Blind zkSNARKs

This paper explores how Zero-Knowledge Proofs (ZKPs) can enhance the privacy and security of decentralized supply chains. Although blockchain technology enhances supply chain transparency, it also reveals sensitive information, including supplier identities, pricing strategies, and transaction volumes. ZKPs offer a feasible approach in that subjects can authenticate data without revealing the underlying data, whilst keeping the information confidential and maintaining trust. In this study, the main performance indicators, including the time to verify a transaction (0.48 seconds), communication overhead (1.3 KB proof size), and privacy (95) in the ZKP-based system, are examined. ZKPs can enhance economic security by eliminating risks, such as industrial espionage and counterparty fraud, that can arise from publicly accessible data in historical blockchain systems. The performance of ZKP-enabled networks is also compared with that of traditional transparent blockchain systems. The major benefits are data privacy (95 % in ZKPs and 40 % in traditional systems) and scalability (80 % high and 60 % moderate). The paper also discusses how AI-based ZKP generation can speed up proof generation and automated compliance auditing to uphold regulatory compliance, including the General Data Protection Regulation (GDPR) and Anti-Money Laundering (AML). By incorporating AI into the ZKP procedure, proof generation can be sped up, yielding significant improvements in efficiency. This study finds that ZKPs can provide an effective approach to decentralized supply chain security, privacy, efficiency, and regulatory compliance, thereby making global trade activities more secure, transparent, and efficient.

Revelio (CVCBT 2019) is a proof of reserves protocol for MimbleWimble-based cryptocurrencies which provides privacy to a cryptocurrency exchange by hiding the exchange-owned outputs in a larger anonymity set of unspent outputs. A drawback of Revelio is that the proof size scales linearly in the size of the anonymity set. To alleviate this, we design RevelioBP, a Bulletproofs-based proof of reserves protocol with proof sizes which scale logarithmically in the size of the anonymity set. This improvement allows us to use the set of all UTXOs as the anonymity set, resulting in better privacy for the exchange. On the downside, the higher proof generation and verification time of RevelioBP than that of Revelio might affect practical deployment of RevelioBP. Through implementation of RevelioBP, we quantitatively analyse trade-offs in design of MimbleWimble proofs of reserves in terms of scalability and performance. We conclude that unless proof size is a concern for exchanges, Revelio is a marginally better choice for proof of reserves. On the other hand, if an exchange is willing to pay in terms of proof generation time, RevelioBP offers proof sizes significantly smaller than Revelio.

Zero-Knowledge Proofs (ZKPs) have emerged as a powerful tool for secure and privacy-preserving computation. ZKPs enable one party to convince another of a statement's validity without revealing anything else. This capability has profound implications in many domains, including: machine learning, blockchain, image authentication, and electronic voting. Despite their potential, ZKPs have seen limited deployment because of their exceptionally high computational overhead, which manifests primarily during proof generation. To mitigate these overheads, a (growing) body of researchers have proposed hardware accelerators and GPU implementations of kernels and complete protocols. Prior art spans a wide variety of ZKP schemes that vary significantly in computational overhead, proof size, verifier cost, protocol setup, and trust. The latest, and widely used ZKP protocols are intentionally designed to balance these trade-offs. A particular challenge in modern ZKP systems is supporting complex, high-degree gates using the SumCheck protocol. We address this challenge with a novel programmable accelerator to efficiently handle arbitrary custom gates via SumCheck. Our accelerator achieves upwards of <tex xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">$1000 \times$</tex> geomean speedup over CPU-based SumChecks across a range of gate types. We include this unit in zkPHIRE, a programmable, full-system accelerator that accelerates the HyperPlonk protocol. zkPHIRE achieves <tex xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">$1486 \times$</tex> geomean speedup over CPU and <tex xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">$11.87 \times$</tex> geomean speedup over the state-of-the-art at iso-area. Together, these results demonstrate compelling performance while scaling to large problem sizes (upwards of 2<sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">30</sup> constraints) and maintaining small proof sizes (<tex xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">$4-5$</tex> KB).

