Accelerating Post-Quantum Secure zkSNARKs and Privacy-Preserving Frameworks

Abstract

Zero-knowledge succinct non-interactive arguments of knowledge (zkSNARKs) are gaining widespread adoption across various applications. Despite significant progress in developing post-quantum secure zkSNARKs, current schemes still encounter notable challenges, particularly regarding computational complexity. This thesis proposes utilizing the Cantor special basis (Cantor, 1989) to enhance post-quantum secure zkSNARKs operating over binary extension fields. By adopting this basis, the additive fast Fourier transform (FFT) algorithm employed in Aurora (Ben-Sasson et al., 2019), a plausible post-quantum secure zkSNARK, is optimized by replacing the previously utilized Gao-Mateer FFT (Gao and Mateer, 2010) with the more efficient Cantor FFT (Cantor, 1989). The implementation demonstrates substantial reductions in computation time for Aurora, indicating potential performance improvements for other zkSNARK systems reliant on additive FFTs. A thorough theoretical analysis of the computational complexity of the Cantor FFT algorithm is provided, including precise counts of required additions, multiplications, and precomputation overhead. Additionally, the FFT call complexity within the rank-1 constraint system (R1CS) encoding is examined for Aurora. Furthermore, this thesis includes an extensive analysis of the algorithms within Polaris (Fu and Gong, 2022), a plausible post-quantum zkSNARK protocol, by systematically decomposing its components for detailed evaluation. To address the critical need for efficient real-world implementations, a concrete GKR (Goldwasser et al., 2008) arithmetic circuit is proposed for integration into Polaris. Additionally, the efficiency of the FRI protocol (Ben-Sasson et al., 2018) within Polaris is enhanced by eliminating costly field inversion operations.

Finally, as an illustrative example of a privacy-preserving protocol utilizing zkSNARKs, a novel Anonymous Authentication Token (AAT) scheme is proposed. This scheme supports the unlinkable transfer of token ownership (AAT Ownership Transfer or AATOT), including the merging and dividing of tokens in an unlinkable manner. The construction leverages zkSNARK protocols to ensure anonymity, unlinkability, and authentication. Building upon this foundation, the Zupply framework is introduced, a decentralized system designed to maintain directed acyclic graphs (DAGs) of authentic data records. Zupply operates atop a permissionless blockchain equipped with smart contracts, offering a trustless environment that preserves participant anonymity and unlinkability. At the same time, the integrity and authenticity of data records are ensured across the entire supply chain ecosystem. Optimized arithmetic circuits are designed and implemented within the Zupply framework to minimize proof sizes and verification costs. Post-quantum secure solutions are concurrently explored to future-proof the framework against quantum computing advancements. The implementation of Zupply is carried out in C++ and Solidity, utilizing two distinct zkSNARK protocols: Groth16 (Groth, 2016) and Aurora. The Groth16 zkSNARK, while vulnerable to quantum attacks, provides computational efficiency and reduced operational costs, thereby demonstrating Zupply’s practicality for real-world decentralized supply chain management (SCM) systems. In contrast, the Aurora zkSNARK is designed to be plausibly secure against quantum-capable adversaries. A comparative analysis of computation efficiency and proof sizes between these two zkSNARK variants is conducted.