Batchman and Robin: Batched and Non-batched Branching for Interactive ZK

Yibin Yang, David Heath, Carmit Hazay, Vladimir Kolesnikov, Muthuramakrishnan Venkitasubramaniam

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Vector Oblivious Linear Evaluation (VOLE) supports fast and scal-able interactive Zero-Knowledge (ZK) proofs. Despite recent improvements to VOLE-based ZK, compiling proof statements to a control-flow oblivious form (e.g., a circuit) continues to lead to expensive proofs. One useful setting where this inefficiency stands out is when the statement is a disjunction of clauses L1 LB. Typically, ZK requires paying the price to handle all B branches. Prior works have shown how to avoid this price in communication, but not in computation. Our main result, Batchman, is asymptotically and concretely efficient VOLE-based ZK for batched disjunctions, i.e. statements containing R repetitions of the same disjunction. This is crucial for, e.g., emulating CPU steps in ZK. Our prover and verifier complexity is only O(RB+R|C| + B|C|), where |C| is the maximum circuit size of the B branches. Prior works' computation scales in RB|C|. For non-batched disjunctions, we also construct a VOLE-based ZK protocol, Robin, which is (only) communication efficient. For small fields and for statistical security parameter, this proto-col's communication improves over the previous state of the art (Mac'n 'Cheese, Baum et al., CRYPTO'21) by up to factor. Our implementation outperforms prior state of the art. E.g., we achieve up to 6× improvement over Mac'n'Cheese (Boolean, single disjunction), and for arithmetic batched disjunctions our experi-ments show we improve over QuickSilver (Yang et al., CCS'21) by up to 70× and over AntMan (Weng et al., CCS'22) by up to 36×.

Original languageEnglish
Title of host publicationCCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security
Pages1452-1466
Number of pages15
ISBN (Electronic)9798400700507
DOIs
StatePublished - 15 Nov 2023
Event30th ACM SIGSAC Conference on Computer and Communications Security, CCS 2023 - Copenhagen, Denmark
Duration: 26 Nov 202330 Nov 2023

Publication series

NameCCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

Conference

Conference30th ACM SIGSAC Conference on Computer and Communications Security, CCS 2023
Country/TerritoryDenmark
CityCopenhagen
Period26/11/2330/11/23

Keywords

  • Batched Disjunctions
  • Disjunctions
  • Zero Knowledge

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Computer Science Applications
  • Software

Fingerprint

Dive into the research topics of 'Batchman and Robin: Batched and Non-batched Branching for Interactive ZK'. Together they form a unique fingerprint.

Cite this