Flashproofs: Efficient zero-knowledge arguments of range and polynomial evaluation with transparent setup
发表信息
作者
- Nan Wang
- Sid Chi-Kin Chau
笔记
We propose Flashproofs, a new type of efficient special honest verifier zero-knowledge arguments with a transparent setup in the discrete logarithm (DL) setting. First, we put forth gas-efficient range arguments that achieve communication cost, and involve group exponentiations for verification and a slightly sub-linear number of group exponentiations for proving with respect to the range , where N is the bit length of the range. For typical confidential transactions on blockchain platforms supporting smart contracts, verifying our range arguments consumes only 237K and 318K gas for 32-bit and 64-bit ranges, which are comparable to 220K gas incurred by verifying the most efficient zkSNARK with a trusted setup (EUROCRYPT ’ 16) at present. Besides, the aggregation of multiple arguments can yield further efficiency improvement. Second, we present polynomial evaluation arguments based on the techniques of Bayer & Groth (EUROCRYPT ’ 13). We provide two zero-knowledge arguments, which are optimised for lower-degree () and higher-degree () polynomials, where D is the polynomial degree. Our arguments yield a non-trivial improvement in the overall efficiency. Notably, the number of group exponentiations for proving drops from to . The communication cost and the number of group exponentiations for verification decrease from to . To the best of our knowledge, our arguments instantiate the most communication-efficient arguments of membership and non-membership in the DL setting among those not requiring trusted setups. More importantly, our techniques enable a significantly asymptotic improvement in the efficiency of communication and verification (group exponentiations) from to when multiple arguments satisfying different polynomials with the same degree and inputs are aggregated.