ZEXE (Zero knowledge EXEcution)
ZEXE (pronounced /zeksē/) is a Rust library for decentralized private computation.
WARNING: This is an academic proof-of-concept prototype, and in particular has not received careful code review. This implementation is NOT ready for production use.
This library implements a ledger-based system that enables users to execute offline computations and subsequently produce publicly-verifiable transactions that attest to the correctness of these offline executions. The transactions contain zero-knowledge succinct arguments (zkSNARKs) attesting to the correctness of the offline computations, and provide strong notions of privacy and succinctness.
- Privacy - transactions reveal no information about the offline computation.
- Succinctness - transactions can be validated in time that is independent of the offline computation.
- Application isolation - malicious applications cannot affect the execution of honest applications.
- Application interaction - applications can safely communicate with each other.
Informally, the library provides the ability to create transactions that run arbitrary (Turing-complete) scripts on hidden data stored on the ledger. In more detail, the library implements a cryptographic primitive known as decentralized private computation (DPC) schemes, which are described in detail in the ZEXE paper.
This repository contains several Rust crates that implement the different building blocks of ZEXE. The high-level structure of the repository is as follows.
algebra-core: Rust crate that provides generic arithmetic for finite fields and elliptic curves
algebra: Rust crate that provides concrete instantiations of some finite fields and elliptic curves
crypto-primitives: Rust crate that implements some useful cryptographic primitives (and constraints for them)
dpc: Rust crate that implements DPC schemes (the main cryptographic primitive in this repository)
ff-fft: Rust crate that provides efficient finite field polynomial arithmetic based on finite field FFTs
r1cs-core: Rust crate that defines core interfaces for a Rank-1 Constraint System (R1CS)
r1cs-std: Rust crate that provides various gadgets used to construct R1CS
gm17: Rust crate that implements the zkSNARK of Groth and Maller
groth16: Rust crate that implements the zkSNARK of Groth
In addition, there is a
bench-utils crate which contains infrastructure for benchmarking. This crate includes macros for timing code segments and is used for profiling the building blocks of ZEXE.
The library compiles on the
stable toolchain of the Rust compiler. To install the latest version of Rust, first install
rustup by following the instructions here, or via your platform's package manager. Once
rustup is installed, install the Rust toolchain by invoking:
rustup install stable
After that, use
cargo, the standard Rust build tool, to build the library:
git clone https://github.com/scipr-lab/zexe.git cd zexe/dpc cargo build --release
This library comes with unit tests for each of the provided crates. Run the tests with:
This library comes with benchmarks for the following crates:
These benchmarks require the nightly Rust toolchain; to install this, run
rustup install nightly. Then, to run benchmarks, run the following command:
cargo +nightly bench
mulxq instructions can lead to a 30-70% speedup. These are available on most
x86_64 platforms (Broadwell onwards for Intel and Ryzen onwards for AMD). Run the following command:
RUSTFLAGS="-C target-feature=+bmi2,+adx" cargo +nightly test/build/bench --features asm
Tip: If optimising for performance, your mileage may vary with passing
algebra-benches with greater accuracy, especially for functions with execution times on the order of nanoseconds, use the
n_fold feature to run selected functions 1000x per iteration. To run with multiple features, make sure to double quote the features.
cargo +nightly bench --features "n_fold bls12_381"
ZEXE is licensed under either of the following licenses, at your discretion.
- Apache License Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
Unless you explicitly state otherwise, any contribution submitted for inclusion in ZEXE by you shall be dual licensed as above (as defined in the Apache v2 License), without any additional terms or conditions.
This work was supported by: a Google Faculty Award; the National Science Foundation; the UC Berkeley Center for Long-Term Cybersecurity; and donations from the Ethereum Foundation, the Interchain Foundation, and Qtum.
Some parts of the finite field arithmetic, elliptic curve arithmetic, FFTs, and multi-threading infrastructure in the
algebra crate have been adapted from code in the
bellman crates, developed by Sean Bowe and others from Zcash.