#zero-knowledge-proofs #zero-knowledge #zk #signature #crypto

nightly bin+lib reverie-zk

An efficient implementation of the NIZKPoK outlined in KKW 2018

3 unstable releases

0.3.2 Nov 1, 2022
0.2.1-rc.4 Apr 6, 2021
0.2.1-rc.3 Dec 3, 2020

#2363 in Cryptography

AGPL-3.0

145KB
4K SLoC

Reverie

An efficient implementation of the NIZKPoK outlined in KKW 2018

CI

Reverie is an implementation (prover and verifier) of the MPC-in-the-head NIZKPoK outlined in Improved Non-Interactive Zero Knowledge with Applications to Post-Quantum Signatures. Reverie seeks to offer concrete prover efficiency (linear proving time with small constants) for complex predicates. The implementation seeks to offer 128-bits of (classical) security and support arbitrary rings, most efficiently Z2 and Z64.

Reverie provides both a library (with a simplified and a streaming interface), in addition to a CLI program for proving/verifying statements specified in Bristol format to enable easy experimentation.

Running

Reverie requires a relatively recent nightly Rust.

Using SSE+AESNI

time RUSTFLAGS="-C target-cpu=native -C target-feature=+aes,+ssse3,+sse2" cargo run --release

Or even better with AVX2+AESNI

time RUSTFLAGS="-C target-cpu=native -C target-feature=+aes,+ssse3,+sse2,+avx2" cargo run --release

Improvements in 0.3+

  • Pack 8 instances of 8 players over GF(2) into a single 64-bit integer (see gist for details).
  • Switch to AES with AESNI
  • Just-in-time preprocessing to condense proving into a single pass

Dependencies

~21–32MB
~586K SLoC