Proving UNSAT in Zero Knowledge

Ning Luo; Timos Antonopoulos; William R. Harris; Ruzica Piskac; Eran Tromer; Xiao Wang

doi:10.1145/3548606.3559373

Proving UNSAT in Zero Knowledge

Ning Luo, Timos Antonopoulos, William R. Harris, Ruzica Piskac, Eran Tromer, Xiao Wang

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Zero-knowledge (ZK) protocols enable one party to prove to others that it knows a fact without revealing any information about the evidence for such knowledge. There exist ZK protocols for all problems in NP, and recent works developed highly efficient protocols for proving knowledge of satisfying assignments to Boolean formulas, circuits and other NP formalisms. This work shows an efficient protocol for the converse: proving formula unsatisfiability in ZK (when the prover posses a non-ZK proof). An immediate practical application is efficiently proving safety of secret programs. The key insight is to prove, in ZK, the validity of resolution proofs of unsatisfiability. This is efficiently realized using an algebraic representation that exploits resolution proofs' structure to represent formula clauses as low-degree polynomials, combined with ZK random-access arguments. Only the proof's dimensions are revealed. We implemented our protocol and used it to prove unsatisfiability of formulas that encode combinatoric problems and program correctness conditions in standard verification benchmarks, including Linux kernel drivers and Intel cryptography modules. The results demonstrate both that our protocol has practical utility, and that its aggressive optimizations, based on non-trivial encodings, significantly improve practical performance.

Original language	English (US)
Title of host publication	CCS 2022 - Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security
Publisher	Association for Computing Machinery
Pages	2203-2217
Number of pages	15
ISBN (Electronic)	9781450394505
DOIs	https://doi.org/10.1145/3548606.3559373
State	Published - Nov 7 2022
Externally published	Yes
Event	28th ACM SIGSAC Conference on Computer and Communications Security, CCS 2022 - Los Angeles, United States Duration: Nov 7 2022 → Nov 11 2022

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)	1543-7221

Conference

Conference	28th ACM SIGSAC Conference on Computer and Communications Security, CCS 2022
Country/Territory	United States
City	Los Angeles
Period	11/7/22 → 11/11/22

Keywords

propositional unsatisfiability
zero-knowledge proofs

ASJC Scopus subject areas

Software
Computer Networks and Communications

Online availability

10.1145/3548606.3559373

Library availability

Discover UIUC Full Text

Cite this

Luo, N., Antonopoulos, T., Harris, W. R., Piskac, R., Tromer, E., & Wang, X. (2022). Proving UNSAT in Zero Knowledge. In CCS 2022 - Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (pp. 2203-2217). (Proceedings of the ACM Conference on Computer and Communications Security). Association for Computing Machinery. https://doi.org/10.1145/3548606.3559373

Proving UNSAT in Zero Knowledge. / Luo, Ning; Antonopoulos, Timos; Harris, William R. et al.
CCS 2022 - Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, 2022. p. 2203-2217 (Proceedings of the ACM Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Luo, N, Antonopoulos, T, Harris, WR, Piskac, R, Tromer, E & Wang, X 2022, Proving UNSAT in Zero Knowledge. in CCS 2022 - Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. Proceedings of the ACM Conference on Computer and Communications Security, Association for Computing Machinery, pp. 2203-2217, 28th ACM SIGSAC Conference on Computer and Communications Security, CCS 2022, Los Angeles, United States, 11/7/22. https://doi.org/10.1145/3548606.3559373

Luo N, Antonopoulos T, Harris WR, Piskac R, Tromer E, Wang X. Proving UNSAT in Zero Knowledge. In CCS 2022 - Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery. 2022. p. 2203-2217. (Proceedings of the ACM Conference on Computer and Communications Security). Epub 2022 Nov 7. doi: 10.1145/3548606.3559373

@inproceedings{39b625873b7f42b3b462aa733fe32418,

title = "Proving UNSAT in Zero Knowledge",

abstract = "Zero-knowledge (ZK) protocols enable one party to prove to others that it knows a fact without revealing any information about the evidence for such knowledge. There exist ZK protocols for all problems in NP, and recent works developed highly efficient protocols for proving knowledge of satisfying assignments to Boolean formulas, circuits and other NP formalisms. This work shows an efficient protocol for the converse: proving formula unsatisfiability in ZK (when the prover posses a non-ZK proof). An immediate practical application is efficiently proving safety of secret programs. The key insight is to prove, in ZK, the validity of resolution proofs of unsatisfiability. This is efficiently realized using an algebraic representation that exploits resolution proofs' structure to represent formula clauses as low-degree polynomials, combined with ZK random-access arguments. Only the proof's dimensions are revealed. We implemented our protocol and used it to prove unsatisfiability of formulas that encode combinatoric problems and program correctness conditions in standard verification benchmarks, including Linux kernel drivers and Intel cryptography modules. The results demonstrate both that our protocol has practical utility, and that its aggressive optimizations, based on non-trivial encodings, significantly improve practical performance.",

