ABSTRACT
Zero-knowledge proof (ZKP) is a promising cryptographic protocol for both computation integrity and privacy. It can be used in many privacy-preserving applications including verifiable cloud outsourcing and blockchains. The major obstacle of using ZKP in practice is its time-consuming step for proof generation, which consists of large-size polynomial computations and multi-scalar multiplications on elliptic curves. To efficiently and practically support ZKP in real-world applications, we propose PipeZK, a pipelined accelerator with two subsystems to handle the aforementioned two intensive compute tasks, respectively. The first subsystem uses a novel dataflow to decompose large kernels into smaller ones that execute on bandwidth-efficient hardware modules, with optimized off-chip memory accesses and on-chip compute resources. The second subsystem adopts a lightweight dynamic work dispatch mechanism to share the heavy processing units, with minimized resource underutilization and load imbalance. When evaluated in 28 nm, PipeZK can achieve 10x speedup on standard cryptographic benchmarks, and 5x on a widely-used cryptocurrency application, Zcash.
References
- "barrywhitehat. roll_up: Scale ethereum with snarks," https://github.com/barryWhiteHat/roll_up/.Google Scholar
- "bellman: a crate for building zk-snark circuits," https://github.com/zkcrypto/bellman.Google Scholar
- "bellperson: Gpu parallel acceleration for zk-snark," https://github.com/filecoin-project/bellperson.Google Scholar
- "Filecoin company," https://filecoin.io/.Google Scholar
- "Fpga snark prover targeting the bn128 curve," https://github.com/bsdevlin/fpga_snark_prover.Google Scholar
- "Gpu groth16 prover," https://github.com/CodaProtocol/gpu-groth16-prover-3x.Google Scholar
- "J.p. morgan quorum," https://www.goquorum.com/.Google Scholar
- "jsnark: A java library for building snarks," https://github.com/akosba/jsnark.Google Scholar
- "libsnark: a c++ library for zksnark proofs," https://github.com/scipr-lab/libsnark.Google Scholar
- "Qed-it," https://qed-it.com/.Google Scholar
- "The snark challenge: A global competition to speed up the snark prover," https://coinlist.co/build/coda.Google Scholar
- "Zcash company," https://z.cash/.Google Scholar
- "Ieee standard specifications for public-key cryptography," IEEE Std 1363-2000, pp. 1--228, 2000.Google Scholar
- H. Alrimeih and D. Rakhmatov, "Fast and flexible hardware support for ecc over multiple standard prime fields," IEEE Transactions on Very Large Scale Integration (VLSI) Systems, vol. 22, no. 12, pp. 2661--2674, 2014.Google Scholar
Cross Ref
- B. Baldwin, R. R. Goundar, M. Hamilton, and W. P. Marnane, "Co-Z ECC scalar multiplications for hardware, software and hardware-software co-design on embedded systems," Journal of Cryptographic Engineering, vol. 2, no. 4, pp. 221--240, 2012.Google Scholar
Cross Ref
- E. Ben-Sasson, I. Bentov, A. Chiesa, A. Gabizon, D. Genkin, M. Hamilis, E. Pergament, M. Riabzev, M. Silberstein, E. Tromer et al., "Computational integrity with a public random string from quasi-linear pcps," in Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 2017, pp. 551--579.Google Scholar
- E. Ben-Sasson, A. Chiesa, and N. Spooner, "Interactive oracle proofs," in Theory of Cryptography Conference. Springer, 2016, pp. 31--60. Google Scholar
Digital Library
- N. Bitansky, A. Chiesa, Y. Ishai, O. Paneth, and R. Ostrovsky, "Succinct non-interactive arguments via linear interactive proofs," in Theory of Cryptography Conference. Springer, 2013, pp. 315--333. Google Scholar
Digital Library
- D. Catalano and D. Fiore, "Vector commitments and their applications," in International Workshop on Public Key Cryptography. Springer, 2013, pp. 55--72.Google Scholar
