emp-zk icon indicating copy to clipboard operation
emp-zk copied to clipboard

Published 20 hours ago verified publisher icon emp-toolkit

Efficient VOLE for one-shot zero-knowledge proofs

Open weikengchen opened this issue 4 years ago • 3 comments

This issue is just to leave a note. It is mainly an engineering addition.

Currently, we generate the offline materials in big batches of N. This is because efficient LPN map K -> N is often "big". Therefore, even if two parties are proving very small statements, the one-shot time is not small.

There are many solutions to this:

  1. When computing the LPN map K -> N, we instead just compute K -> N' where N' < N. The limitation is that it does not fully use K, and K could be smaller if one computes the parameters more carefully.

  2. Use the original OT extension.

Both might be worthwhile of looking.

weikengchen avatar Mar 26 '21 00:03 weikengchen

Using IKNP would be bad because the communication would be high (as high as ZKGC). It is possible to reconfigure the parameter to target smaller parameters but I don't think the improvement would be that high. Are you looking at a setting where parties just come, compute and leave? (which means the one-time setup also needs to be included in the overall cost?)

wangxiao1254 avatar Mar 26 '21 02:03 wangxiao1254

Yes, I was thinking about a one-time setup. (Note: indeed in my application the circuit would be already large, so K -> N' where N' < N may be the best solution).

weikengchen avatar Mar 29 '21 05:03 weikengchen

N is 10^7, and K is ~500000, I suppose your N' is between these two numbers then.

wangxiao1254 avatar Mar 29 '21 18:03 wangxiao1254