keywords = "propositional unsatisfiability, zero-knowledge proofs",

author = "Ning Luo and Timos Antonopoulos and Harris, {William R.} and Ruzica Piskac and Eran Tromer and Xiao Wang",

note = "Work by William Harris and Eran Tromer is supported in part by DARPA under Contract No. HR001120C0085. Work by Xiao Wang is supported in part by DARPA under Contract No. HR001120C0087, NSF award CNS-2016240, and research awards from Meta and Google. Work by Timos Antonopoulos has been supported in part by ONR under Grant N00014-17-1-2787 and by NSF awards CCF-2106845, CCF-2131476. Work by Ruzica Piskac and Ning Luo is supported in part by NSF award CNS-1562888 and CCF-2131476. The views, opinions, and/or findings expressed are those of the author(s) and should not be interpreted as representing the official views or policies of the Department of Defense or the U.S. Government. Distribution Statement “A” (Approved for Public Release, Distribution Unlimited).; 28th ACM SIGSAC Conference on Computer and Communications Security, CCS 2022 ; Conference date: 07-11-2022 Through 11-11-2022",

year = "2022",

month = nov,

day = "7",

doi = "10.1145/3548606.3559373",

language = "English (US)",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery",

pages = "2203--2217",

booktitle = "CCS 2022 - Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security",

address = "United States",

}

TY - GEN

T1 - Proving UNSAT in Zero Knowledge

AU - Luo, Ning

AU - Antonopoulos, Timos

AU - Harris, William R.

AU - Piskac, Ruzica

AU - Tromer, Eran

AU - Wang, Xiao

N1 - Work by William Harris and Eran Tromer is supported in part by DARPA under Contract No. HR001120C0085. Work by Xiao Wang is supported in part by DARPA under Contract No. HR001120C0087, NSF award CNS-2016240, and research awards from Meta and Google. Work by Timos Antonopoulos has been supported in part by ONR under Grant N00014-17-1-2787 and by NSF awards CCF-2106845, CCF-2131476. Work by Ruzica Piskac and Ning Luo is supported in part by NSF award CNS-1562888 and CCF-2131476. The views, opinions, and/or findings expressed are those of the author(s) and should not be interpreted as representing the official views or policies of the Department of Defense or the U.S. Government. Distribution Statement “A” (Approved for Public Release, Distribution Unlimited).

PY - 2022/11/7

Y1 - 2022/11/7

N2 - Zero-knowledge (ZK) protocols enable one party to prove to others that it knows a fact without revealing any information about the evidence for such knowledge. There exist ZK protocols for all problems in NP, and recent works developed highly efficient protocols for proving knowledge of satisfying assignments to Boolean formulas, circuits and other NP formalisms. This work shows an efficient protocol for the converse: proving formula unsatisfiability in ZK (when the prover posses a non-ZK proof). An immediate practical application is efficiently proving safety of secret programs. The key insight is to prove, in ZK, the validity of resolution proofs of unsatisfiability. This is efficiently realized using an algebraic representation that exploits resolution proofs' structure to represent formula clauses as low-degree polynomials, combined with ZK random-access arguments. Only the proof's dimensions are revealed. We implemented our protocol and used it to prove unsatisfiability of formulas that encode combinatoric problems and program correctness conditions in standard verification benchmarks, including Linux kernel drivers and Intel cryptography modules. The results demonstrate both that our protocol has practical utility, and that its aggressive optimizations, based on non-trivial encodings, significantly improve practical performance.

AB - Zero-knowledge (ZK) protocols enable one party to prove to others that it knows a fact without revealing any information about the evidence for such knowledge. There exist ZK protocols for all problems in NP, and recent works developed highly efficient protocols for proving knowledge of satisfying assignments to Boolean formulas, circuits and other NP formalisms. This work shows an efficient protocol for the converse: proving formula unsatisfiability in ZK (when the prover posses a non-ZK proof). An immediate practical application is efficiently proving safety of secret programs. The key insight is to prove, in ZK, the validity of resolution proofs of unsatisfiability. This is efficiently realized using an algebraic representation that exploits resolution proofs' structure to represent formula clauses as low-degree polynomials, combined with ZK random-access arguments. Only the proof's dimensions are revealed. We implemented our protocol and used it to prove unsatisfiability of formulas that encode combinatoric problems and program correctness conditions in standard verification benchmarks, including Linux kernel drivers and Intel cryptography modules. The results demonstrate both that our protocol has practical utility, and that its aggressive optimizations, based on non-trivial encodings, significantly improve practical performance.

KW - propositional unsatisfiability

KW - zero-knowledge proofs

UR - http://www.scopus.com/inward/record.url?scp=85143056494&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85143056494&partnerID=8YFLogxK

U2 - 10.1145/3548606.3559373

DO - 10.1145/3548606.3559373

M3 - Conference contribution

AN - SCOPUS:85143056494

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 2203

EP - 2217

BT - CCS 2022 - Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery

T2 - 28th ACM SIGSAC Conference on Computer and Communications Security, CCS 2022

Y2 - 7 November 2022 through 11 November 2022

ER -

Proving UNSAT in Zero Knowledge

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this