TY - GEN
T1 - VERIZEXE
T2 - 32nd USENIX Security Symposium, USENIX Security 2023
AU - Xiong, Alex Luoyuan
AU - Chen, Binyi
AU - Zhang, Zhenfei
AU - Bünz, Benedikt
AU - Fisch, Ben
AU - Krell, Fernando
AU - Camacho, Philippe
N1 - Publisher Copyright:
© USENIX Security 2023. All rights reserved.
PY - 2023
Y1 - 2023
N2 - Traditional blockchain systems execute program state transitions on-chain, requiring each network node participating in state-machine replication to re-compute every step of the program when validating transactions. This limits both scalability and privacy. Recently, Bowe et al. introduced a primitive called decentralized private computation (DPC) and provided an instantiation called ZEXE, which allows users to execute arbitrary computations off-chain without revealing the program logic to the network. Moreover, transaction validation takes only constant time, independent of the off-chain computation. However, ZEXE required a separate trusted setup for each application, which is highly impractical. Prior attempts to remove this per-application setup incurred significant performance loss. We propose a new DPC instantiation VERIZEXE that is highly efficient and requires only a single universal setup to support an arbitrary number of applications. Our benchmark improves the state-of-the-art by 9x in transaction generation time and by 3.4x in memory usage. Along the way, we also design efficient gadgets for variable-base multi-scalar multiplication and modular arithmetic within the PLONK constraint system, leading to a PLONK verifier gadget using only ∼ 21k constraints.
AB - Traditional blockchain systems execute program state transitions on-chain, requiring each network node participating in state-machine replication to re-compute every step of the program when validating transactions. This limits both scalability and privacy. Recently, Bowe et al. introduced a primitive called decentralized private computation (DPC) and provided an instantiation called ZEXE, which allows users to execute arbitrary computations off-chain without revealing the program logic to the network. Moreover, transaction validation takes only constant time, independent of the off-chain computation. However, ZEXE required a separate trusted setup for each application, which is highly impractical. Prior attempts to remove this per-application setup incurred significant performance loss. We propose a new DPC instantiation VERIZEXE that is highly efficient and requires only a single universal setup to support an arbitrary number of applications. Our benchmark improves the state-of-the-art by 9x in transaction generation time and by 3.4x in memory usage. Along the way, we also design efficient gadgets for variable-base multi-scalar multiplication and modular arithmetic within the PLONK constraint system, leading to a PLONK verifier gadget using only ∼ 21k constraints.
UR - http://www.scopus.com/inward/record.url?scp=85176142231&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85176142231&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85176142231
T3 - 32nd USENIX Security Symposium, USENIX Security 2023
SP - 4445
EP - 4462
BT - 32nd USENIX Security Symposium, USENIX Security 2023
PB - USENIX Association
Y2 - 9 August 2023 through 11 August 2023
ER -