Abstract
In this paper, we study zero-knowledge (ZK) proofs for circuit satisfiability that can prove to n verifiers at a time efficiently. The proofs are secure against the collusion of a prover and a subset of t verifiers. We refer to such ZK proofs as multi-verifier zero-knowledge (MVZK) proofs and focus on the case that a majority of verifiers are honest (i.e., \(t<n/2\)). We construct efficient MVZK protocols in the random oracle model where the prover sends one message to each verifier, while the verifiers only exchange one round of messages. When the threshold of corrupted verifiers \(t<n/2\), the prover sends \(1/2+o(1)\) field elements per multiplication gate to every verifier; when \(t<n(1/2-\epsilon )\) for some constant \(0<\epsilon <1/2\), we can further reduce the communication to O(1/n) field elements per multiplication gate per verifier. Our MVZK protocols demonstrate particularly high scalability: the proofs are streamable and only require a memory proportional to what is needed to evaluate the circuit in the clear.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Abe, M.: Robust distributed multiplication without interaction. In: Advances in Cryptology-Crypto 1999. LNCS, vol. 1666, pp. 130–147. Springer (1999). https://doi.org/10.1007/3-540-48405-1_9
Abe, M., Cramer, R., Fehr, S.: Non-interactive distributed-verifier proofs and proving relations among commitments. In: Advances in Cryptology-Asiacrypt 2002. LNCS, pp. 206–223. Springer (2002). https://doi.org/10.1007/3-540-36178-2_13
Ames, S., Hazay, C., Ishai, Y., Venkitasubramaniam, M.: Ligero: lightweight sublinear arguments without a trusted setup. In: ACM Conference on Computer and Communications Security (CCS) 2017, pp. 2087–2104. ACM Press (2017). https://doi.org/10.1145/3133956.3134104
Applebaum, B., Kachlon, E., Patra, A.: Verifiable relation sharing and multi-verifier zero-knowledge in two rounds: trading NIZKs with honest majority. Cryptology ePrint Archive, Paper 2022/167 (2022). https://eprint.iacr.org/2022/167
Baldimtsi, F., Kiayias, A., Zacharias, T., Zhang, B.: Crowd verifiable zero-knowledge and end-to-end verifiable multiparty computation. In: Advances in Cryptology-Asiacrypt 2020, Part III. LNCS, pp. 717–748. Springer (2020). https://doi.org/10.1007/978-3-030-64840-4_24
Baum, C., Braun, L., Munch-Hansen, A., Razet, B., Scholl, P.: Appenzeller to brie: efficient zero-knowledge proofs for mixed-mode arithmetic and Z2k. In: ACM Conference on Computer and Communications Security (CCS) 2021, pp. 192–211. ACM Press (2021). https://doi.org/10.1145/3460120.3484812
Baum, C., Jadoul, R., Orsini, E., Scholl, P., Smart, N.P.: Feta: efficient threshold designated-verifier zero-knowledge proofs. Cryptology ePrint Archive, Paper 2022/082 (2022). https://eprint.iacr.org/2022/082
Baum, C., Malozemoff, A.J., Rosen, M.B., Scholl, P.: \(\sf Mac^{\prime }n^{\prime }Cheese\): zero-knowledge proofs for Boolean and arithmetic circuits with nested disjunctions. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12828, pp. 92–122. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84259-8_4
Beck, G., Goel, A., Jain, A., Kaptchuk, G.: Order-C secure multiparty computation for highly repetitive circuits. In: Advances in Cryptology-Eurocrypt 2021, Part II. LNCS, pp. 663–693. Springer (2021). https://doi.org/10.1007/978-3-030-77886-6_23
Ben-Sasson, E., Bentov, I., Horesh, Y., Riabzev, M.: Scalable zero knowledge with no trusted setup. In: Advances in Cryptology-Crypto 2019, Part III. LNCS, vol. 11694, pp. 701–732. Springer (2019). https://doi.org/10.1007/978-3-030-26954-8_23
