[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

What a lovely hat

Is it made out of tin foil?

Paper 2024/1873

$\mathsf{Cirrus}$: Performant and Accountable Distributed SNARK

Wenhao Wang, Yale University
Fangyan Shi, Tsinghua University
Dani Vilardell, Cornell University
Fan Zhang, Yale University
Abstract

As Succinct Non-interactive Arguments of Knowledge (SNARKs) gain traction for large-scale applications, distributed proof generation is a promising technique to horizontally scale up the performance. In such protocols, the workload to generate SNARK proofs is distributed among a set of workers, potentially with the help of a coordinator. Desiderata include linear worker time (in the size of their sub-tasks), low coordination overhead, low communication complexity, and accountability (the coordinator can identify malicious workers). State-of-the-art schemes, however, do not achieve these properties. In this paper, we introduced $\mathsf{Cirrus}$, the first accountable distributed proof generation protocol with linear computation complexity for all parties. $\mathsf{Cirrus}$ is based on HyperPlonk (EUROCRYPT'23) and therefore supports a universal trusted setup. $\mathsf{Cirrus}$ is horizontally scalable: proving statements about a circuit of size $O(MT)$ takes $O(T)$ time with $M$ workers. The per-machine communication cost of $\mathsf{Cirrus}$ is low, which is only logarithmic in the size of each sub-circuit. $\mathsf{Cirrus}$ is also accountable, and the verification overhead of the coordinator is efficient. We further devised a load balancing technique to make the workload of the coordinator independent of the size of each sub-circuit. We implemented an end-to-end prototype of $\mathsf{Cirrus}$ and evaluated its performance on modestly powerful machines. Our results confirm the horizontal scalability of $\mathsf{Cirrus}$, and the proof generation time for circuits with $2^{25}$ gates is roughly $40$s using $32$ $8$-core machines. We also compared $\mathsf{Cirrus}$ with Hekaton (CCS'24), and $\mathsf{Cirrus}$ is faster when proving PLONK-friendly circuits such as Pedersen hash.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Contact author(s)
wenhao wang @ yale edu
sfy21 @ mails tsinghua edu cn
dv296 @ cornell edu
f zhang @ yale edu
History
2024-11-18: approved
2024-11-16: received
See all versions
Short URL
https://ia.cr/2024/1873
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/1873,
      author = {Wenhao Wang and Fangyan Shi and Dani Vilardell and Fan Zhang},
      title = {$\mathsf{Cirrus}$: Performant and Accountable Distributed {SNARK}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1873},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1873}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.