Mac′n′Cheese: Zero-Knowledge Proofs for Boolean and Arithmetic Circuits with Nested Disjunctions

Carsten Baum; Alex J. Malozemoff; Marc B. Rosen; Peter Scholl

doi:10.1007/978-3-030-84259-8_4

Mac^′n^′Cheese: Zero-Knowledge Proofs for Boolean and Arithmetic Circuits with Nested Disjunctions

Carsten Baum
, Alex J. Malozemoff
, Marc B. Rosen
, Peter Scholl

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

62 Scopus citations

Abstract

Zero knowledge proofs are an important building block in many cryptographic applications. Unfortunately, when the proof statements become very large, existing zero-knowledge proof systems easily reach their limits: either the computational overhead, the memory footprint, or the required bandwidth exceed levels that would be tolerable in practice. We present an interactive zero-knowledge proof system for boolean and arithmetic circuits, called Mac^′n^′Cheese, with a focus on supporting large circuits. Our work follows the commit-and-prove paradigm instantiated using information-theoretic MACs based on vector oblivious linear evaluation to achieve high efficiency. We additionally show how to optimize disjunctions, with a general OR transformation for proving the disjunction of m statements that has communication complexity proportional to the longest statement (plus an additive term logarithmic in m). These disjunctions can further be nested, allowing efficient proofs about complex statements with many levels of disjunctions. We also show how to make Mac^′n^′Cheese non-interactive (after a preprocessing phase) using the Fiat-Shamir transform, and with only a small degradation in soundness. We have implemented the online phase of Mac^′n^′Cheese and achieve a runtime of 144 ns per AND gate and 1.5 μ s per multiplication gate in F261-1 when run over a network with a 95 ms latency and a bandwidth of 31.5 Mbps. In addition, we show that the disjunction optimization improves communication as expected: when proving a boolean circuit with eight branches and each branch containing roughly 1 billion multiplications, Mac^′n^′Cheese requires only 75 more bytes to communicate than in the single branch case.

Original language	English
Title of host publication	Advances in Cryptology – CRYPTO 2021 - 41st Annual International Cryptology Conference, CRYPTO 2021, Proceedings
Editors	Tal Malkin, Chris Peikert
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	92-122
Number of pages	31
ISBN (Print)	9783030842581
DOIs	https://doi.org/10.1007/978-3-030-84259-8_4
State	Published - 2021
Externally published	Yes
Event	41st Annual International Cryptology Conference, CRYPTO 2021 - Virtual, Online Duration: 16 Aug 2021 → 20 Aug 2021

Publication series

Name	Lecture Notes in Computer Science
Volume	12828 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	41st Annual International Cryptology Conference, CRYPTO 2021
City	Virtual, Online
Period	16/08/21 → 20/08/21

Bibliographical note

Publisher Copyright:
© 2021, International Association for Cryptologic Research.

Funding

Acknowledgments. This material is based upon work supported by the Defense Advanced Research Projects Agency (DARPA) under Contract No. HR001120C0085. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the 5 In more detail, the branched circuit contained one branch computing 150 000 iter-ations of AES (960 million multiplication gates) and the other branch computing 45 000 iterations of SHA-2 (1.002 billion multiplication gates). The non-branched circuit only ran the SHA-2 portion of the aforementioned circuit.

Funders	Funder number
Defense Advanced Research Projects Agency	HR001120C0085

Access to Document

10.1007/978-3-030-84259-8_4

Cite this

Baum, C., Malozemoff, A. J., Rosen, M. B., & Scholl, P. (2021). Mac^′n^′Cheese: Zero-Knowledge Proofs for Boolean and Arithmetic Circuits with Nested Disjunctions. In T. Malkin, & C. Peikert (Eds.), Advances in Cryptology – CRYPTO 2021 - 41st Annual International Cryptology Conference, CRYPTO 2021, Proceedings (pp. 92-122). (Lecture Notes in Computer Science; Vol. 12828 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-84259-8_4

Baum, Carsten ; Malozemoff, Alex J. ; Rosen, Marc B. et al. / Mac^′n^′Cheese : Zero-Knowledge Proofs for Boolean and Arithmetic Circuits with Nested Disjunctions. Advances in Cryptology – CRYPTO 2021 - 41st Annual International Cryptology Conference, CRYPTO 2021, Proceedings. editor / Tal Malkin ; Chris Peikert. Springer Science and Business Media Deutschland GmbH, 2021. pp. 92-122 (Lecture Notes in Computer Science).

