Loading…

How to prove any NP statement jointly? Efficient Distributed-prover Zero-Knowledge Protocols

Traditional zero-knowledge protocols have been studied and optimized for the setting where a single prover holds the complete witness and tries to convince a verifier about a predicate on the witness, without revealing any additional information to the verifier. In this work, we study the notion of...

Full description

Saved in:
Bibliographic Details
Published in:Proceedings on Privacy Enhancing Technologies 2022-04, Vol.2022 (2), p.517-556
Main Authors: Dayama, Pankaj, Patra, Arpita, Paul, Protik, Singh, Nitin, Vinayagamurthy, Dhinakaran
Format: Article
Language:English
Subjects:
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites cdi_FETCH-LOGICAL-c1407-fcdadec57fd8d304742e1868c4d5229db0e80b8693cde2965cc2a07b21a3c38d3
container_end_page 556
container_issue 2
container_start_page 517
container_title Proceedings on Privacy Enhancing Technologies
container_volume 2022
creator Dayama, Pankaj
Patra, Arpita
Paul, Protik
Singh, Nitin
Vinayagamurthy, Dhinakaran
description Traditional zero-knowledge protocols have been studied and optimized for the setting where a single prover holds the complete witness and tries to convince a verifier about a predicate on the witness, without revealing any additional information to the verifier. In this work, we study the notion of distributed-prover zero knowledge (DPZK) for arbitrary predicates where the witness is shared among multiple mutually distrusting provers and they want to convince a verifier that their shares together satisfy the predicate. We make the following contributions to the notion of distributed proof generation: (i) we propose a new MPC-style security definition to capture the adversarial settings possible for different collusion models between the provers and the verifier, (ii) we discuss new efficiency parameters for distributed proof generation such as the number of rounds of interaction and the amount of communication among the provers, and (iii) we propose a compiler that realizes distributed proof generation from the zero-knowledge protocols in the Interactive Oracle Proofs (IOP) paradigm. Our compiler can be used to obtain DPZK from arbitrary IOP protocols, but the concrete efficiency overheads are substantial in general. To this end, we contribute (iv) a new zero-knowledge IOP Graphene which can be compiled into an efficient DPZK protocol. The (D + 1)-DPZK protocol D-Graphene, with D provers and one verifier, admits ) proof size with a communication complexity of (D ·( )), where is the number of gates in the arithmetic circuit representing the predicate and is the number of wires that depends on inputs from two or more parties. Significantly, only the distributed proof generation in D-Graphene requires interaction among the provers. D-Graphene compares favourably with the DPZK protocols obtained from the state-of-art zero-knowledge protocols, even those not modelled as IOPs.
doi_str_mv 10.2478/popets-2022-0055
format article
fullrecord <record><control><sourceid>walterdegruyter_cross</sourceid><recordid>TN_cdi_crossref_primary_10_2478_popets_2022_0055</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>10_2478_popets_2022_005520222517</sourcerecordid><originalsourceid>FETCH-LOGICAL-c1407-fcdadec57fd8d304742e1868c4d5229db0e80b8693cde2965cc2a07b21a3c38d3</originalsourceid><addsrcrecordid>eNp1kEFLwzAYhoMoOObuHvMHoknatOlJZU4nDt1BLyKENPk6OrqmJJmj_97WefDi6Xv54Hl5eRC6ZPSKp7m87lwHMRBOOSeUCnGCJpwXBaGFTE__5HM0C2FLKWWZYEzICfpcugOODnfefQHWbY9f1jhEHWEHbcRbV7ex6W_woqpqU4-v-zpEX5f7CJb8UB5_gHfkuXWHBuwG8Nq76IxrwgU6q3QTYPZ7p-j9YfE2X5LV6-PT_G5FDEtpTipjtQUj8spKm9A0TzkwmUmTWjFMtyUFSUuZFYmxwItMGMM1zUvOdGKSAZkieuw13oXgoVKdr3fa94pRNQpSR0FqFKRGQQNye0QOuongLWz8vh-C2rq9b4ex_6Jj4ILlyTdP9HFv</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>How to prove any NP statement jointly? Efficient Distributed-prover Zero-Knowledge Protocols</title><source>EZB Electronic Journals Library</source><creator>Dayama, Pankaj ; Patra, Arpita ; Paul, Protik ; Singh, Nitin ; Vinayagamurthy, Dhinakaran</creator><creatorcontrib>Dayama, Pankaj ; Patra, Arpita ; Paul, Protik ; Singh, Nitin ; Vinayagamurthy, Dhinakaran</creatorcontrib><description>Traditional zero-knowledge protocols have been studied and optimized for the setting where a single prover holds the complete witness and tries to convince a verifier about a predicate on the witness, without revealing any additional information to the verifier. In this work, we study the notion of distributed-prover zero knowledge (DPZK) for arbitrary predicates where the witness is shared among multiple mutually distrusting provers and they want to convince a verifier that their shares together satisfy the predicate. We make the following contributions to the notion of distributed proof generation: (i) we propose a new MPC-style security definition to capture the adversarial settings possible for different collusion models