1. 引言
等人2020年论文《Simulation Extractable Versions of Groth’s zk-SNARK Revisited》,开源代码实现见:
- https://github.com/Baghery/ABPR22(Rust,基于arkworks开发。使用了Multi-Scalar Multiplication (MSM)技术来优化 G 2 G_2 G2和 G T G_T GT的exponentiation运算。)
以 Ubuntu 20.4.2 LTS操作系统,Intel Core i9-9900 processor at base frequency 3.1 GHz,128GB内存台式计算机为例,对不同曲线的性能进行了对比:(对每个约束,Prover重复100次,Verifier重复1万次。Prover以16个线程的多线程模式运行,Verifier为单线程模式。)
| Curve | zk-SNARK | Secuiry | PCPT, ns | Proof, bytes | Verifier, 1 proof | Verifier, 100 proofs | Verifier, 1000 proofs |
|---|---|---|---|---|---|---|---|
| BLS12-381 | Gro16 | Weak SE | 5026 | 127.5 | 1.90 ms | 0.19 sec | 1.90 sec |
| BLS12-381 | GM17 | Strong SE | 11042 | 127.5 | 3.32 ms | 0.322 sec | 3.32 sec |
| BLS12-381 | BG18 | Strong SE | 5052 | 223.1 | 3.52 ms | 0.352 sec | 3.52 sec |
| BLS12-381 | ABPR21-CRH | Strong SE | 5042 | 223.1 | 4.85 ms | 0.360 sec | 3.50 sec |
| BLS12-381 | ABPR21-RO | Strong SE | 5041 | 191.2 | 2.39 ms | 0.194 sec | 1.91 sec |
| MNT4-298 | Gro16 | Weak SE | 4830 | 149.0 | 2.67 ms | 0.267 sec | 2.67 sec |
| MNT4-298 | GM17 | Strong SE | 10025 | 149.0 | 3.80 ms | 0.380 sec | 3.80 sec |
| MNT4-298 | BG18 | Strong SE | 4879 | 260.7 | 4.32 ms | 0.432 sec | 4.32 sec |
| MNT4-298 | ABPR21-CRH | Strong SE | 4881 | 260.7 | 4.45 ms | 0.311 sec | 3.05 sec |
| MNT4-298 | ABPR21-RO | Strong SE | 4875 | 223.5 | 3.33 ms | 0.271 sec | 2.68 sec |
| MTN6-298 | Gro16 | Weak SE | 5794 | 186.2 | 4.94 ms | 0.494 sec | 4.91 sec |
| MTN6-298 | GM17 | Strong SE | 11427 | 186.2 | 7.07 ms | 0.707 sec | 7.07 sec |
| MTN6-298 | BG18 | Strong SE | 5831 | 335.2 | 8.07 ms | 0.807 sec | 8.07 sec |
| MTN6-298 | ABPR21-CRH | Strong SE | 5824 | 335.2 | 8.34 ms | 0.582 sec | 5.72 sec |
| MTN6-298 | ABPR21-RO | Strong SE | 5810 | 298.0 | 6.11 ms | 0.501 sec | 4.97 sec |
| MNT4-753 | Gro16 | Weak SE | 30247 | 376.5 | 29.1 ms | 2.91 sec | 29.1 sec |
| MNT4-753 | GM17 | Strong SE | 83120 | 376.5 | 41.6 ms | 4.16 sec | 41.6 sec |
| MNT4-753 | BG18 | Strong SE | 30863 | 658.8 | 47.3 ms | 4.73 sec | 47.3 sec |
| MNT4-753 | ABPR21-CRH | Strong SE | 30887 | 658.8 | 45.5 ms | 3.41 sec | 33.8 sec |
| MNT4-753 | ABPR21-RO | Strong SE | 30760 | 564.7 | 33.9 ms | 2.94 sec | 29.2 sec |
| MTN6-753 | Gro16 | Weak SE | 33298 | 470.6 | 53.6 ms | 5.36 sec | 53.6 sec |
| MTN6-753 | GM17 | Strong SE | 83121 | 470.6 | 76.9 ms | 7.69 sec | 76.9 sec |
| MTN6-753 | BG18 | Strong SE | 33358 | 847.1 | 88.5 ms | 8.85 sec | 88.5 sec |
| MTN6-753 | ABPR21-CRH | Strong SE | 33359 | 847.1 | 85.4 ms | 6.33 sec | 63.1 sec |
| MTN6-753 | ABPR21-RO | Strong SE | 33345 | 753.0 | 64.4 ms | 5.42 sec | 53.8 sec |
简称说明:
- SE = Simulation Extractable
- PCPT = Per-Constraint Proving Time
- ns = nanoseconds
- RO = Random Oracle
- CRH = Collision Resistant Hash
本文方案与Groth16、GM17等方案性能对比为:
![[世界读书日] 最好的书,都在博雅之中](https://img-blog.csdnimg.cn/img_convert/573e864309bd18cea56fb5bd68aaa89b.jpeg)
