Abstract
Existing protocols for proving the correct execution of a RAM program in zero-knowledge are plagued by a processor expressiveness tradeoff : supporting fewer instructions results in smaller processor circuits (which improves performance), but may result in more program execution steps because non-supported instruction must be emulated over multiple processor steps (diminishing performance). We present Dora, a very simple and concretely efficient zero-knowledge protocol for RAM programs that sidesteps this tension by making it (nearly) free to add additional instructions to the processor. The computational and communication complexity of proving each step of a computation in Dora, is constant in the number of supported instructions. Dora’s approach is united by intuitive abstraction we call a ZKBag, a cryptographic primitive constructed from linearly homomorphic commitments that captures the properties of a physical bag. We implement Dora and demonstrate that on commodity hardware it can prove the correct execution of a processor with thousands of instruction, each of which has thousands of gates, in just a few milliseconds per step.
| Originalsprog | Engelsk |
|---|---|
| Titel | CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security |
| Antal sider | 15 |
| Forlag | Association for Computing Machinery |
| Publikationsdato | 9 dec. 2024 |
| Sider | 869-883 |
| ISBN (Elektronisk) | 9798400706363 |
| DOI | |
| Status | Udgivet - 9 dec. 2024 |
| Begivenhed | 31st ACM SIGSAC Conference on Computer and Communications Security, CCS 2024 - Salt Lake City, USA Varighed: 14 okt. 2024 → 18 okt. 2024 |
Konference
| Konference | 31st ACM SIGSAC Conference on Computer and Communications Security, CCS 2024 |
|---|---|
| Land/Område | USA |
| By | Salt Lake City |
| Periode | 14/10/2024 → 18/10/2024 |