ZPiE: Zero-knowledge Proofs in Embedded systems

1. 引言

Salleras和Daza 2021年论文《 ZPiE: Zero-Knowledge Proofs in Embedded Systems》。

代码实现：

• https://github.com/xevisalle/zpie（C语言）

可以跨平台编译为X86/X64/ARM-32/ARM-64，从而支持在嵌入式平台上运行。

zyd@zyd-VirtualBox:~/zyd/zpie$ ./zpie 
******************* ZPiE v0.2 *******************
USAGE: ./zpie [ACTIONS] [OPTIONS]

[ACTIONS]:
-s : Perform setup.
-p : Generate proof.
-v : Verify proof.
-pbp   : Generate bulletproof where Nb is the bit size and Mc the number of aggregated proofs.
-vbp   : Verify bulletproof where Nb is the bit size and Mc the number of aggregated proofs.

[OPTIONS]
-l : Activate operation logs.
zyd@zyd-VirtualBox:~/zyd/zpie$ ./zpie -s
******************* ZPiE v0.2 *******************
--- Starting ZPiE - Groth'16...
  |--- # of constraints: 456
  |--- # of variables: 650
  |--- # of public outputs: 2
  |--- Multi-core execution: OFF
  |--- Elliptic curve: BN128
[SUCCESS] : Setup generated successfully in 1.095185s
zyd@zyd-VirtualBox:~/zyd/zpie$ ./zpie -p
******************* ZPiE v0.2 *******************
--- Starting ZPiE - Groth'16...
  |--- # of constraints: 456
  |--- # of variables: 650
  |--- # of public outputs: 2
  |--- Multi-core execution: OFF
  |--- Elliptic curve: BN128
  |--- Mode: Prove
  |--- FFT constraints size : 512
[SUCCESS] : ZPiE started successfully in 1.101788s

--- Computing proof...
  |--- Circuit evaluation:  [0.000170s]
  |--- Compute h coefficients:  [0.002513s]
  |--- G1, G2 multiexponentiations:  [0.448896s]
     |--- Bos-Coster:  [0.109755s]
     |--- Heap sorting:  [0.003515s]
[SUCCESS] : Proof generated successfully in 0.488291s
zyd@zyd-VirtualBox:~/zyd/zpie$ ./zpie -v
******************* ZPiE v0.2 *******************
--- Starting ZPiE - Groth'16...
  |--- # of constraints: 456
  |--- # of variables: 650
  |--- # of public outputs: 2
  |--- Multi-core execution: OFF
  |--- Elliptic curve: BN128
[SUCCESS] : Proof verified in 0.003520s
zyd@zyd-VirtualBox:~/zyd/zpie$ ./zpie -pbp 128 10
******************* ZPiE v0.2 *******************
--- Starting ZPiE - Bulletproofs...
  |--- # of bits : 128
  |--- # of aggregated proofs: 10
  |--- Multi-core execution: OFF
  |--- Elliptic curve: BN128
[ERROR] : Input values must be powers of two.
zyd@zyd-VirtualBox:~/zyd/zpie$ ./zpie -pbp 128 8
******************* ZPiE v0.2 *******************
--- Starting ZPiE - Bulletproofs...
  |--- # of bits : 128
  |--- # of aggregated proofs: 8
  |--- Multi-core execution: OFF
  |--- Elliptic curve: BN128
[SUCCESS] : Bulletproof created in 2.851989s
zyd@zyd-VirtualBox:~/zyd/zpie$ ./zpie -vbp 128 8
******************* ZPiE v0.2 *******************
--- Starting ZPiE - Bulletproofs...
  |--- # of bits : 128
  |--- # of aggregated proofs: 8
  |--- Multi-core execution: OFF
  |--- Elliptic curve: BN128
[SUCCESS] : Bulletproof verified in 1.147386s
zyd@zyd-VirtualBox:~/zyd/zpie$ 

参考资料

[1] ZPiE: Zero-Knowledge Proofs in Embedded Systems