To enhance user privacy, anonymous credential systems allow the user to convince a verifier of the possession of a certificate issued by the issuing authority anonymously. In the systems, the user can prove logical relations on his/her attributes embedded into the certificate. Previously, we proposed a pairing-based system with constant-size proofs. In the system, the proof generation needs only multiplications depending on the size of the proved relations, and it is more efficient than other existing system that needs the exponentiations whose costs are much larger than multiplications. However, our efficient system has never been implemented, and thus the practicality is not evaluated. In this study, we implemented the system, and measured the processing times and data size, when changing the parameters describing the size of the proved relation. The verification time is very fast and constant, and the proof size is also constant, from which we can confirm the practicality. However, the proof generation time increases, when the parameters increase. Although we confirm the practicality in case of small relations, we clarify the problems in case of larger relations, which should be solved in our future works.

This paper presents a new short zero-knowledge argument for the range proof and arithmetic circuits without a trusted setup. In particular, it can achieve the shortest proof size of the proof system categories without a trusted setup. More specifically, when proving that a committed value is a positive integer less than 64 bits, except for negligible error in the 128-bit security parameter, the proof size is 576 bytes long, which is 85.7&#x0025; the size of the previous shortest proof due to B&#x00FC;nz <italic>et al.</italic> (Bulletproofs, IEEE Security and Privacy 2018). Similarly, circuit satisfiability can be proven with less communication overhead. Nevertheless, computational overheads in both proof generation and verification are comparable with those of Bulletproofs. Bulletproofs is established as one of the important privacy-enhancing technologies for a distributed ledger due to its trustless feature and short proof size. In particular, it has been implemented and optimized in various programming languages for practical usage by independent entities since it was proposed. The essence of Bulletproofs is based on the logarithmic inner product argument with no zero-knowledge. This paper revisits Bulletproofs from the viewpoint of the first sublinear zero-knowledge argument for linear algebra due to Groth (CRYPTO 2009) and then propose Bulletproofs&#x002B;, an improved variety of Bulletproofs. The main component is the <italic>zero-knowledge weighted inner product argument (zk-WIP)</italic> which enables to reduce both the range proof and the arithmetic circuit proof. It already has zero-knowledge properties, there is no additional information when reducing zk-WIP, and it incurs a minimal transmission cost during the reduction process. Note that zk-WIP has all characteristics of the inner product argument, such as an aggregating range proof and batch verification; thus, Bulletproofs&#x002B; is superior to Bulletproofs in all aspects.

Data integrity is critical for many applications. With huge amount of data shared with the cloud computing platform, i.e. Amazon S3, GFS, Apache Hadoop etc, the risk of damage is increasing at the same time. Equivocation is a powerful tool that malicious nodes can use to poison the states of honest nodes and escape punishment. Accountability which makes the system actions verifiable has become the first-class citizen in distributed system design. Tamper-evidence logging is a useful utility to construct accountable system, and is used in different self-certify systems. In this paper, we present Index Tree which is a utility for tamper-evidence logging construction. Index Tree supports efficient proof generation and verification and its proof size is much smaller which is convenient to exchange among distributed nodes. Experiments show Index Tree has advantages in proof size, proof generation and verification compared with AASL.