between the provers and the verifier, (ii) we discuss new efficiency parameters for distributed proof generation such as the number of rounds of interaction and the amount of communication among the provers, and (iii) we propose a compiler that realizes distributed proof generation from the zero-knowledge protocols in the Interactive Oracle Proofs (IOP) paradigm. Our compiler can be used to obtain DPZK from arbitrary IOP protocols, but the concrete efficiency overheads are substantial in general. To this end, we contribute (iv) a new zero-knowledge IOP Graphene which can be compiled into an efficient DPZK protocol. The (D + 1)-DPZK protocol D-Graphene, with D provers and one verifier, admits ) proof size with a communication complexity of (D ·( )), where is the number of gates in the arithmetic circuit representing the predicate and is the number of wires that depends on inputs from two or more parties. Significantly, only the distributed proof generation in D-Graphene requires interaction among the provers. D-Graphene compares favourably with the DPZK protocols obtained from the state-of-art zero-knowledge protocols, even those not modelled as IOPs.</description><identifier>ISSN: 2299-0984</identifier><identifier>EISSN: 2299-0984</identifier><identifier>DOI: 10.2478/popets-2022-0055</identifier><language>eng</language><publisher>Sciendo</publisher><subject>Distributed-Prover Zero-Knowledge ; Secure Multi-Party Computation ; Zero-Knowledge Proofs</subject><ispartof>Proceedings on Privacy Enhancing Technologies, 2022-04, Vol.2022 (2), p.517-556</ispartof><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c1407-fcdadec57fd8d304742e1868c4d5229db0e80b8693cde2965cc2a07b21a3c38d3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,780,784,27924,27925</link.rule.ids></links><search><creatorcontrib>Dayama, Pankaj</creatorcontrib><creatorcontrib>Patra, Arpita</creatorcontrib><creatorcontrib>Paul, Protik</creatorcontrib><creatorcontrib>Singh, Nitin</creatorcontrib><creatorcontrib>Vinayagamurthy, Dhinakaran</creatorcontrib><title>How to prove any NP statement jointly? Efficient Distributed-prover Zero-Knowledge Protocols</title><title>Proceedings on Privacy Enhancing Technologies</title><description>Traditional zero-knowledge protocols have been studied and optimized for the setting where a single prover holds the complete witness and tries to convince a verifier about a predicate on the witness, without revealing any additional information to the verifier. In this work, we study the notion of distributed-prover zero knowledge (DPZK) for arbitrary predicates where the witness is shared among multiple mutually distrusting provers and they want to convince a verifier that their shares together satisfy the predicate. We make the following contributions to the notion of distributed proof generation: (i) we propose a new MPC-style security definition to capture the adversarial settings possible for different collusion models between the provers and the verifier, (ii) we discuss new efficiency parameters for distributed proof generation such as the number of rounds of interaction and the amount of communication among the provers, and (iii) we propose a compiler that realizes distributed proof generation from the zero-knowledge protocols in the Interactive Oracle Proofs (IOP) paradigm. Our compiler can be used to obtain DPZK from arbitrary IOP protocols, but the concrete efficiency overheads are substantial in general. To this end, we contribute (iv) a new zero-knowledge IOP Graphene which can be compiled into an efficient DPZK protocol. The (D + 1)-DPZK protocol D-Graphene, with D provers and one verifier, admits ) proof size with a communication complexity of (D ·( )), where is the number of gates in the arithmetic circuit representing the predicate and is the number of wires that depends on inputs from two or more parties. Significantly, only the distributed proof generation in D-Graphene requires interaction among the provers. D-Graphene compares favourably with the DPZK protocols obtained from the state-of-art zero-knowledge protocols, even those not modelled as IOPs.</description><subject>Distributed-Prover Zero-Knowledge</subject><subject>Secure Multi-Party Computation</subject><subject>Zero-Knowledge Proofs</subject><issn>2299-0984</issn><issn>2299-0984</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2022</creationdate><recordtype>article</recordtype><recordid>eNp1kEFLwzAYhoMoOObuHvMHoknatOlJZU4nDt1BLyKENPk6OrqmJJmj_97WefDi6Xv54Hl5eRC6ZPSKp7m87lwHMRBOOSeUCnGCJpwXBaGFTE__5HM0C2FLKWWZYEzICfpcugOODnfefQHWbY9f1jhEHWEHbcRbV7ex6W_woqpqU4-v-zpEX5f7CJb8UB5_gHfkuXWHBuwG8Nq76IxrwgU6q3QTYPZ7p-j9YfE2X5LV6-PT_G5FDEtpTipjtQUj8spKm9A0TzkwmUmTWjFMtyUFSUuZFYmxwItMGMM1zUvOdGKSAZkieuw13oXgoVKdr3fa94pRNQpSR0FqFKRGQQNye0QOuongLWz8vh-C2rq9b4ex_6Jj4ILlyTdP9HFv</recordid><startdate>20220401</startdate><enddate>20220401</enddate><creator>Dayama, Pankaj</creator><creator>Patra, Arpita</creator><creator>Paul, Protik</creator><creator>Singh, Nitin</creator><creator>Vinayagamurthy, Dhinakaran</creator><general>Sciendo</general><scope>AAYXX</scope><scope>CITATION</scope></search><sort><creationdate>20220401</creationdate><title>How