[Resource Topic] 2024/395: Notus: Dynamic Proofs of Liabilities from Zero-knowledge RSA Accumulators

Resource Cryptographic protocols
#1

Welcome to the resource topic for 2024/395

Title:
Notus: Dynamic Proofs of Liabilities from Zero-knowledge RSA Accumulators

Authors: Jiajun Xin, Arman Haghighi, Xiangan Tian, Dimitrios Papadopoulos

Abstract:

Proofs of Liabilities (PoL) allow an untrusted prover to commit to its liabilities towards a set of users and then prove independent users’ amounts or the total sum of liabilities, upon queries by users or third-party auditors. This application setting is highly dynamic. User liabilities may increase/decrease arbitrarily and the prover needs to update proofs in epoch increments (e.g., once a day for a crypto-asset exchange platform). However, prior works mostly focus on the static case and trivial extensions to the dynamic setting open the system to windows of opportunity for the prover to under-report its liabilities and rectify its books in time for the next check, unless all users check their liabilities at all epochs. In this work, we develop Notus, the first dynamic PoL system for general liability updates that avoids this issue. Moreover, it achieves O(1) query proof size, verification time, and auditor overhead-per-epoch.
The core building blocks underlying Notus are a novel zero-knowledge (and SNARK-friendly) RSA accumulator and a corresponding zero-knowledge MultiSwap protocol, which may be of independent interest. We then propose optimizations to reduce the prover’s update overhead and make Notus scale to large numbers of users (10^6 in our experiments). Our results are very encouraging, e.g., it takes less than $2$ms to verify a user’s liability and the proof size is 256 Bytes. On the prover side, deploying Notus on a cloud-based testbed with eight 32-core machines and exploiting parallelism, it takes {\sim}3 minutes to perform the complete epoch update, after which all proofs have already been computed.

ePrint: https://eprint.iacr.org/2024/395

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .