Download - C: There’s a SNARK for That
![Page 1: C: There’s a SNARK for That](https://reader035.vdocuments.net/reader035/viewer/2022062301/568137df550346895d9f82dc/html5/thumbnails/1.jpg)
C: There’s a SNARK for That
Alessandro Chiesa
Daniel Genkin
Eli Ben-Sasson
Eran Tromer
Madars Virza
& Co.
![Page 2: C: There’s a SNARK for That](https://reader035.vdocuments.net/reader035/viewer/2022062301/568137df550346895d9f82dc/html5/thumbnails/2.jpg)
2
Problem: integrity on untrusted platform
• Faults• Someone else’s cloud• Platform trojans• Blue pill• OS bugs• Untrusted data origins• Crypto protocols
![Page 3: C: There’s a SNARK for That](https://reader035.vdocuments.net/reader035/viewer/2022062301/568137df550346895d9f82dc/html5/thumbnails/3.jpg)
3
Solution:zk-SNARKs
Argument
AKA• Non-interactive CS
proofs of knowledge
• Succint NIZK
For Cprograms
with pointersand loops
NoninteractiveArgument
SuccintNoninteractiveArgument
SuccintNoninteractiveArgument of Knowledge
zero knowledgeSuccintNoninteractiveArgument of Knowledge
![Page 4: C: There’s a SNARK for That](https://reader035.vdocuments.net/reader035/viewer/2022062301/568137df550346895d9f82dc/html5/thumbnails/4.jpg)
#include <tinyram.h>#define LEN 16
int main() { int state[256], stream[LEN]; int i, j, t, k;
for (i=0; i < 256; ++i) state[i] = i;
/* KSA: mix in key */ k = 0; j = 0; for (i=0; i < 256; ++i) { t = state[i]; keybyte = read_aux_input_tape(); j = (j + t + keybyte) & 0xFF; state[i] = state[j]; state[j] = t; }
/* PRGA: produce stream */ i=0; j=0; for (k=0; k < LEN; k++) { i = (i + 1) & 0xFF; t = state[i]; j = (j + t) & 0xFF; state[i] = state[j]; state[j] = t; stream[k] = state[(state[i] + state[j]) & 0xFF]; }
/* compare with the claim */ for (i=0; i < LEN; i++) if (stream[i] != read_primary_input_tape()) { return 1; return 0;}
![Page 5: C: There’s a SNARK for That](https://reader035.vdocuments.net/reader035/viewer/2022062301/568137df550346895d9f82dc/html5/thumbnails/5.jpg)
5
![Page 6: C: There’s a SNARK for That](https://reader035.vdocuments.net/reader035/viewer/2022062301/568137df550346895d9f82dc/html5/thumbnails/6.jpg)
6
Compiler
C program
based on GCC
TinyRAM program
![Page 7: C: There’s a SNARK for That](https://reader035.vdocuments.net/reader035/viewer/2022062301/568137df550346895d9f82dc/html5/thumbnails/7.jpg)
7
Spec: http://scipr-lab.org/tinyram
shiftsArithmetic comparison,
BranchesMemory load/storeInput tapes read
TinyRAM architecture for fast verification
![Page 8: C: There’s a SNARK for That](https://reader035.vdocuments.net/reader035/viewer/2022062301/568137df550346895d9f82dc/html5/thumbnails/8.jpg)
8
circuit
Compiler
Circuit Generator
C program
based on theoryof [BCGT13]
based on GCC
TinyRAM program
![Page 9: C: There’s a SNARK for That](https://reader035.vdocuments.net/reader035/viewer/2022062301/568137df550346895d9f82dc/html5/thumbnails/9.jpg)
9
Converting TinyRAM verification to circuit satisfiability
![Page 10: C: There’s a SNARK for That](https://reader035.vdocuments.net/reader035/viewer/2022062301/568137df550346895d9f82dc/html5/thumbnails/10.jpg)
10
circuit
Compiler
Circuit Generator
C program
zkSNARK for CircuitSAT
based on theoryof [BCGT13]
based on theoryof [GGPR13] [BCIOP13]
based on GCC
TinyRAM program
![Page 11: C: There’s a SNARK for That](https://reader035.vdocuments.net/reader035/viewer/2022062301/568137df550346895d9f82dc/html5/thumbnails/11.jpg)
“I know an RC4 key producing26 41 5B C4 4C EC ED 6C 89 99 68 E1 82 04 DE”
11
322-byte proof
![Page 12: C: There’s a SNARK for That](https://reader035.vdocuments.net/reader035/viewer/2022062301/568137df550346895d9f82dc/html5/thumbnails/12.jpg)
“The execution of arbitrary C programs
can be verified in a few millisecondsand 322 bytes”
http://scipr-lab.orgWhat Would you Like to Prove Today?