to prove any NP statement jointly? Efficient Distributed-prover Zero-Knowledge Protocols</title><author>Dayama, Pankaj ; Patra, Arpita ; Paul, Protik ; Singh, Nitin ; Vinayagamurthy, Dhinakaran</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c1407-fcdadec57fd8d304742e1868c4d5229db0e80b8693cde2965cc2a07b21a3c38d3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2022</creationdate><topic>Distributed-Prover Zero-Knowledge</topic><topic>Secure Multi-Party Computation</topic><topic>Zero-Knowledge Proofs</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Dayama, Pankaj</creatorcontrib><creatorcontrib>Patra, Arpita</creatorcontrib><creatorcontrib>Paul, Protik</creatorcontrib><creatorcontrib>Singh, Nitin</creatorcontrib><creatorcontrib>Vinayagamurthy, Dhinakaran</creatorcontrib><collection>CrossRef</collection><jtitle>Proceedings on Privacy Enhancing Technologies</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Dayama, Pankaj</au><au>Patra, Arpita</au><au>Paul, Protik</au><au>Singh, Nitin</au><au>Vinayagamurthy, Dhinakaran</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>How to prove any NP statement jointly? Efficient Distributed-prover Zero-Knowledge Protocols</atitle><jtitle>Proceedings on Privacy Enhancing Technologies</jtitle><date>2022-04-01</date><risdate>2022</risdate><volume>2022</volume><issue>2</issue><spage>517</spage><epage>556</epage><pages>517-556</pages><issn>2299-0984</issn><eissn>2299-0984</eissn><abstract>Traditional zero-knowledge protocols have been studied and optimized for the setting where a single prover holds the complete witness and tries to convince a verifier about a predicate on the witness, without revealing any additional information to the verifier. In this work, we study the notion of distributed-prover zero knowledge (DPZK) for arbitrary predicates where the witness is shared among multiple mutually distrusting provers and they want to convince a verifier that their shares together satisfy the predicate. We make the following contributions to the notion of distributed proof generation: (i) we propose a new MPC-style security definition to capture the adversarial settings possible for different collusion models between the provers and the verifier, (ii) we discuss new efficiency parameters for distributed proof generation such as the number of rounds of interaction and the amount of communication among the provers, and (iii) we propose a compiler that realizes distributed proof generation from the zero-knowledge protocols in the Interactive Oracle Proofs (IOP) paradigm. Our compiler can be used to obtain DPZK from arbitrary IOP protocols, but the concrete efficiency overheads are substantial in general. To this end, we contribute (iv) a new zero-knowledge IOP Graphene which can be compiled into an efficient DPZK protocol. The (D + 1)-DPZK protocol D-Graphene, with D provers and one verifier, admits ) proof size with a communication complexity of (D ·( )), where is the number of gates in the arithmetic circuit representing the predicate and is the number of wires that depends on inputs from two or more parties. Significantly, only the distributed proof generation in D-Graphene requires interaction among the provers. D-Graphene compares favourably with the DPZK protocols obtained from the state-of-art zero-knowledge protocols, even those not modelled as IOPs.</abstract><pub>Sciendo</pub><doi>10.2478/popets-2022-0055</doi><tpages>40</tpages><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 2299-0984
ispartof Proceedings on Privacy Enhancing Technologies, 2022-04, Vol.2022 (2), p.517-556
issn 2299-0984
2299-0984
language eng
recordid cdi_crossref_primary_10_2478_popets_2022_0055
source EZB Electronic Journals Library
subjects Distributed-Prover Zero-Knowledge
Secure Multi-Party Computation
Zero-Knowledge Proofs
title How to prove any NP statement jointly? Efficient Distributed-prover Zero-Knowledge Protocols
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-04T21%3A53%3A08IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-walterdegruyter_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=How%20to%20prove%20any%20NP%20statement%20jointly?%20Efficient%20Distributed-prover%20Zero-Knowledge%20Protocols&rft.jtitle=Proceedings%20on%20Privacy%20Enhancing%20Technologies&rft.au=Dayama,%20Pankaj&rft.date=2022-04-01&rft.volume=2022&rft.issue=2&rft.spage=517&rft.epage=556&rft.pages=517-556&rft.issn=2299-0984&rft.eissn=2299-0984&rft_id=info:doi/10.2478/popets-2022-0055&rft_dat=%3Cwalterdegruyter_cross%3E10_2478_popets_2022_005520222517%3C/walterdegruyter_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c1407-fcdadec57fd8d304742e1868c4d5229db0e80b8693cde2965cc2a07b21a3c38d3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true