Ben-Sasson, E., Chiesa, A., Riabzev, M., Spooner, N., Virza, M., Ward, N.P.: Aurora: transparent succinct arguments for R1CS. In: Advances in Cryptology-Eurocrypt 2019, Part I. LNCS, vol. 11476, pp. 103–128. Springer (2019). https://doi.org/10.1007/978-3-030-17653-2_4
Ben-Sasson, E., Chiesa, A., Spooner, N.: Interactive oracle proofs. In: 9th Theory of Cryptography Conference–TCC 2016, pp. 31–60. LNCS, Springer (2016). https://doi.org/10.1007/978-3-662-53644-5_2
Bhadauria, R., Fang, Z., Hazay, C., Venkitasubramaniam, M., Xie, T., Zhang, Y.: Ligero++: a new optimized sublinear IOP. In: ACM Conference on Computer and Communications Security (CCS) 2020, pp. 2025–2038. ACM Press (2020). https://doi.org/10.1145/3372297.3417893
Boneh, D., Boyle, E., Corrigan-Gibbs, H., Gilboa, N., Ishai, Y.: Zero-knowledge proofs on secret-shared data via fully linear PCPs. In: Advances in Cryptology-Crypto 2019, Part III. LNCS, vol. 11694, pp. 67–97. Springer (2019). https://doi.org/10.1007/978-3-030-26954-8_3
Bootle, J., Cerulli, A., Chaidos, P., Groth, J., Petit, C.: Efficient zero-knowledge arguments for arithmetic circuits in the discrete log setting. In: Advances in Cryptology-Eurocrypt 2016, Part II. LNCS, vol. 9666, pp. 327–357. Springer (2016). https://doi.org/10.1007/978-3-662-49896-5_12
Boyle, E., Gilboa, N., Ishai, Y., Nof, A.: Efficient fully secure computation via distributed zero-knowledge proofs. In: Advances in Cryptology-Asiacrypt 2020, Part III. LNCS, pp. 244–276. Springer (2020). https://doi.org/10.1007/978-3-030-64840-4_9
Bünz, B., Bootle, J., Boneh, D., Poelstra, A., Wuille, P., Maxwell, G.: Bulletproofs: short proofs for confidential transactions and more. In: IEEE Symposium Security and Privacy 2018, pp. 315–334. IEEE (2018). https://doi.org/10.1109/SP.2018.00020
Bünz, B., Fisch, B., Szepieniec, A.: Transparent SNARKs from DARK compilers. In: Advances in Cryptology-Eurocrypt 2020, Part I. LNCS, vol. 12105, pp. 677–706. Springer (2020). https://doi.org/10.1007/978-3-030-45721-1_24
Burmester, M., Desmedt, Y.: Broadcast interactive proofs (extended abstract). In: Advances in Cryptology-Eurocrypt 1991. LNCS, pp. 81–95. Springer (1991). https://doi.org/10.1007/3-540-46416-6_7
Canetti, R., et al.: Fiat-Shamir: from practice to theory. In: 51th Annual ACM Symposium on Theory of Computing (STOC), pp. 1082–1090. ACM Press (2019). https://doi.org/10.1145/3313276.3316380
Canetti, R., Kaptchuk, G.: The Broken Promise of Apple’s Announced Forbidden-photo Reporting System - And How To Fix It. https://www.bu.edu/riscs/2021/08/10/apple-csam/ (2021)
Chida, K., et al.: Fast large-scale honest-majority MPC for malicious adversaries. In: Advances in Cryptology-Crypto 2018, Part III. LNCS, vol. 10993, pp. 34–64. Springer (2018). https://doi.org/10.1007/978-3-319-96878-0_2
Corrigan-Gibbs, H., Boneh, D.: Prio: private, robust, and scalable computation of aggregate statistics. In: 14th USENIX Symposium on Networked Systems Design and Implementation (NSDI 17), pp. 259–282. USENIX Association, March 2017
Damgård, I., Ishai, Y., Krøigaard, M.: Perfectly secure multiparty computation and the computational overhead of cryptography. In: Advances in Cryptology-Eurocrypt 2010. LNCS, pp. 445–465. Springer (2010). https://doi.org/10.1007/978-3-642-13190-5_23
Damgård, I., Nielsen, J.B.: Scalable and unconditionally secure multiparty computation. In: Advances in Cryptology-Crypto 2007. LNCS, vol. 4622, pp. 572–590. Springer (2007). https://doi.org/10.1007/978-3-540-74143-5_32
Damgård, I., Nielsen, J.B., Nielsen, M., Ranellucci, S.: The TinyTable Protocol for 2-party secure computation, or: gate-scrambling revisited. In: Advances in Cryptology-Crypto 2017, Part I. LNCS, vol. 10401, pp. 167–187. Springer (2017). https://doi.org/10.1007/978-3-319-63688-7_6
