	US 12,463,817 B1
	Efficient publicly-verifiable zero-knowledge proof system with reduced proof size
Samuel Dittmer, Los Angeles, CA (US)
Assigned to STEALTH SOFTWARE TECHNOLOGIES, INC., Los Angeles, CA (US)
Filed by Stealth Software Technologies, Inc., Los Angeles, CA (US)
Filed on May 13, 2024, as Appl. No. 18/663,050.
Claims priority of provisional application 63/502,072, filed on May 12, 2023.
Int. Cl. H04L 9/32 (2006.01); H04L 9/00 (2022.01)

CPC H04L 9/3221 (2013.01) [H04L 9/008 (2013.01); H04L 9/3236 (2013.01)]

15 Claims

1. A method for generating a proof of a statement related to private data while maintaining security among mutually untrusting parties, the method comprising:

executing at a first computing device operating as a prover party:

securely storing the private data, wherein the private data is not provided to at least one of the verifier parties;

storing the statement, wherein the validity of the statement is capable of being encoded as satisfiability of an arithmetic circuit over a field;

computing a first vector A, wherein the first vector A comprises uniformly random first elements of an extension of the field;

computing a second vector B based on the private data, wherein the second vector B comprises intermediate circuit-wire values of the arithmetic circuit based on the statement, and wherein the intermediate circuit-wire values are elements of the field;

generating a message m₁representing a commitment to the first vector A and the second vector B;

computing a value alpha as a result of a collision resistant hash function applied to the message m₁;

wherein the first vector A and second vector B correspond to prover-input vectors of a line-point zero knowledge (LPZK) proof system and the value alpha corresponds to a verifier-input random value of the LPZK proof system, wherein the LPZK proof system is configured to generate a line-point evaluation output vector based on the first vector A, the second vector B, and the value alpha, and to output a polynomial-relationship satisfied or unsatisfied state, wherein the state is based on the line-point evaluation output vector;

generating a message m₂comprising a third vector, wherein the third vector is the line-point evaluation output vector of the LPZK proof system;

generating a message m₃representing a zero knowledge proof of knowledge that the first computing device correctly calculated the message m₁, the value alpha, and the message m₂, based on the first vector A and the second vector B; and

storing the messages m₁, m₂, and m₃on a computerized storage device, such that they are electronically accessible to one or more of the verifier parties by a network device, as a proof that the statement is valid.