Projects related to the construction and applications of SNARKs.

Current proofs in the Filecoin protocol use the Groth16 SNARK in the trusted setup. This requires writing the computation being proven as a circuit and then feed it into the SNARK process. The main limiting factors in this approach are the size of the structured common reference string CRS (which is linear in the size of the circuit) and proving time (which is quasilinear in the size of the circuit).

To reduce proving time and reference string size.

Steps: Evaluate various approaches to determine the concrete improvements in the context of Filecoin Proofs.

End of Q1 or early Q2.

March 15/30, 2022: most of implementation done

March 30/April 15, 2022: evaluation of testing results

Rosario Gennaro (DRI), Matteo Campanelli, Nicolas Gailly, Justin Thaler (Advisor)

WAKE Witness Authenticated Key Agreement allows a sender to establish a session key with a recipient who must guarantee that he knows a particular piece of secret information (a “witness” to a specific condition ... which can be formalized as an instance of an NP language). There are countless applications in decentralized systems, since this protocol allows to establish confidential communication channels based on what people “know” or “hold”, not just about who “they are”.

WAKE does not need a centralized trusted authority that issues secret keys or certificates. This makes this tool particularly interesting for decentralized applications, where parties can dynamically and flexibly confidentially connect with other parties based on common policies. Decoupling authentication and the notion of identity also allows for more flexible deniable and anonymous authentication. Examples include: Dark Pools Transactions, Chat with the same wallet, Retrieval Markets, Decentralized Anonymous Routing, etc.

Academic Paper. Proof of concept implementation.

End of Q1 or early Q2.

February 15, 2022: submit paper

March 15, 2022: polish implementation.

Rosario Gennaro (DRI), Matteo Campanelli, Luca Nizzardo, Kelsey Melissaris (student)

Assume you have a "power table" P=[p1,p2,...,pn] where pi is the "power" associated with user i. The goal is to generate a distributed signature scheme where the n parties share the power to sign messages in a way that is "proportional" to their power. In other words there is a "power threshold" p such that a collection of parties can sign if their total power is larger than p. This is a very natural problem and yet no simple solution is known. It is possible to use SNARKS to build this type of signatures (to encode a proof that the power threshold has been reached). Applications include DAO Voting, Anchoring Proof of Stake Chains to Proof of Work ones, etc.

Academic Paper. Proof of concept implementation. Blog Post.

End of Q1 or early Q2.

March 30, 2022.

Rosario Gennaro (DRI), Nicolas Gailly.