{"title":"Ligerolight:基于 IOP 的优化区块链可扩展性零知识论证","authors":"Zongyang Zhang, Weihan Li, Ximeng Liu, Xin Chen, Qihang Peng","doi":"10.1109/TDSC.2023.3336717","DOIUrl":null,"url":null,"abstract":"Zero-knowledge scalable transparent arguments of knowledge (zk-STARKs) are a promising approach to solving the blockchain scalability problem while maintaining security, decentralization and privacy. However, compared with zero-knowledge proofs with trusted setups deployed in existing scalability solutions, zk-STARKs are usually less efficient. In this paper, we introduce Ligerolight, an optimized zk-STARK for the arithmetic circuit satisfiability problem following the framework of Ligero (ACM CCS 2017) and Aurora (Eurocrypt 2019) based on interactive oracle proof, which could be used for blockchain scalability. Evaluations show that Ligerolight has performance advantages compared with existing zk-STARKs. The prover time is 30% faster than Aurora to generate proof for computing an authentication path of a Merkle tree with 32 leaves. The proof size is about 131 KB, one-tenth of Ligero and 50% smaller than Aurora. The verifier time is 2 times as fast as Aurora. Underlying Ligerolight is a new batch zero-knowledge inner product argument, allowing to prove multiple inner product relations once. Using this argument, we build a batch multivariate polynomial commitment with poly-logarithmic communication complexity and verification. This polynomial commitment is particularly efficient when opening multiple points in multiple polynomials at one time, and may be of independent interest in constructing scalability solutions.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.0000,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Ligerolight: Optimized IOP-Based Zero-Knowledge Argument for Blockchain Scalability\",\"authors\":\"Zongyang Zhang, Weihan Li, Ximeng Liu, Xin Chen, Qihang Peng\",\"doi\":\"10.1109/TDSC.2023.3336717\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Zero-knowledge scalable transparent arguments of knowledge (zk-STARKs) are a promising approach to solving the blockchain scalability problem while maintaining security, decentralization and privacy. However, compared with zero-knowledge proofs with trusted setups deployed in existing scalability solutions, zk-STARKs are usually less efficient. In this paper, we introduce Ligerolight, an optimized zk-STARK for the arithmetic circuit satisfiability problem following the framework of Ligero (ACM CCS 2017) and Aurora (Eurocrypt 2019) based on interactive oracle proof, which could be used for blockchain scalability. Evaluations show that Ligerolight has performance advantages compared with existing zk-STARKs. The prover time is 30% faster than Aurora to generate proof for computing an authentication path of a Merkle tree with 32 leaves. The proof size is about 131 KB, one-tenth of Ligero and 50% smaller than Aurora. The verifier time is 2 times as fast as Aurora. Underlying Ligerolight is a new batch zero-knowledge inner product argument, allowing to prove multiple inner product relations once. Using this argument, we build a batch multivariate polynomial commitment with poly-logarithmic communication complexity and verification. This polynomial commitment is particularly efficient when opening multiple points in multiple polynomials at one time, and may be of independent interest in constructing scalability solutions.\",\"PeriodicalId\":13047,\"journal\":{\"name\":\"IEEE Transactions on Dependable and Secure Computing\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":7.0000,\"publicationDate\":\"2024-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Dependable and Secure Computing\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1109/TDSC.2023.3336717\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Dependable and Secure Computing","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1109/TDSC.2023.3336717","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
Ligerolight: Optimized IOP-Based Zero-Knowledge Argument for Blockchain Scalability
Zero-knowledge scalable transparent arguments of knowledge (zk-STARKs) are a promising approach to solving the blockchain scalability problem while maintaining security, decentralization and privacy. However, compared with zero-knowledge proofs with trusted setups deployed in existing scalability solutions, zk-STARKs are usually less efficient. In this paper, we introduce Ligerolight, an optimized zk-STARK for the arithmetic circuit satisfiability problem following the framework of Ligero (ACM CCS 2017) and Aurora (Eurocrypt 2019) based on interactive oracle proof, which could be used for blockchain scalability. Evaluations show that Ligerolight has performance advantages compared with existing zk-STARKs. The prover time is 30% faster than Aurora to generate proof for computing an authentication path of a Merkle tree with 32 leaves. The proof size is about 131 KB, one-tenth of Ligero and 50% smaller than Aurora. The verifier time is 2 times as fast as Aurora. Underlying Ligerolight is a new batch zero-knowledge inner product argument, allowing to prove multiple inner product relations once. Using this argument, we build a batch multivariate polynomial commitment with poly-logarithmic communication complexity and verification. This polynomial commitment is particularly efficient when opening multiple points in multiple polynomials at one time, and may be of independent interest in constructing scalability solutions.
期刊介绍:
The "IEEE Transactions on Dependable and Secure Computing (TDSC)" is a prestigious journal that publishes high-quality, peer-reviewed research in the field of computer science, specifically targeting the development of dependable and secure computing systems and networks. This journal is dedicated to exploring the fundamental principles, methodologies, and mechanisms that enable the design, modeling, and evaluation of systems that meet the required levels of reliability, security, and performance.
The scope of TDSC includes research on measurement, modeling, and simulation techniques that contribute to the understanding and improvement of system performance under various constraints. It also covers the foundations necessary for the joint evaluation, verification, and design of systems that balance performance, security, and dependability.
By publishing archival research results, TDSC aims to provide a valuable resource for researchers, engineers, and practitioners working in the areas of cybersecurity, fault tolerance, and system reliability. The journal's focus on cutting-edge research ensures that it remains at the forefront of advancements in the field, promoting the development of technologies that are critical for the functioning of modern, complex systems.