Skip to content

Latest commit

 

History

History
121 lines (80 loc) · 6.67 KB

README.md

File metadata and controls

121 lines (80 loc) · 6.67 KB

zRA: Proofs of Attestation based on zkSNARKs DOI

The image is made by Bing Image Creator (Powered by DALL·E 3)

This repository is an implementation of zRA protocol, a non-interactive method for constructing a transparent remote attestation (RA) protocol based on zkSNARKs.

This protocol eliminates the need for online and trusted services during attestation. The protocol provides a publicly verifiable attestation mechanism with generating ZK proofs for pre-image solutions for commitments within a specialized Merkle tree. In other words, zRA requires the device (prover) to demonstrate knowledge of specific values (challenge, response, and public_key) that when combined and hashed, result in a leaf within the Merkle tree. In practice, this approach can be viewed as an adaptation of the Tornado-cash protocol to enhance remote attestation.

Watch the following video presentation of the zRA protocol at NDSS-24:

Watch the video

References

The initial paper of this protocol has been accepted/published as part of the NDSS'24 Conference.
For more details on the building blocks, performance and security analysis of zRA, we advise you to check the manuscript, available at NDSS'24.

Title: From Interaction to Independence: zkSNARKs for Transparent and Non-Interactive Remote Attestation
Authors: Shahriar Ebrahimi, Parisa Hassanizadeh
Conference: NDSS 2024
PDF of the Camera-Ready Version: NDSS24.pdf

NDSS'24 Publication

If you have used this repo to develop a research work or product, please cite our paper:

@inproceedings{zra:NDSS24,
  title     = {From Interaction to Independence: zkSNARKs for Transparent and Non-Interactive Remote Attestation},
  author    = {Ebrahimi, Shahriar and Hassanizadeh, Parisa},
  booktitle = {Proceedings of the 31st Annual Network and Distributed System Security Symposium (NDSS'24)},
  address   = {San Diego, CA},
  month     = {February},
  year      = 2024
}

Benchmarking

All of the experiments are reproducible on commodity hardware using Linux-based operating systems. We have provided pre-built executable/binary files in the repository that can be used easily for benchmarking.

All of the benchmarks are also have been done successfully on the following tiny boards:

  1. ASUS TinkerBoard
  2. Raspberry Pi Zero 2W

Setup/Installation

The only preparation that is required to execute benchmarks is installing "node js and snarkjs package" that can be done in any OS easily as follows:

For Installing Node JS:

curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.3/install.sh | bash

source ~/.bashrc

nvm install v16.20.0

Note

in rare cases (miss-configured Linux distros), if you got an error stating that version "v16.20.0" was not found; following command might help: export NVM_NODEJS_ORG_MIRROR=http://nodejs.org/dist

For installing snarkjs:

npm install -g snarkjs

Execution

  1. clone the repository with following command:
    git clone https://github.com/zero-savvy/zk-remote-attestation.git

  2. go to the benchmark directory:
    cd zk-remote-attestation/benchmarking

  3. We have prepared a script for benchmark. Simply give it execution permissions:
    chmod +x script.sh

  4. Run the benchmarks!
    The script takes two inputs: 1) number of tests, and 2) the test name [choose from ra10 , ra20, ra30, and ra40].

Example 1: running proofs of attestation tree with height of 30 for 10 times:
./script.sh 10 ra30

Example 2: running proofs of attestation tree with height of 20 for 5 times:
./script.sh 5 ra20

Sample output: The script reports the average time for generating witness and the proof. Below is a sample output:

Average witness generation time: 0.4152 seconds
Average proof generation time: 0.7881 seconds

Note

Please note that depending on the system, generating witnesses and proofs can take time. since the generation times are usually consistent, we suggest trying the benchmark with small number of tests (e.g. 5 or 10) before running higher number of tests.

Acknowledgements

Implementation of zRA could not be possible without the following open-source projects and we appreciate all the efforts done by the community. Especially, we have used following repositories to build zRA:

[1] Circom: For building and compiling ZK circuits.

[2] CircomLib: Used for globaly tested POSEIDON implementations on Circom.

[3] Tronado-Core: Used for audited implementations of MerkleTree proofs on Circom.

[4] Circom-compatible POSEIDON implementation in JavaScript: Shoutout to @BigWhaleLabs for the accurate implementation of POSEIDON that is compatible with CircomLib.

License

This work is licensed under Attribution-NonCommercial 4.0 International