@inproceedings{7ae151ccb94040b1915d629320d34d73,

title = "Mac′n′Cheese: Zero-Knowledge Proofs for Boolean and Arithmetic Circuits with Nested Disjunctions",

abstract = "Zero knowledge proofs are an important building block in many cryptographic applications. Unfortunately, when the proof statements become very large, existing zero-knowledge proof systems easily reach their limits: either the computational overhead, the memory footprint, or the required bandwidth exceed levels that would be tolerable in practice. We present an interactive zero-knowledge proof system for boolean and arithmetic circuits, called Mac′n′Cheese, with a focus on supporting large circuits. Our work follows the commit-and-prove paradigm instantiated using information-theoretic MACs based on vector oblivious linear evaluation to achieve high efficiency. We additionally show how to optimize disjunctions, with a general OR transformation for proving the disjunction of m statements that has communication complexity proportional to the longest statement (plus an additive term logarithmic in m). These disjunctions can further be nested, allowing efficient proofs about complex statements with many levels of disjunctions. We also show how to make Mac′n′Cheese non-interactive (after a preprocessing phase) using the Fiat-Shamir transform, and with only a small degradation in soundness. We have implemented the online phase of Mac′n′Cheese and achieve a runtime of 144 ns per AND gate and 1.5 μ s per multiplication gate in F261-1 when run over a network with a 95 ms latency and a bandwidth of 31.5 Mbps. In addition, we show that the disjunction optimization improves communication as expected: when proving a boolean circuit with eight branches and each branch containing roughly 1 billion multiplications, Mac′n′Cheese requires only 75 more bytes to communicate than in the single branch case.",

author = "Carsten Baum and Malozemoff, \{Alex J.\} and Rosen, \{Marc B.\} and Peter Scholl",

note = "Publisher Copyright: {\textcopyright} 2021, International Association for Cryptologic Research.; 41st Annual International Cryptology Conference, CRYPTO 2021 ; Conference date: 16-08-2021 Through 20-08-2021",

year = "2021",

doi = "10.1007/978-3-030-84259-8\_4",

language = "אנגלית",

isbn = "9783030842581",

series = "Lecture Notes in Computer Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "92--122",

editor = "Tal Malkin and Chris Peikert",

booktitle = "Advances in Cryptology – CRYPTO 2021 - 41st Annual International Cryptology Conference, CRYPTO 2021, Proceedings",

address = "גרמניה",

}

Baum, C, Malozemoff, AJ, Rosen, MB & Scholl, P 2021, Mac^′n^′Cheese: Zero-Knowledge Proofs for Boolean and Arithmetic Circuits with Nested Disjunctions. in T Malkin & C Peikert (eds), Advances in Cryptology – CRYPTO 2021 - 41st Annual International Cryptology Conference, CRYPTO 2021, Proceedings. Lecture Notes in Computer Science, vol. 12828 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 92-122, 41st Annual International Cryptology Conference, CRYPTO 2021, Virtual, Online, 16/08/21. https://doi.org/10.1007/978-3-030-84259-8_4

Mac^′n^′Cheese: Zero-Knowledge Proofs for Boolean and Arithmetic Circuits with Nested Disjunctions. / Baum, Carsten; Malozemoff, Alex J.; Rosen, Marc B. et al.
Advances in Cryptology – CRYPTO 2021 - 41st Annual International Cryptology Conference, CRYPTO 2021, Proceedings. ed. / Tal Malkin; Chris Peikert. Springer Science and Business Media Deutschland GmbH, 2021. p. 92-122 (Lecture Notes in Computer Science; Vol. 12828 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Mac′n′Cheese

T2 - 41st Annual International Cryptology Conference, CRYPTO 2021

AU - Baum, Carsten

AU - Malozemoff, Alex J.