Dittmer, S., Ishai, Y., Lu, S., Ostrovsky, R.: Improving line-point zero knowledge: two multiplications for the price of one. In: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. ACM Press (2022)
Dittmer, S., Ishai, Y., Ostrovsky, R.: Line-point zero knowledge and its applications. In: 2nd Conference on Information-Theoretic Cryptography (2021)
Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Advances in Cryptology-Crypto 1986. LNCS, pp. 186–194. Springer (1987). https://doi.org/10.1007/3-540-47721-7_12
Franklin, M.K., Yung, M.: Communication complexity of secure computation (extended abstract). In: 24th Annual ACM Symposium on Theory of Computing (STOC), pp. 699–710. ACM Press (1992). https://doi.org/10.1145/129712.129780
Garay, J.A., Ishai, Y., Ostrovsky, R., Zikas, V.: The price of low communication in secure multi-party computation. In: Advances in Cryptology-Crypto 2017, Part I. LNCS, vol. 10401, pp. 420–446. Springer (2017). https://doi.org/10.1007/978-3-319-63688-7_14
Genkin, D., Ishai, Y., Polychroniadou, A.: Efficient multi-party computation: from passive to active security via secure SIMD circuits. In: Advances in Cryptology-Crypto 2015, Part II. LNCS, vol. 9216, pp. 721–741. Springer (2015). https://doi.org/10.1007/978-3-662-48000-7_35
Genkin, D., Ishai, Y., Prabhakaran, M., Sahai, A., Tromer, E.: Circuits resilient to additive attacks with applications to secure computation. In: 46th Annual ACM Symposium on Theory of Computing (STOC), pp. 495–504. ACM Press (2014). https://doi.org/10.1145/2591796.2591861
Gennaro, R., Gentry, C., Parno, B., Raykova, M.: Quadratic span programs and succinct NIZKs without PCPs. In: Advances in Cryptology-Eurocrypt 2013. LNCS, pp. 626–645. Springer (2013). https://doi.org/10.1007/978-3-642-38348-9_37
Goldwasser, S., Kalai, Y.T., Rothblum, G.N.: Delegating computation: interactive proofs for muggles. In: 40th Annual ACM Symposium on Theory of Computing (STOC), pp. 113–122. ACM Press (2008). https://doi.org/10.1145/1374376.1374396
Goldwasser, S., Lindell, Y.: Secure multi-party computation without agreement. J. Cryptol. 18(3), 247–287 (2005). https://doi.org/10.1007/s00145-005-0319-z
Gordon, S.D., Starin, D., Yerukhimovich, A.: The more the merrier: reducing the cost of large scale MPC. In: Advances in Cryptology-Eurocrypt 2021, Part II. LNCS, pp. 694–723. Springer (2021). https://doi.org/10.1007/978-3-030-77886-6_24
Goyal, V., Li, H., Ostrovsky, R., Polychroniadou, A., Song, Y.: ATLAS: efficient and scalable MPC in the honest majority setting. In: Advances in Cryptology-Crypto 2021, Part II. LNCS, pp. 244–274. Springer (2021). https://doi.org/10.1007/978-3-030-84245-1_9
Goyal, V., Polychroniadou, A., Song, Y.: Unconditional communication-efficient MPC via Hall’s marriage theorem. In: Advances in Cryptology-Crypto 2021, Part II. LNCS, pp. 275–304. Springer (2021). https://doi.org/10.1007/978-3-030-84245-1_10
Goyal, V., Song, Y.: Malicious Security Comes Free in Honest-Majority MPC. Cryptology ePrint Archive, Report 2020/134 (2020). https://eprint.iacr.org/2020/134
Goyal, V., Song, Y., Zhu, C.: Guaranteed output delivery comes free in honest majority MPC. In: Advances in Cryptology-Crypto 2020, Part II. LNCS, pp. 618–646. Springer (2020). https://doi.org/10.1007/978-3-030-56880-1_22
Groth, J.: Short pairing-based non-interactive zero-knowledge arguments. In: Advances in Cryptology-Asiacrypt 2010. LNCS, pp. 321–340. Springer (2010). https://doi.org/10.1007/978-3-642-17373-8_19
Groth, J., Ostrovsky, R.: Cryptography in the multi-string model. In: Advances in Cryptology-Crypto 2007. LNCS, vol. 4622, pp. 323–341. Springer (2007). https://doi.org/10.1007/978-3-540-74143-5_18
Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A.: Zero-knowledge from secure multiparty computation. In: 39th Annual ACM Symposium on Theory of Computing (STOC), pp. 21–30. ACM Press (2007). https://doi.org/10.1145/1250790.1250794
Lepinski, M., Micali, S., Shelat, A.: Fair-zero knowledge. In: Theory of Cryptography Conference–TCC 2005. LNCS, vol. 3378, pp. 245–263. Springer (2005). https://doi.org/10.1007/978-3-540-30576-7_14
Lindell, Y., Nof, A.: A framework for constructing fast MPC over arithmetic circuits with malicious adversaries and an honest-majority. In: ACM Conference on Computer and Communications Security (CCS) 2017, pp. 259–276. ACM Press (2017). https://doi.org/10.1145/3133956.3133999
Nordholt, P.S., Veeningen, M.: Minimising communication in honest-majority MPC by batchwise multiplication verification. In: International Conference on Applied Cryptography and Network Security (ACNS). LNCS, pp. 321–339. Springer (2018). https://doi.org/10.1007/978-3-319-93387-0_17
Setty, S.: Spartan: efficient and general-purpose zkSNARKs without trusted setup. In: Advances in Cryptology-Crypto 2020, Part III. LNCS, pp. 704–737. Springer (2020). https://doi.org/10.1007/978-3-030-56877-1_25
Wahby, R.S., Tzialla, I., shelat, a., Thaler, J., Walfish, M.: Doubly-efficient zkSNARKs without trusted setup. In: IEEE Symposium Security and Privacy 2018, pp. 926–943. IEEE (2018). https://doi.org/10.1109/SP.2018.00060
Weng, C., Yang, K., Katz, J., Wang, X.: Wolverine: fast, scalable, and communication-efficient zero-knowledge proofs for boolean and arithmetic circuits. In: IEEE Symposium Security and Privacy 2021, pp. 1074–1091. IEEE (2021). https://doi.org/10.1109/SP40001.2021.00056
Yang, K., Sarkar, P., Weng, C., Wang, X.: QuickSilver: efficient and affordable zero-knowledge proofs for circuits and polynomials over any field. In: ACM Conference on Computer and Communications Security (CCS) 2021, pp. 2986–3001. ACM Press (2021). https://doi.org/10.1145/3460120.3484556
Yang, K., Wang, X.: Non-Interactive Zero-Knowledge Proofs to Multiple Verifiers. Cryptology ePrint Archive, Paper 2022/063 (2022). https://eprint.iacr.org/2022/063
Zhang, J., et al.: Doubly efficient interactive proofs for general arithmetic circuits with linear prover time. In: ACM Conference on Computer and Communications Security (CCS) 2021, pp. 159–177. ACM Press (2021). https://doi.org/10.1145/3460120.3484767
Zhang, J., Xie, T., Zhang, Y., Song, D.: Transparent polynomial delegation and its applications to zero knowledge proof. In: IEEE Symposium Security and Privacy 2020, pp. 859–876. IEEE (2020). https://doi.org/10.1109/SP40000.2020.00052
Acknowledgements
Work of Kang Yang is supported by the National Natural Science Foundation of China (Grant Nos. 62102037, 61932019). Work of Xiao Wang is supported in part by DARPA under Contract No. HR001120C0087, NSF award #2016240, and research awards from Meta, Google and PlatON Network. The views, opinions, and/or findings expressed are those of the author(s) and should not be interpreted as representing the official views or policies of the Department of Defense or the U.S. Government.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 International Association for Cryptologic Research
About this paper
Cite this paper
Yang, K., Wang, X. (2022). Non-interactive Zero-Knowledge Proofs to Multiple Verifiers. In: Agrawal, S., Lin, D. (eds) Advances in Cryptology – ASIACRYPT 2022. ASIACRYPT 2022. Lecture Notes in Computer Science, vol 13793. Springer, Cham. https://doi.org/10.1007/978-3-031-22969-5_18
Download citation
DOI: https://doi.org/10.1007/978-3-031-22969-5_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-22968-8
Online ISBN: 978-3-031-22969-5
eBook Packages: Computer ScienceComputer Science (R0)