Curdleproofs
Curdleproofs is a zero-knowledge shuffle argument inspired by BG12.
Zero-knowledge shuffle arguments can have multiple use cases:
- Secret leader election protocols
- Message shuffling in mixnets
- Universally verifiable electronic voting protocols
Documentation
The user-facing documentation for this library can be found here.
In this library, we provide high-level protocol documentation for the core [curdleproofs
] shuffle argument and its sub-arguments:
- [
same_scalar_argument
] - [
same_permutation_argument
] - [
grand_product_argument
] - [
inner_product_argument
] - [
same_multiscalar_argument
]
There are also notes on the optimizations deployed to speed up the verifier.
For all the details and the security proofs, please see the Curdleproofs paper.
Performance
The following table gives the proof size as well as timings for proving and verifying Curdleproofs on an Intel i7-8550U CPU @ 1.80GHz
over the BLS12-381 curve:
Shuffled Elements | Proving (ms) | Verification (ms) | Shuffling (ms): | Proof Size (bytes) |
---|---|---|---|---|
60 | 177 | 22 | 28 | 3968 |
124 | 304 | 27 | 57 | 4448 |
252 | 560 | 35 | 121 | 4928 |
(The number of shuffled elements above is disturbingly close to a power of two but not quite, because we reserve four elements for zero-knowledge blinders.)
Example
The following example shows how to create and verify a shuffle proof that shuffles 28 elements:
# // The #-commented lines are hidden in Rustdoc but not in raw
# // markdown rendering, and contain boilerplate code so that the
# // code in the README.md is actually run as part of the test suite.
#
# use SliceRandom;
# use UniformRand;
# use Fr;
# use G1Affine;
# use G1Projective;
# use ProjectiveCurve;
# use ;
# use iter;
#
# use N_BLINDERS;
# use ;
# use shuffle_permute_and_commit_input;
#
#
Building & Running
This library can be compiled with cargo build
and requires rust nightly.
You can run the tests using cargo test --release
and the benchmarks using cargo bench
.