SNARKs for C : verifying program executions succinctly and in zero knowledge

• dc.contributor.advisor: Ronald L. Rivest and Eli Ben-Sasson.
• dc.contributor.author: Virza, Madars
• dc.contributor.other: Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science.
• dc.date.copyright: 2014
• dc.date.issued: 2014
• dc.identifier.uri: http://hdl.handle.net/1721.1/87953
• dc.description: Thesis: S.M., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2014.
• dc.description: Cataloged from PDF version of thesis.
• dc.description: Includes bibliographical references (pages 69-72).
• dc.description.abstract: We present a proof system that allows efficient verification of NP statements, given proofs produced by an untrusted yet computationally-bounded prover. Our system is publicly verifiable: after a trusted third-party has generated a proving key and a verification key, anyone can use the proving key to generate non-interactive proofs for adaptively-chosen NP statements, and the proofs can be verified by anyone using the verification key. Moreover, our system is statistically zero-knowledge and the generated public parameters are reusable. The NP-complete language we choose is the correct execution of programs on TinyRAM, a minimalistic (nondeterministic) random-access machine that we design. Together with TinyRAM port of gcc compiler this achieves the first practical realization of a zero-knowledge Succinct Non-interactive ARgument of Knowledge (zk-SNARK) for program executions, in the preprocessing model. This cryptographic primitive is a powerful solution for delegating N P computations, and enjoys many features not achieved by primitives implemented in prior works, most importantly, succinct verification and support for arbitrary computations. Our approach builds on recent theoretical work in the area of outsourced verified computation. We present efficiency improvements and implementations of the two main ingredients: 1. A transformation that, given as input a C program, outputs a circuit whose satisfiability encodes the correct execution of the program. We leverage nondeterminism to make the generated circuit's size merely quasilinear in the size of the computation; in particular, we efficiently handle arbitrary loops, control flow, and random-memory accesses. This is in contrast with existing "circuit compilers", which produce circuits of quadratic size. 2. A transformation that, given as input a linear PCP for verifying satisfiability of circuits, outputs a corresponding SNARK. Furthermore, by building on recent work about quadratic span programs, using suitable choices of finite field and FFT algorithms, we give a very efficient implementation of a zero-knowledge linear PCP: linear-time query generation and quasilinear-time prover.
• dc.description.statementofresponsibility: by Madars Virza.
• dc.format.extent: 72 pages
• dc.language.iso: eng
• dc.publisher: Massachusetts Institute of Technology
• dc.subject: Electrical Engineering and Computer Science.
• dc.title.alternative: Succinct Non-interactive ARgument of Knowledges for C : verifying program executions succinctly and in zero knowledge
• dc.title.alternative: Verifying program executions succinctly and in zero knowledge
• dc.type: Thesis
• dc.description.degree: S.M.
• dc.contributor.department: Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science
• dc.identifier.oclc: 880419628