The image is made by Bing Image Creator (Powered by DALL·E 3)
This repository is an implementation of zRA protocol, a non-interactive method for constructing a transparent remote attestation (RA) protocol based on zkSNARKs.
This protocol eliminates the need for online and trusted services during attestation. The protocol provides a publicly verifiable attestation mechanism with generating ZK proofs for pre-image solutions for commitments within a specialized Merkle tree. In other words, zRA requires the device (prover) to demonstrate knowledge of specific values (challenge, response, and public_key) that when combined and hashed, result in a leaf within the Merkle tree. In practice, this approach can be viewed as an adaptation of the Tornado-cash protocol to enhance remote attestation.
Watch the following video presentation of the zRA protocol at NDSS-24:
The initial paper of this protocol has been accepted/published as part of the NDSS'24 Conference.
For more details on the building blocks, performance and security analysis of zRA, we advise you to check the manuscript, available at NDSS'24.
Title: From Interaction to Independence: zkSNARKs for Transparent and Non-Interactive Remote Attestation
Authors: Shahriar Ebrahimi, Parisa Hassanizadeh
Conference: NDSS 2024
PDF of the Camera-Ready Version: NDSS24.pdf
If you have used this repo to develop a research work or product, please cite our paper:
@inproceedings{zra:NDSS24,
title = {From Interaction to Independence: zkSNARKs for Transparent and Non-Interactive Remote Attestation},
author = {Ebrahimi, Shahriar and Hassanizadeh, Parisa},
booktitle = {Proceedings of the 31st Annual Network and Distributed System Security Symposium (NDSS'24)},
address = {San Diego, CA},
month = {February},
year = 2024
}
All of the experiments are reproducible on commodity hardware using Linux-based operating systems. We have provided pre-built executable/binary files in the repository that can be used easily for benchmarking.
All of the benchmarks are also have been done successfully on the following tiny boards:
- ASUS TinkerBoard
- Raspberry Pi Zero 2W
The only preparation that is required to execute benchmarks is installing "node js and snarkjs package" that can be done in any OS easily as follows:
For Installing Node JS:
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.3/install.sh | bash
source ~/.bashrc
nvm install v16.20.0
Note
in rare cases (miss-configured Linux distros), if you got an error stating that version "v16.20.0" was not found; following command might help:
export NVM_NODEJS_ORG_MIRROR=http://nodejs.org/dist
For installing snarkjs:
npm install -g snarkjs
-
clone the repository with following command:
git clone https://github.com/zero-savvy/zk-remote-attestation.git
-
go to the benchmark directory:
cd zk-remote-attestation/benchmarking
-
We have prepared a script for benchmark. Simply give it execution permissions:
chmod +x script.sh
-
Run the benchmarks!
The script takes two inputs: 1) number of tests, and 2) the test name [choose fromra10
,ra20
,ra30
, andra40
].
Example 1: running proofs of attestation tree with height of 30 for 10 times:
./script.sh 10 ra30
Example 2: running proofs of attestation tree with height of 20 for 5 times:
./script.sh 5 ra20
Sample output: The script reports the average time for generating witness and the proof. Below is a sample output:
Average witness generation time: 0.4152 seconds
Average proof generation time: 0.7881 seconds
Note
Please note that depending on the system, generating witnesses and proofs can take time. since the generation times are usually consistent, we suggest trying the benchmark with small number of tests (e.g. 5 or 10) before running higher number of tests.
Implementation of zRA could not be possible without the following open-source projects and we appreciate all the efforts done by the community. Especially, we have used following repositories to build zRA:
[1] Circom: For building and compiling ZK circuits.
[2] CircomLib: Used for globaly tested POSEIDON implementations on Circom.
[3] Tronado-Core: Used for audited implementations of MerkleTree proofs on Circom.
[4] Circom-compatible POSEIDON implementation in JavaScript: Shoutout to @BigWhaleLabs for the accurate implementation of POSEIDON that is compatible with CircomLib.
This work is licensed under Attribution-NonCommercial 4.0 International