- A. Chiesa, Y. Hu, M. Maller, P. Mishra, N. Vesely, and N. Ward, "Marlin: Preprocessing zksnarks with universal and updatable srs," in Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 2020, pp. 738--768.Google Scholar
- E. Chu and A. George, Inside the FFT black box: serial and parallel fast Fourier transform algorithms. CRC press, 1999.Google Scholar
- G. Danezis, C. Fournet, M. Kohlweiss, and B. Parno, "Pinocchio coin: building zerocoin from a succinct pairing-based proof system," in Proceedings of the First ACM workshop on Language support for privacy-enhancing technologies. ACM, 2013, pp. 27--30. Google Scholar
Digital Library
- A. Delignat-Lavaud, C. Fournet, M. Kohlweiss, and B. Parno, "Cinderella: Turning shabby x. 509 certificates into elegant anonymous credentials with the magic of verifiable computation," in 2016 IEEE Symposium on Security and Privacy (SP). IEEE, 2016, pp. 235--254.Google Scholar
- B. Fisch, J. Bonneau, N. Greco, and J. Benet, "Scaling proof-of-replication for filecoin mining," Benet//Technical report, Stanford University, 2018.Google Scholar
- A. Gabizon, Z. J. Williamson, and O. Ciobotaru, "Plonk: Permutations over lagrange-bases for oecumenical noninteractive arguments of knowledge." IACR Cryptol. ePrint Arch., vol. 2019, p. 953, 2019.Google Scholar
- H. S. Galal and A. M. Youssef, "Verifiable sealed-bid auction on the ethereum blockchain," in International Conference on Financial Cryptography and Data Security. Springer, 2018, pp. 265--278.Google Scholar
- R. Gennaro, C. Gentry, and B. Parno, "Non-interactive verifiable computing: Outsourcing computation to untrusted workers," in Annual Cryptology Conference. Springer, 2010, pp. 465--482. Google Scholar
Digital Library
- R. Gennaro, C. Gentry, B. Parno, and M. Raykova, "Quadratic span programs and succinct nizks without pcps," in Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 2013, pp. 626--645.Google Scholar
- C. Gentry, "Fully homomorphic encryption using ideal lattices," in Proceedings of the forty-first annual ACM symposium on Theory of computing, 2009, pp. 169--178. Google Scholar
Digital Library
- S. Goldwasser, S. Micali, and C. Rackoff, "The knowledge complexity of interactive proof systems," SIAM Journal on computing, vol. 18, no. 1, pp. 186--208, 1989. Google Scholar
Digital Library
- D. M. Gordon, "A survey of fast exponentiation methods," Journal of algorithms, vol. 27, no. 1, pp. 129--146, 1998. Google Scholar
Digital Library
- J. Groth, "On the size of pairing-based non-interactive arguments," in Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 2016, pp. 305--326.Google Scholar
- D. Hankerson and A. Menezes, Elliptic curve cryptography. Springer, 2011. Google Scholar
Digital Library
- S. He and M. Torkelson, "A new approach to pipeline fft processor," in Proceedings of International Conference on Parallel Processing. IEEE, 1996, pp. 766--770. Google Scholar
Digital Library
- D. Hopwood, S. Bowe, T. Hornby, and N. Wilcox, "Zcash protocol specification," GitHub: San Francisco, CA, USA, 2016.Google Scholar
- K. Javeed and X. Wang, "Low latency flexible fpga implementation of point multiplication on elliptic curves over gf (p)," International Journal of Circuit Theory and Applications, vol. 45, no. 2, pp. 214--228, 2017.Google Scholar
Cross Ref
- A. Kosba, A. Miller, E. Shi, Z. Wen, and C. Papamanthou, "Hawk: The blockchain model of cryptography and privacy-preserving smart contracts," in 2016 IEEE symposium on security and privacy (SP). IEEE, 2016, pp. 839--858.Google Scholar
- V. Lyubashevsky, C. Peikert, and O. Regev, "On ideal lattices and learning with errors over rings," in Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 2010, pp. 1--23. Google Scholar
