CoqPilot, a plugin for LLM-based generation of proofs

The paper is devoted to the investigation of the distributed proof generation process, which makes use of recursive zk-SNARKs. Such distributed proof generation, where recursive zk-SNARK-proofs are organized in perfect Mercle trees, was for the first time proposed in Latus consensus protocol for zk-SNARKs-based sidechains. We consider two models of a such proof generation process: the simplified one, where all proofs are independent (like one level of tree), and its natural generation, where proofs are organized in partially ordered set (poset), according to tree structure. Using discrete Markov chains for modeling of corresponding proof generation process, we obtained the recurrent formulas for the expectation and variance of the number of steps needed to generate a certain number of independent proofs by a given number of provers. We asymptotically represent the expectation as a function of the one variable n/m, where n is the number of provers m is the number of proofs (leaves of tree). Using results obtained, we give numerical recommendation about the number of transactions, which should be included in the current block, idepending on the network parameters, such as time slot duration, number of provers, time needed for proof generation, etc.

In the context of formal verification, certifying proofs are evidences of the correctness of a model in a deduction system produced automatically as outcome of the verification. They are quite appealing for high-assurance systems because they can be verified independently by proof checkers, which are usually simpler to certify than the proof-generating tools. Model checking is one of the most prominent approaches to formal verification of temporal properties and is based on an algorithmic search of the system state space. Although modern algorithms integrate deductive methods, the generation of proofs is typically restricted to invariant properties only. Moreover, it assumes that the verification produces an inductive invariant of the original system, while model checkers usually involve a variety of complex pre-processing simplifications. In this paper we show how, exploiting the k-liveness algorithm, to extend proof generation capabilities for invariant checking to cover full linear-time temporal logic (LTL) properties, in a simple and efficient manner, with essentially no overhead for the model checker. Besides the basic k-liveness algorithm, we integrate in the proof generation a variety of widely used pre-processing techniques such as temporal decomposition, model simplification via computation of equivalences with ternary simulation, and the use of stabilizing constraints. These techniques are essential in many cases to prove that a property holds, both for invariant and for LTL model checking, and thus need to be considered within the proof. We implemented the proof generation techniques on top of IC3 engines, and show the feasibility of the approach on a variety of benchmarks taken from the literature and from the Hardware Model Checking Competition. Our results confirm that proof generation results in negligible overhead for the model checker.

The ability of a theorem prover to generate explicit derivations for the theorems it proves has major benefits for the testing and maintenance of the prover. It also eliminates the need to trust the correctness of the prover at the expense of trusting a much simpler proof checker. However, it is not always obvious how to generate explicit proofs in a theorem prover that uses decision procedures whose operation does not directly model the axiomatization of the underlying theories. In this paper we describe the modifications that are necessary to support proof generation in a congruence-closure decision procedure for equality and in a Simplex-based decision procedure for linear arithmetic. Both of these decision procedures have been integrated using a modified Nelson-Oppen cooperation mechanism in the Touchstone theorem prover, which we use to produce proof-carrying code. Our experience with designing and implementing Touchstone is that proof generation has a relatively low cost in terms of design complexity and proving time and we conclude that the software-engineering benefits of proof generation clearly outweighs these costs.

Search-based satisfiability procedures try to build a model of the input formula by simultaneously proposing candidate models and deriving new formulae implied by the input. Conflict-driven procedures perform non-trivial inferences only when resolving conflicts between formulæ and assignments representing the candidate model. CDSAT (Conflict-Driven SATisfiability) is a method for conflict-driven reasoning in unions of theories. It combines inference systems for individual theories as theory modules within a solver for the union of the theories. This article augments CDSAT with a more general lemma learning capability and with proof generation. Furthermore, theory modules for several theories of practical interest are shown to fulfill the requirements for completeness and termination of CDSAT. Proof generation is accomplished by a proof-carrying version of the CDSAT transition system that produces proof objects in memory accommodating multiple proof formats. Alternatively, one can apply to CDSAT the LCF approach to proofs from interactive theorem proving, by defining a kernel of reasoning primitives that guarantees the correctness by construction of CDSAT proofs.

