From zero to HEro: zkSNARKs proof construction with HE

Abstract

In recent times, the development of the zkSNARKs protocols opens up many applications to prove the authenticity of the data, computations and also the sender without revealing the secret data with very little communication and verification cost. However, resource-constrained devices such as security cameras, mobile phones, and sensors, do not have enough memory and computation power to generate the proof. Now, outsourcing zkSNARK-proof construction leads to privacy concerns as cloud providers may learn secret information. Different from the collaborative proof generation over distributed servers [28, 23], we discuss an approach using fully homomorphic encryption to delegate the proof construction securely to the cloud server. Generating the proof of a circuit, we need to commit the polynomials which represent the constraints of the circuit. If the circuit contains n constraints, we apply the commitment scheme O(n) times. Therefore we have focused on the KZG polynomial commitment scheme which is common in most zkSNARK protocols. Now, the approach to delegate computation of the commitment generation to the cloud server contains the precomputation of elliptic curve points which results client’s high memory usage. We have presented the idea of using PIR protocols such as Vectorized BatchPIR and SimplePIR, to retrieve the precomputed points from the cloud server which reduces the user’s memory usage. We have marked some difficulties we faced with the implementation and future possibilities for improvement.