Digital Library
- I. Meckler and E. Shapiro, "Coda: Decentralized cryptocurrency at scale," O (1) Labs whitepaper. May, vol. 10, p. 4, 2018.Google Scholar
- P. L. Montgomery, "Modular multiplication without trial division," Mathematics of computation, vol. 44, no. 170, pp. 519--521, 1985.Google Scholar
Cross Ref
- G. Orlando and C. Paar, "A scalable gf (p) elliptic curve processor architecture for programmable hardware," in International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 2001, pp. 348--363. Google Scholar
Digital Library
- B. Parno, J. Howell, C. Gentry, and M. Raykova, "Pinocchio: Nearly practical verifiable computation," in 2013 IEEE Symposium on Security and Privacy. IEEE, 2013, pp. 238--252. Google Scholar
Digital Library
- N. Pippenger, "On the evaluation of powers and related problems," in 17th Annual Symposium on Foundations of Computer Science (sfcs 1976). IEEE, 1976, pp. 258--263. Google Scholar
Digital Library
- O. Regev, "On lattices, learning with errors, random linear codes, and cryptography," Journal of the ACM (JACM), vol. 56, no. 6, pp. 1--40, 2009. Google Scholar
Digital Library
- M. S. Riazi, K. Laine, B. Pelton, and W. Dai, "HEAX: An Architecture for Computing on Encrypted Data," in Proceedings of the 25th International Conference on Architectural Support for Programming Languages and Operating Systems. ACM, 2020, pp. 1295--1309. Google Scholar
Digital Library
- S. S. Roy, F. Turan, K. Jarvinen, F. Vercauteren, and I. Verbauwhede, "Fpga-based high-performance parallel architecture for homomorphic computing on encrypted data," in 2019 IEEE International Symposium on High Performance Computer Architecture (HPCA). IEEE, 2019, pp. 387--398.Google Scholar
- E. B. Sasson, A. Chiesa, C. Garman, M. Green, I. Miers, E. Tromer, and M. Virza, "Zerocash: Decentralized anonymous payments from bitcoin," in 2014 IEEE Symposium on Security and Privacy. IEEE, 2014, pp. 459--474. Google Scholar
Digital Library
- S. Setty, "Spartan: Efficient and general-purpose zksnarks without trusted setup," in Annual International Cryptology Conference. Springer, 2020, pp. 704--737.Google Scholar
- T.-W. Sze, "Schönhage-strassen algorithm with mapreduce for multiplying terabit integers," in Proceedings of the 2011 International Workshop on Symbolic-Numeric Computation, 2012, pp. 54--62. Google Scholar
Digital Library
- H. Wu, W. Zheng, A. Chiesa, R. A. Popa, and I. Stoica, "DIZK: A distributed zero knowledge proof system," in 27th USENIX Security Symposium (USENIX Security 18). Baltimore, MD: USENIX Association, Aug. 2018, pp. 675--692. [Online]. Available: https://www.usenix.org/conference/usenixsecurity18/presentation/wu Google Scholar
Digital Library
- J. Zhang, Z. Fang, Y. Zhang, and D. Song, "Zero knowledge proofs for decision tree predictions and accuracy," in Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, 2020, pp. 2039--2053. Google Scholar
Digital Library
- Y. Zhang, D. Genkin, J. Katz, D. Papadopoulos, and C. Papamanthou, "vsql: Verifying arbitrary sql queries over dynamic outsourced databases," in 2017 IEEE Symposium on Security and Privacy (SP). IEEE, 2017, pp. 863--880.Google Scholar
- Y. Zhang, D. Genkin, J. Katz, D. Papadopoulos, and C. Papamanthou, "A zero-knowledge version of vsql." IACR Cryptol. ePrint Arch., vol. 2017, p. 1146, 2017.Google Scholar
- Z. Zhao and T.-H. H. Chan, "How to vote privately using bitcoin," in International Conference on Information and Communications Security. Springer, 2015, pp. 82--96.Google Scholar
Index Terms
(auto-classified)PipeZK: accelerating zero-knowledge proof with a pipelined architecture




Comments