Mechanically certifying formula-based Noetherian induction reasoning

To enhance user privacy, anonymous credential systems allow the user to convince a verifier of the possession of a certificate issued by the issuing authority anonymously. In the systems, the user can prove relations on his/her attributes embedded into the certificate. Previously, a pairing-based anonymous credential system with constant-size proofs in the number of attributes of the user was proposed. This system supports the proofs of the inner product relations on attributes, and thus can handle the complex logical relations on attributes as the CNF and DNF formulas. However this system suffers from the computational cost: The proof generation needs exponentiations depending on the number of the literals in OR relations. In this paper, we propose a pairing-based anonymous credential system with the constant-size proofs for CNF formulas and the more efficient proof generation. In the proposed system, the proof generation needs only multiplications depending on the number of literals, and thus it is more efficient than the previously proposed system. The key of our construction is to use an extended accumulator, by which we can verify that multiple attributes are included in multiple sets, all at once. This leads to the verification of CNF formulas on attributes. Since the accumulator is mainly calculated by multiplications, we achieve the better computational costs.

Modern Satisfiability Modulo Theories (SMT) solvers are used in a wide variety of software and hardware verification applications. Proof producing SMT solvers are very desirable as they increase confidence in the solver and ease debugging/profiling, while allowing for scenarios like Proof-Carrying Code (PCC). However, the size of typical proofs generated by SMT solvers poses a problem for the existing systems, up to the point where proof checking consumes orders of magnitude more computer resources than proof generation. In this paper we show how this problem can be addressed using a simple term rewriting formalism, which is used to encode proofs in a natural deduction style. We formally prove soundness of our rules and evaluate an implementation of the term rewriting engine on a set of proofs generated from industrial benchmarks. The modest memory and CPU time requirements of the implementation allow for proof checking even on a small PDA device, paving a way for PCC on such devices.KeywordsConcrete SyntaxProof TreeProof RuleEmpty ClauseProof CheckThese keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This paper explores how Zero-Knowledge Proofs (ZKPs) can enhance the privacy and security of decentralized supply chains. Although blockchain technology enhances supply chain transparency, it also reveals sensitive information, including supplier identities, pricing strategies, and transaction volumes. ZKPs offer a feasible approach in that subjects can authenticate data without revealing the underlying data, whilst keeping the information confidential and maintaining trust. In this study, the main performance indicators, including the time to verify a transaction (0.48 seconds), communication overhead (1.3 KB proof size), and privacy (95) in the ZKP-based system, are examined. ZKPs can enhance economic security by eliminating risks, such as industrial espionage and counterparty fraud, that can arise from publicly accessible data in historical blockchain systems. The performance of ZKP-enabled networks is also compared with that of traditional transparent blockchain systems. The major benefits are data privacy (95 % in ZKPs and 40 % in traditional systems) and scalability (80 % high and 60 % moderate). The paper also discusses how AI-based ZKP generation can speed up proof generation and automated compliance auditing to uphold regulatory compliance, including the General Data Protection Regulation (GDPR) and Anti-Money Laundering (AML). By incorporating AI into the ZKP procedure, proof generation can be sped up, yielding significant improvements in efficiency. This study finds that ZKPs can provide an effective approach to decentralized supply chain security, privacy, efficiency, and regulatory compliance, thereby making global trade activities more secure, transparent, and efficient.

To enhance user privacy, anonymous credential systems allow the user to convince a verifier of the possession of a certificate issued by the issuing authority anonymously. In the systems, the user can prove logical relations on his/her attributes embedded into the certificate. Previously, we proposed a pairing-based system with constant-size proofs. In the system, the proof generation needs only multiplications depending on the size of the proved relations, and it is more efficient than other existing system that needs the exponentiations whose costs are much larger than multiplications. However, our efficient system has never been implemented, and thus the practicality is not evaluated. In this study, we implemented the system, and measured the processing times and data size, when changing the parameters describing the size of the proved relation. The verification time is very fast and constant, and the proof size is also constant, from which we can confirm the practicality. However, the proof generation time increases, when the parameters increase. Although we confirm the practicality in case of small relations, we clarify the problems in case of larger relations, which should be solved in our future works.

