

Keywords

MPC-in-the-Head
Zero knowledge

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Online availability

10.1007/978-3-030-78086-9_31

Library availability

Discover UIUC Full Text

Cite this

Heath, D., Kolesnikov, V., & Lu, J. (2021). Efficient Generic Arithmetic for KKW: Practical Linear MPC-in-the-Head NIZK on Commodity Hardware Without Trusted Setup. In S. Dolev, O. Margalit, B. Pinkas, & A. Schwarzmann (Eds.), Cyber Security Cryptography and Machine Learning - 5th International Symposium, CSCML 2021, Proceedings (pp. 414-431). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12716 LNCS). Springer. https://doi.org/10.1007/978-3-030-78086-9_31

Efficient Generic Arithmetic for KKW : Practical Linear MPC-in-the-Head NIZK on Commodity Hardware Without Trusted Setup. / Heath, David; Kolesnikov, Vladimir; Lu, Jiahui.

Cyber Security Cryptography and Machine Learning - 5th International Symposium, CSCML 2021, Proceedings. ed. / Shlomi Dolev; Oded Margalit; Benny Pinkas; Alexander Schwarzmann. Springer, 2021. p. 414-431 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12716 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Heath, D, Kolesnikov, V & Lu, J 2021, Efficient Generic Arithmetic for KKW: Practical Linear MPC-in-the-Head NIZK on Commodity Hardware Without Trusted Setup. in S Dolev, O Margalit, B Pinkas & A Schwarzmann (eds), Cyber Security Cryptography and Machine Learning - 5th International Symposium, CSCML 2021, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 12716 LNCS, Springer, pp. 414-431, 5th International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2021, Be'er Sheva, Israel, 7/8/21. https://doi.org/10.1007/978-3-030-78086-9_31

Heath D, Kolesnikov V, Lu J. Efficient Generic Arithmetic for KKW: Practical Linear MPC-in-the-Head NIZK on Commodity Hardware Without Trusted Setup. In Dolev S, Margalit O, Pinkas B, Schwarzmann A, editors, Cyber Security Cryptography and Machine Learning - 5th International Symposium, CSCML 2021, Proceedings. Springer. 2021. p. 414-431. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-78086-9_31

Heath, David ; Kolesnikov, Vladimir ; Lu, Jiahui. / Efficient Generic Arithmetic for KKW : Practical Linear MPC-in-the-Head NIZK on Commodity Hardware Without Trusted Setup. Cyber Security Cryptography and Machine Learning - 5th International Symposium, CSCML 2021, Proceedings. editor / Shlomi Dolev ; Oded Margalit ; Benny Pinkas ; Alexander Schwarzmann. Springer, 2021. pp. 414-431 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{d3100c2d65f44bbbb7c5189c56761d7d,

title = "Efficient Generic Arithmetic for KKW: Practical Linear MPC-in-the-Head NIZK on Commodity Hardware Without Trusted Setup",

abstract = "Katz et al., CCS 2018 (KKW) is a popular and efficient MPC-in-the-head non-interactive ZKP (NIZK) scheme, which is the technical core of the post-quantum signature scheme Picnic, currently considered for standardization by NIST. The KKW approach simultaneously is concretely efficient, even on commodity hardware, and does not rely on trusted setup. Importantly, the approach scales linearly in the circuit size with low constants with respect to proof generation time, proof verification time, proof size, and RAM consumption. However, KKW works with Boolean circuits only and hence incurs significant cost for circuits that include arithmetic operations. In this work, we extend KKW with a suite of efficient arithmetic operations over arbitrary rings and Boolean conversions. Rings Z2k are important for NIZK as they naturally match the basic operations of modern programs and CPUs. In particular, we: – present a suitable ring representation consistent with KKW, – construct efficient conversion operators that translate between arithmetic and Boolean representations, and – demonstrate how to efficiently operate over the arithmetic representation, including a vector dot product of length-n vectors with cost equal to that of a single multiplication. These improvements substantially improve KKW for circuits with arithmetic. As one example, we can multiply 100 × 100 square matrices of 32 bit number using 3200 × smaller proof size than standard KKW (100 × improvement from our dot product construction and 32 × from moving to an arithmetic representation). We discuss in detail proof size and resource consumption and argue the practicality of running large proofs on commodity hardware.",

keywords = "MPC-in-the-Head, Zero knowledge",

author = "David Heath and Vladimir Kolesnikov and Jiahui Lu",

note = "Funding Information: Acknowledgements. This work was supported in part by NSF award #1909769, by a Facebook research award, and by Georgia Tech{\textquoteright}s IISP cybersecurity seed funding (CSF) award. Publisher Copyright: {\textcopyright} 2021, Springer Nature Switzerland AG.; 5th International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2021 ; Conference date: 08-07-2021 Through 09-07-2021",