We propose Bulletproofs, a new non-interactive zero-knowledge proof protocol with very short proofs and without a trusted setup; the proof size is only logarithmic in the witness size. Bulletproofs are especially well suited for efficient range proofs on committed values: they enable proving that a committed value is in a range using only 2 log_2(n)+9 group and field elements, where n is the bit length of the range. Proof generation and verification times are linear in n. Bulletproofs greatly improve on the linear (in n) sized range proofs in existing proposals for confidential transactions in Bitcoin and other cryptocurrencies. Moreover, Bulletproofs supports aggregation of range proofs, so that a party can prove that m commitments lie in a given range by providing only an additive O(log(m)) group elements over the length of a single proof. To aggregate proofs from multiple parties, we enable the parties to generate a single proof without revealing their inputs to each other via a simple multi-party computation (MPC) protocol for constructing Bulletproofs. This MPC protocol uses either a constant number of rounds and linear communication, or a logarithmic number of rounds and logarithmic communication. We show that verification time, while asymptotically linear, is very efficient in practice. The marginal cost of batch verifying 32 aggregated range proofs is less than the cost of verifying 32 ECDSA signatures. Bulletproofs build on the techniques of Bootle et al. (EUROCRYPT 2016). Beyond range proofs, Bulletproofs provide short zero-knowledge proofs for general arithmetic circuits while only relying on the discrete logarithm assumption and without requiring a trusted setup. We discuss many applications that would benefit from Bulletproofs, primarily in the area of cryptocurrencies. The efficiency of Bulletproofs is particularly well suited for the distributed and trustless nature of blockchains. The full version of this article is available on ePrint.

Modern Satisfiability Modulo Theories (SMT) solvers are used in a wide variety of software and hardware verification applications. Proof producing SMT solvers are very desirable as they increase confidence in the solver and ease debugging/profiling, while allowing for scenarios like Proof-Carrying Code (PCC). However, the size of typical proofs generated by SMT solvers poses a problem for the existing systems, up to the point where proof checking consumes orders of magnitude more computer resources than proof generation. In this paper we show how this problem can be addressed using a simple term rewriting formalism, which is used to encode proofs in a natural deduction style. We formally prove soundness of our rules and evaluate an implementation of the term rewriting engine on a set of proofs generated from industrial benchmarks. The modest memory and CPU time requirements of the implementation allow for proof checking even on a small PDA device, paving a way for PCC on such devices.KeywordsConcrete SyntaxProof TreeProof RuleEmpty ClauseProof CheckThese keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Privacy is one of the major security concerns. The zero-knowledge proof enables the transmission of data from the sender to the receiver without disclosing the actual content of the data. The proposed work uses the ZK-STARK (Zero-Knowledge Scalable Transparent ARgument of Knowledge) Algorithm for transaction privacy in the organic jaggery supply chain. The paper emphasizes a detailed mathematical model, involving two key participants: the prover (food processor) and the verifier (distributor). The prover calculates the polynomial for the problem, its composition polynomial, and provides its Merkle proof to the verifier. The verifier conducts queries to confirm and validate the accuracy of the information. Using the fast reed-solomon interactive oracle proofs protocol, the proof is validated. It measures performance as proof generation and verification time, proof size, and throughput. Plans involve increasing the domain size of this algorithm, varying the polynomial interpolation, and evaluating its performance measures by integrating it into Blockchain.

Currently the most efficient automatic approach to verify gate-level multipliers combines SAT solving and computer algebra. In order to increase confidence in the verification, proof certificates are generated. However, due to different solving techniques, these certificates require two different proof formats, namely DRUP and PAC. A combined proof has so far been missing. Correctness of this approach can thus only be trusted up to the correctness of compositional reasoning. In this paper we show how to generate a single proof in one proof format, which then allows to certify correctness using one simple proof checker. We further investigate empirically the effect on proof generation and checking time as well as on proof size. It turns out that PAC proofs are much more compact and faster to check.

Zero-knowledge proof is a powerful cryptographic primitive that has found various applications in the real world. However, existing schemes with succinct proof size suffer from a high overhead on the proof generation time that is super-linear in the size of the statement represented as an arithmetic circuit, limiting their efficiency and scalability in practice. In this paper, we present Orion, a new zero-knowledge argument system that achieves O(N) prover time of field operations and hash functions and $$O(\log ^2 N)$$ proof size. Orion is concretely efficient and our implementation shows that the prover time is 3.09 s and the proof size is 1.5 MB for a circuit with $$2^{20}$$ multiplication gates. The prover time is the fastest among all existing succinct proof systems, and the proof size is an order of magnitude smaller than a recent scheme proposed in Golovnev et al. 2021. In particular, we develop two new techniques leading to the efficiency improvement. (1) We propose a new algorithm to test whether a random bipartite graph is a lossless expander graph or not based on the densest subgraph algorithm. It allows us to sample lossless expanders with an overwhelming probability. The technique improves the efficiency and/or security of all existing zero-knowledge argument schemes with a linear prover time. The testing algorithm based on densest subgraph may be of independent interest for other applications of expander graphs. (2) We develop an efficient proof composition scheme, code switching, to reduce the proof size from square root to polylogarithmic in the size of the computation. The scheme is built on the encoding circuit of a linear code and shows that the witness of a second zero-knowledge argument is the same as the message in the linear code. The proof composition only introduces a small overhead on the prover time.