An anonymous credential system allows a user to convince a service provider anonymously that he/she owns certified attributes. Previously, a system to prove AND and OR relations simultaneously by CNF formulas was proposed. To achieve a constant-size proof of the formula, this system adopts an accumulator that compresses multiple attributes into a single value. However, this system has a problem: the proof generation requires a large computational time in case of lots of OR literals in the formula. One of the example formulas consists of lots of birthdate attributes to prove age. This greatly increases the public parameters correspondent to attributes, which causes a large delay in the accumulator computation due to multiplications of lots of parameters. In this paper, we propose an anonymous credential system with constant-size proofs for monotone formulas on attributes, in order to obtain more efficiency in the proof generation. The monotone formula is a logic formula that contains any combination of AND and OR relations. Our approach to prove the monotone formula is that the accumulator is extended to be adapted to the tree expressing the monotone formula. Since the use of monotone formulas increases the expression capability of the attribute proof, the number of public parameters multiplied in the accumulator is greatly decreased, which impacts the reduction of the proof generation time.KeywordsAnonymous Credential SystemMonotone FormulaConstant-size ProofsbirthDate PropertyProof Generation TimeThese keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

In this paper, we show for the first time it is practical to privately delegate proof generation of zkSNARKs to a single server for computations of up to 2^20 R1CS constraints. We achieve this by computing zkSNARK proof generation over homomorphic ciphertexts, an approach we call blind zkSNARKs. We formalize the concept of blind proofs, analyze their cryptographic properties and show that the resulting blind zkSNARKs remain sound when compiled using BCS compilation. Our work follows the framework proposed by Garg et al. (Crypto'24) and improves the instantiation presented by Aranha et al. (Asiacrypt'24), which implements only the FRI subprotocol. By delegating proof generation, we are able to reduce client computation time from 10 minutes to mere seconds, while server computation time remains limited to 20 minutes. We also propose a practical construction for vCOED supporting constraint sizes four orders of magnitude larger than the current state-of-the-art verifiable FHE-based approaches. These results are achieved by optimizing Fractal for the GBFV homomorphic encryption scheme, including a novel method for making homomorphic NTT evaluation packing-friendly by computing it in two dimensions. Furthermore, we make the proofs publicly verifiable by appending a zero-knowledge Proof of Decryption (PoD). We propose a new construction for PoDs optimized for low proof generation time, exploiting modulus and ring switching in GBFV and using the Schwartz-Zippel lemma for proof batching; these techniques might be of independent interest. Finally, we implement the latter protocol in C and report on execution time and proof sizes.

The final publication is available via <a href="https://doi.org/ 10.1145/3372885.3373821" target="_blank">https://doi.org/ 10.1145/3372885.3373821</a>.

To enhance user privacy, anonymous credential systems allow the user to convince a verifier of the possession of a certificate issued by the issuing authority anonymously. In the systems, the user can prove relations on his/her attributes embedded into the certificate. Previously, a pairing-based anonymous credential system with constant-size proofs in the number of attributes of the user was proposed. This system supports the proofs of the inner product relations on attributes, and thus can handle the complex logical relations on attributes as the CNF and DNF formulas. However this system suffers from the computational cost: The proof generation needs exponentiations depending on the number of the literals in OR relations. In this paper, we propose a pairing-based anonymous credential system with the constant-size proofs for CNF formulas and the more efficient proof generation. In the proposed system, the proof generation needs only multiplications depending on the number of literals, and thus it is more efficient than the previously proposed system. The key of our construction is to use an extended accumulator, by which we can verify that multiple attributes are included in multiple sets, all at once. This leads to the verification of CNF formulas on attributes. Since the accumulator is mainly calculated by multiplications, we achieve the better computational costs.

On the one hand, we would like verification tools to feature powerful automation, but on the other hand, we also want to be able to trust the results with a high degree of confidence. The question of trust in verification tools has been debated for a long time. One popular way of achieving trust in verification tools is through proof generation. However, proof generation could hamstring both the functionality and the efficiency of the automation that can be built into these tools. We argue that trust need not be achieved at the expense of automation, and outline a lightweight approach where the results of untrusted verifiers are checked by a trusted offline checker. The trusted checker is a verified reference kernel that contains a satisfiability solver to support the robust and efficient checking of untrusted tools.KeywordsProof SystemConjunctive Normal FormBinary Decision DiagramPartial AssignmentConjunctive Normal Form FormulaThese keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

We show how to generate and validate logical proofs of unsatisfiability from delta-complete decision procedures that rely on error-prone numerical algorithms. Solving this problem is important for ensuring correctness of the decision procedures. At the same time, it is a new approach for automated theorem proving over real numbers. We design a first-order calculus, and transform the computational steps of constraint solving into logic proofs, which are then validated using proof-checking algorithms. As an application, we demonstrate how proofs generated from our solver can establish many nonlinear lemmas in the theormal proof of the Kepler Conjecture.