year = "2021",

doi = "10.1007/978-3-030-78086-9_31",

language = "English (US)",

isbn = "9783030780852",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "414--431",

editor = "Shlomi Dolev and Oded Margalit and Benny Pinkas and Alexander Schwarzmann",

booktitle = "Cyber Security Cryptography and Machine Learning - 5th International Symposium, CSCML 2021, Proceedings",

address = "Germany",

}

TY - GEN

T1 - Efficient Generic Arithmetic for KKW

T2 - 5th International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2021

AU - Heath, David

AU - Kolesnikov, Vladimir

AU - Lu, Jiahui

N1 - Funding Information: Acknowledgements. This work was supported in part by NSF award #1909769, by a Facebook research award, and by Georgia Tech’s IISP cybersecurity seed funding (CSF) award. Publisher Copyright: © 2021, Springer Nature Switzerland AG.

PY - 2021

Y1 - 2021

N2 - Katz et al., CCS 2018 (KKW) is a popular and efficient MPC-in-the-head non-interactive ZKP (NIZK) scheme, which is the technical core of the post-quantum signature scheme Picnic, currently considered for standardization by NIST. The KKW approach simultaneously is concretely efficient, even on commodity hardware, and does not rely on trusted setup. Importantly, the approach scales linearly in the circuit size with low constants with respect to proof generation time, proof verification time, proof size, and RAM consumption. However, KKW works with Boolean circuits only and hence incurs significant cost for circuits that include arithmetic operations. In this work, we extend KKW with a suite of efficient arithmetic operations over arbitrary rings and Boolean conversions. Rings Z2k are important for NIZK as they naturally match the basic operations of modern programs and CPUs. In particular, we: – present a suitable ring representation consistent with KKW, – construct efficient conversion operators that translate between arithmetic and Boolean representations, and – demonstrate how to efficiently operate over the arithmetic representation, including a vector dot product of length-n vectors with cost equal to that of a single multiplication. These improvements substantially improve KKW for circuits with arithmetic. As one example, we can multiply 100 × 100 square matrices of 32 bit number using 3200 × smaller proof size than standard KKW (100 × improvement from our dot product construction and 32 × from moving to an arithmetic representation). We discuss in detail proof size and resource consumption and argue the practicality of running large proofs on commodity hardware.

AB - Katz et al., CCS 2018 (KKW) is a popular and efficient MPC-in-the-head non-interactive ZKP (NIZK) scheme, which is the technical core of the post-quantum signature scheme Picnic, currently considered for standardization by NIST. The KKW approach simultaneously is concretely efficient, even on commodity hardware, and does not rely on trusted setup. Importantly, the approach scales linearly in the circuit size with low constants with respect to proof generation time, proof verification time, proof size, and RAM consumption. However, KKW works with Boolean circuits only and hence incurs significant cost for circuits that include arithmetic operations. In this work, we extend KKW with a suite of efficient arithmetic operations over arbitrary rings and Boolean conversions. Rings Z2k are important for NIZK as they naturally match the basic operations of modern programs and CPUs. In particular, we: – present a suitable ring representation consistent with KKW, – construct efficient conversion operators that translate between arithmetic and Boolean representations, and – demonstrate how to efficiently operate over the arithmetic representation, including a vector dot product of length-n vectors with cost equal to that of a single multiplication. These improvements substantially improve KKW for circuits with arithmetic. As one example, we can multiply 100 × 100 square matrices of 32 bit number using 3200 × smaller proof size than standard KKW (100 × improvement from our dot product construction and 32 × from moving to an arithmetic representation). We discuss in detail proof size and resource consumption and argue the practicality of running large proofs on commodity hardware.

KW - MPC-in-the-Head

KW - Zero knowledge

UR - http://www.scopus.com/inward/record.url?scp=85112022047&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85112022047&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-78086-9_31

DO - 10.1007/978-3-030-78086-9_31

M3 - Conference contribution

AN - SCOPUS:85112022047

SN - 9783030780852

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 414

EP - 431

BT - Cyber Security Cryptography and Machine Learning - 5th International Symposium, CSCML 2021, Proceedings

A2 - Dolev, Shlomi

A2 - Margalit, Oded

A2 - Pinkas, Benny

A2 - Schwarzmann, Alexander

PB - Springer

Y2 - 8 July 2021 through 9 July 2021

ER -

Efficient Generic Arithmetic for KKW: Practical Linear MPC-in-the-Head NIZK on Commodity Hardware Without Trusted Setup

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this