Skip to content
Rust library for decentralized private computation
Rust Shell
Branch: master
Clone or download

Latest commit

gakonst Optimize Groth16 memory and run-time performance (#171)
* fix: do not evaluate the polynomial twice

* chore: fix example

* perf(groth16): remove clones and use rayon where possible

* chore(groth16): abstract function for calculating a/bg1/bg2

* perf(groth16): remove redundant clone

* perf(groth16): remove redundant clone

* generalize evaluation function

* chore: simplify return value of witness_map

* chore: further simplify coefficient calculation

* fix(r1cs-to-qap): ensure constraint evaluation works without rayon
Latest commit 9dabb3c Apr 6, 2020


Type Name Latest commit message Commit time
Failed to load latest commit information.
.cargo Initial release Apr 2, 2019
.hooks Update digest requirement from 0.7 to 0.8 (#141) Mar 16, 2020
algebra-benches Remove unnecessary criterion dependency Mar 3, 2020
algebra-core MNT4/6 curves and recursive SNARKs (#150) Apr 4, 2020
algebra MNT4/6 curves and recursive SNARKs (#150) Apr 4, 2020
bench-utils Fix incorrect feature name in bench-utils Feb 5, 2020
cp-benches Update digest requirement from 0.7 to 0.8 (#141) Mar 16, 2020
crypto-primitives MNT4/6 curves and recursive SNARKs (#150) Apr 4, 2020
dpc Update `derivative` requirement from 1 to 2 (#140) Mar 16, 2020
ff-fft Add missing LICENSE files in `ff-fft` Mar 16, 2020
gm17 Re-export derivation from algebra. Mar 7, 2020
groth16 Optimize Groth16 memory and run-time performance (#171) Apr 6, 2020
r1cs-core Refactor `algebra` API, split into `algebra` and `algebra-core`. (#100) Feb 27, 2020
r1cs-std MNT4/6 curves and recursive SNARKs (#150) Apr 4, 2020
scripts Add a pre-commit hook for rustfmt (#102) Mar 5, 2020
.gitignore no_std for algebra and r1cs-core (#76) Jan 31, 2020
.travis.yml Add a pre-commit hook for rustfmt (#102) Mar 5, 2020
AUTHORS Initial release Apr 2, 2019
Cargo.toml Implement CanonicalSerialize/Deserialize improvements (#109) Mar 3, 2020
LICENSE-APACHE Initial release Apr 2, 2019
LICENSE-MIT Initial release Apr 2, 2019 Add badge from Jan 28, 2020
rustfmt.toml Initial release Apr 2, 2019

ZEXE (Zero knowledge EXEcution)

ZEXE (pronounced /zeksē/) is a Rust library for decentralized private computation.

This library was initially developed as part of the paper "ZEXE: Enabling Decentralized Private Computation", and it is released under the MIT License and the Apache v2 License (see License).

WARNING: This is an academic proof-of-concept prototype, and in particular has not received careful code review. This implementation is NOT ready for production use.


This library implements a ledger-based system that enables users to execute offline computations and subsequently produce publicly-verifiable transactions that attest to the correctness of these offline executions. The transactions contain zero-knowledge succinct arguments (zkSNARKs) attesting to the correctness of the offline computations, and provide strong notions of privacy and succinctness.

  • Privacy - transactions reveal no information about the offline computation.
  • Succinctness - transactions can be validated in time that is independent of the offline computation.
  • Application isolation - malicious applications cannot affect the execution of honest applications.
  • Application interaction - applications can safely communicate with each other.

Informally, the library provides the ability to create transactions that run arbitrary (Turing-complete) scripts on hidden data stored on the ledger. In more detail, the library implements a cryptographic primitive known as decentralized private computation (DPC) schemes, which are described in detail in the ZEXE paper.

Directory structure

This repository contains several Rust crates that implement the different building blocks of ZEXE. The high-level structure of the repository is as follows.

  • algebra: Rust crate that provides finite fields and elliptic curves
  • crypto-primitives: Rust crate that implements some useful cryptographic primitives (and constraints for them)
  • dpc: Rust crate that implements DPC schemes (the main cryptographic primitive in this repository)
  • ff-fft: Rust crate that provides efficient finite field polynomial arithmetic based on finite field FFTs
  • r1cs-core: Rust crate that defines core interfaces for a Rank-1 Constraint System (R1CS)
  • r1cs-std: Rust crate that provides various gadgets used to construct R1CS
  • gm17: Rust crate that implements the zkSNARK of Groth and Maller
  • groth16: Rust crate that implements the zkSNARK of Groth

In addition, there is a bench-utils crate which contains infrastructure for benchmarking. This crate includes macros for timing code segments and is used for profiling the building blocks of ZEXE.

Build guide

The library compiles on the stable toolchain of the Rust compiler. To install the latest version of Rust, first install rustup by following the instructions here, or via your platform's package manager. Once rustup is installed, install the Rust toolchain by invoking:

rustup install stable

After that, use cargo, the standard Rust build tool, to build the library:

git clone
cd zexe/dpc
cargo build --release

This library comes with unit tests for each of the provided crates. Run the tests with:

cargo test

Lastly, this library comes with benchmarks for the following crates:

These benchmarks require the nightly Rust toolchain; to install this, run rustup install nightly. Then, to run benchmarks, run the following command:

cargo +nightly bench


ZEXE is licensed under either of the following licenses, at your discretion.

Unless you explicitly state otherwise, any contribution submitted for inclusion in ZEXE by you shall be dual licensed as above (as defined in the Apache v2 License), without any additional terms or conditions.

Reference paper

ZEXE: Enabling Decentralized Private Computation
Sean Bowe, Alessandro Chiesa, Matthew Green, Ian Miers, Pratyush Mishra, Howard Wu
IEEE S&P 2020 (IACR ePrint Report 2018/962)


This work was supported by: a Google Faculty Award; the National Science Foundation; the UC Berkeley Center for Long-Term Cybersecurity; and donations from the Ethereum Foundation, the Interchain Foundation, and Qtum.

Some parts of the finite field arithmetic, elliptic curve arithmetic, FFTs, and multi-threading infrastructure in the algebra crate have been adapted from code in the ff, pairing, and bellman crates, developed by Sean Bowe and others from Zcash.

You can’t perform that action at this time.