Proof-of-Context (PoC) protocols aim to ensure fairness and integrity in smart contract execution by cryptographically binding on-chain transactions to verifiable off-chain contextual data. Traditional consensus mechanisms (e.g., Proof-of-Work, Proof-of-Stake) focus on ordering and validation of transactions but do not address whether the contextual conditions that should govern contract execution are satisfied. In this manuscript, we propose a novel PoC framework that leverages decentralized oracles, zero-knowledge proofs, and time-stamped Merkle commitments to provide verifiable evidence that all pre-specified preconditions and environmental parameters were met at execution time. We detail the design of the protocol, implement a prototype on an Ethereum testnet using Chainlink oracles and zk-SNARKs, and conduct a performance evaluation under varying network and workload conditions. Our results show that PoC incurs a modest overhead—on average 5% additional gas cost and 200 ms added latency per proof generation—while dramatically enhancing auditability and reducing the risk of context-based manipulation or dispute. We conclude that PoC protocols offer a practical mechanism for enforcing fairness in a wide range of decentralized applications, from DeFi loans conditioned on real-world data to NFT minting events gated by dynamic criteria. Finally, we discuss the scope, limitations, and future research directions for broader deployment.

Digital product passports outline information about a product’s lifecycle, circularity, and sustainability-related data. Sustainability data contains claims about carbon footprint, recycled material composition, ethical sourcing of production materials, etc. Also, upcoming regulatory directives require companies to disclose this type of information. However, current sustainability reporting practices face challenges, such as greenwashing, where companies make incorrect claims that are difficult to verify. There is also a challenge of disclosing sensitive production information when other stakeholders, such as consumers or other economic operators, wish to verify sustainability claims independently. Zero-knowledge proofs (ZKPs) provide a cryptographic system for verifying statements without revealing sensitive information. The goal of this research paper is to explore ZKP cryptography, trust models, and implementation concepts for extending DPP capability in privacy-aware reporting and verification of sustainability claims in products. To achieve this goal, first, formal representations of sustainability claims are provided. Then, a data matrix and trust model for generating proofs are developed. An interaction sequence is provided to show different components for various proof generation and verification scenarios for sustainability claims. Lastly, the paper provides a circuit template for the proof generation of an example claim and a credential structure for their input data validation. The proposed approach is assessed using a scenario-based evaluation to check the performance metrics for data credential verification and proof generation for verifying material composition in a product.

The rapid development of blockchain has significantly promoted research on zero-knowledge proofs (ZKPs), especially zero-knowledge succinct noninteractive arguments of knowledge (zk-SNARK). As is well known, protocol proof and verification time, as well as proof size, are the main obstacles that restrict the implementation of ZKPs in practical applications, so they have become the main concerns of researchers in recent years. This work achieves a new recursive zk-SNARK called GENES, which does not have a trusted setup and is secure under the standard discrete logarithm assumption. GENES is designed from the form of the rank-1 constraint system (R1CS) satisfiability problem. Recursive proof composition is achieved by merging multiple R1CS instances, which transforms the verification of numerous proofs into the verification of a single proof. Moreover, multi-helpers amortize proof commitments in this study, significantly reducing the computational pressure and time cost of proof generation. Compared with previous work, GENES effectively improves the proof time and verification time, but at the cost of larger proof sizes. We provide a blockchain Layer-1 scaling solution leveraging GENES to demonstrate its practicality.

Substitution box generator with enhanced cryptographic properties and minimal computation time