Meier, J. (2022). Diophantine satisfiability arguments for private blockchains. Unpublished masters thesis, ETH Zurich, Zurich. 
Resource type: Thesis/Dissertation
DOI: 10.3929/ethz-b-000571918
BibTeX citation key: Meier2022

Categories: Not Monero-focused
Creators: Meier
Publisher: ETH Zurich (Zurich)

https://www.research-collection.ethz.ch/handle/20.500.11850/571918
Zero-knowledge proofs have been introduced in the 1980s, and most
of the initial interest was of theoretical nature. Since the development
of Bitcoin [25], however, blockchain technology continues to produce
exciting use-cases for zero-knowledge proofs. Prominent examples in-
clude privacy-coins, such as Zcash [2] and Monero [1], where zero-
knowledge proofs serve as a tool to build confidential transactions.
Zcash utilizes the the Groth16 proof system [19]. Groth16 offers small,
constant-sized proofs, but it requires an elaborate setup and its security
is proven only in the generic group model.

In this thesis, we consider an alternative proof system developed by
Towa and Vergnaud. [29] The proof system allows to argue knowl-
edge of a solution to a Diophantine equation and its proof size grows
logarithmically with the size of the equation. Our main contribution
is to evaluate the performance of this proof system as a replacement
of Groth16 in Zcash. To do so, the security statements of Zcash are
expressed as a Diophantine equation, and the proof size is estimated
using the theoretical upper bounds derived by Towa and Vergnaud.
In addition, we implement a prototype version of TV20 that allows to
observe the actual proof size in practice.

As a final contribution, we show how the verification time of Towa and
Vergnaud’s proof system can be lowered if one is willing to rely on
the non-standard adaptive root assumption, introduced by Wesolowski in
2018 [30].

