Cooperation with UC Berkeley, two papers published in Cryptology ePrint Archive

2018-11-30 17:05


在此次技术战略合作主要方向为 :Zero Knowledge Proofs and Blockchain Applications(零知识证明及其在区块链中的应用)。






Zexe: Enabling Decentralized Private Computation

Aurora: Transparent Succinct Arguments for R1CS

以上《Zexe: Enabling Decentralized Private Computation》论文主要由Sean Bowe, Alessandro Chiesa, Matthew D. Green, Ian Miers, Pratyush Mishra, Howard Wu等研究人员撰写完成并发表于Cryptology ePrint Archive,其中论文撰写均来自于zcash、伯克利大学、约翰霍普金斯大学等联合发表;而《Aurora: Transparent Succinct Arguments for R1CS》是由来自Eli Ben-Sasson, Alessandro Chiesa, Michael Riabzev, Nicholas Spooner, Madars Virza, Nicholas P. Ward等来自伯克利大学、以色列理工学院、麻省理工学院多媒体实验室联合发表于Cryptology ePrint Archive 上的论文。


Department of Electrical Engineering and Computer Science

Alessandro Chiesa

Alessandro Chiesa于2015年夏天加入加州大学伯克利分校(UC Berkeley)。在此之前,他曾在苏黎世联邦理工学院(ETH Zurich)担任博士后研究员,师从托马斯•霍伦斯坦(Thomas Holenstein)教授。他的研究涵盖了复杂性理论、密码学和安全等领域,重点研究了“零知识证明”的理论基础和实际应用。他同时也是Zerocash协议的共同发起人,Zcash公司的联合创始人,也是libsnark的作者,libsnark是领先的开源库,致力于简洁的零知识证明。

Zexe: Enabling Decentralized Private Computation


Ledger-based systems that enable rich applications often suffer from two limitations. First, validating a transaction requires re-executing the state transition that it attests to. Second, transactions not only reveal which application had a state transition but also reveal the application’s internal state. Unfortunately, expensive re-execution and lack of privacy rule out many use cases. We design, implement, and evaluate Zexe, a ledger-based system where users can execute offline computations and subsequently produce transactions, attesting to the correctness of these computations, that satisfy two main properties. First, transactions hide all information about the offline computations. Second, transactions can be validated by anyone in constant time, regardless of the offline computation. The core of Zexe is a protocol for a new cryptographic primitive that we introduce, decentralized private computation (DPC). The security guarantees of DPC are concisely expressed via an ideal functionality, which our protocol provably achieves. In order to achieve an efficient implementation of our protocol, we leverage tools in the area of cryptographic proofs, including succinct zero knowledge proofs and recursive proof composition. Overall, transactions in Zexe are 968 bytes regardless of the offline computation, and generating them takes less than 2 minutes plus a time that grows with the offline computation. To facilitate real-world deployments, Zexe also provides support for delegating the process of producing a transaction to an untrusted worker, and support for threshold transactions and blind transactions.