AU - Rosen, Marc B.

AU - Scholl, Peter

PY - 2021

Y1 - 2021

N2 - Zero knowledge proofs are an important building block in many cryptographic applications. Unfortunately, when the proof statements become very large, existing zero-knowledge proof systems easily reach their limits: either the computational overhead, the memory footprint, or the required bandwidth exceed levels that would be tolerable in practice. We present an interactive zero-knowledge proof system for boolean and arithmetic circuits, called Mac′n′Cheese, with a focus on supporting large circuits. Our work follows the commit-and-prove paradigm instantiated using information-theoretic MACs based on vector oblivious linear evaluation to achieve high efficiency. We additionally show how to optimize disjunctions, with a general OR transformation for proving the disjunction of m statements that has communication complexity proportional to the longest statement (plus an additive term logarithmic in m). These disjunctions can further be nested, allowing efficient proofs about complex statements with many levels of disjunctions. We also show how to make Mac′n′Cheese non-interactive (after a preprocessing phase) using the Fiat-Shamir transform, and with only a small degradation in soundness. We have implemented the online phase of Mac′n′Cheese and achieve a runtime of 144 ns per AND gate and 1.5 μ s per multiplication gate in F261-1 when run over a network with a 95 ms latency and a bandwidth of 31.5 Mbps. In addition, we show that the disjunction optimization improves communication as expected: when proving a boolean circuit with eight branches and each branch containing roughly 1 billion multiplications, Mac′n′Cheese requires only 75 more bytes to communicate than in the single branch case.

AB - Zero knowledge proofs are an important building block in many cryptographic applications. Unfortunately, when the proof statements become very large, existing zero-knowledge proof systems easily reach their limits: either the computational overhead, the memory footprint, or the required bandwidth exceed levels that would be tolerable in practice. We present an interactive zero-knowledge proof system for boolean and arithmetic circuits, called Mac′n′Cheese, with a focus on supporting large circuits. Our work follows the commit-and-prove paradigm instantiated using information-theoretic MACs based on vector oblivious linear evaluation to achieve high efficiency. We additionally show how to optimize disjunctions, with a general OR transformation for proving the disjunction of m statements that has communication complexity proportional to the longest statement (plus an additive term logarithmic in m). These disjunctions can further be nested, allowing efficient proofs about complex statements with many levels of disjunctions. We also show how to make Mac′n′Cheese non-interactive (after a preprocessing phase) using the Fiat-Shamir transform, and with only a small degradation in soundness. We have implemented the online phase of Mac′n′Cheese and achieve a runtime of 144 ns per AND gate and 1.5 μ s per multiplication gate in F261-1 when run over a network with a 95 ms latency and a bandwidth of 31.5 Mbps. In addition, we show that the disjunction optimization improves communication as expected: when proving a boolean circuit with eight branches and each branch containing roughly 1 billion multiplications, Mac′n′Cheese requires only 75 more bytes to communicate than in the single branch case.

UR - https://www.scopus.com/pages/publications/85115120003

U2 - 10.1007/978-3-030-84259-8_4

DO - 10.1007/978-3-030-84259-8_4

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:85115120003

SN - 9783030842581

T3 - Lecture Notes in Computer Science

SP - 92

EP - 122

BT - Advances in Cryptology – CRYPTO 2021 - 41st Annual International Cryptology Conference, CRYPTO 2021, Proceedings

A2 - Malkin, Tal

A2 - Peikert, Chris

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 16 August 2021 through 20 August 2021

ER -

Baum C, Malozemoff AJ, Rosen MB, Scholl P. Mac^′n^′Cheese: Zero-Knowledge Proofs for Boolean and Arithmetic Circuits with Nested Disjunctions. In Malkin T, Peikert C, editors, Advances in Cryptology – CRYPTO 2021 - 41st Annual International Cryptology Conference, CRYPTO 2021, Proceedings. Springer Science and Business Media Deutschland GmbH. 2021. p. 92-122. (Lecture Notes in Computer Science). doi: 10.1007/978-3-030-84259-8_4