Repository: Jamie-Cui/awesome-secure-computation
Branch: master
Commit: c1104e0fb5f1
Files: 6
Total size: 68.0 KB
Directory structure:
gitextract_674z_puq/
├── .github/
│ └── workflows/
│ └── stale.yml
├── LICENSE
├── README.md
├── he.md
├── mpc.md
└── zkp.md
================================================
FILE CONTENTS
================================================
================================================
FILE: .github/workflows/stale.yml
================================================
# This workflow warns and then closes issues and PRs that have had no activity for a specified amount of time.
#
# You can adjust the behavior by modifying this file.
# For more information, see:
# https://github.com/actions/stale
name: Mark stale issues and pull requests
on:
workflow_dispatch:
schedule:
- cron: '40 9 * * *'
jobs:
stale:
runs-on: ubuntu-latest
permissions:
issues: write
pull-requests: write
steps:
- uses: actions/stale@v5
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
stale-issue-message: 'Stale issue message. Please comment to remove stale tag. Otherwise this issue will be closed soon.'
stale-pr-message: 'Stale pull request message. Please comment to remove stale tag. Otherwise this pr will be closed soon.'
stale-issue-label: 'no-issue-activity'
stale-pr-label: 'no-pr-activity'
days-before-stale: 30
days-before-close: 7
exempt-all-assignees: true
================================================
FILE: LICENSE
================================================
This is free and unencumbered software released into the public domain.
Anyone is free to copy, modify, publish, use, compile, sell, or
distribute this software, either in source code form or as a compiled
binary, for any purpose, commercial or non-commercial, and by any
means.
In jurisdictions that recognize copyright laws, the author or authors
of this software dedicate any and all copyright interest in the
software to the public domain. We make this dedication for the benefit
of the public at large and to the detriment of our heirs and
successors. We intend this dedication to be an overt act of
relinquishment in perpetuity of all present and future rights to this
software under copyright law.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
OTHER DEALINGS IN THE SOFTWARE.
For more information, please refer to <https://unlicense.org>
================================================
FILE: README.md
================================================
# awesome-secure-computation [](https://awesome.re)
This repo is a paper summary for cryptography-based secure computation papers (I prefer published papers 😛), including topics like [*Multiparty Computation*](https://en.wikipedia.org/wiki/Secure_multi-party_computation), [*Homomorphic Encryption (or Lattice)*](https://en.wikipedia.org/wiki/Homomorphic_encryption) and [*Differential Privacy*](https://en.wikipedia.org/wiki/Differential_privacy). If you are looking for hardware solutions like Trusted Platform Module (TPM), or Trusted Execution Environment (TEE), I'm sorry this repo is not what you're looking for :(.
Here's a good place to ask questions about cryptography/cryptanalysis, or answering one (if you are capable of doing so): [https://crypto.stackexchange.com/](https://crypto.stackexchange.com/), and finding papers [Cryptology ePrint Archive](https://eprint.iacr.org/).
**Useful Links**:
- [Security Conferences Ranking](http://faculty.cs.tamu.edu/guofei/sec_conf_stat.htm) (By Prof. Guofei Gu)
- [Security and Privacy Conference Deadlines](https://sec-deadlines.github.io/)
- [Crypto21: Mentoring Videos about how to do research in cryptography](https://mentor-crypto-2021.github.io/)
**Texbooks**:
- A Pragmatic Introduction to Secure Multi-Party Computation
*David Evans, Vladimir Kolesnikov, and Mike Rosulek*
[eprint avaliable](https://www.cs.virginia.edu/~evans/pragmaticmpc/pragmaticmpc.pdf)
- Foundations of Cryptography
*Oded Goldreich*
[author's notes](https://www.wisdom.weizmann.ac.il/~oded/foc.html)
- Introduction to Modern Cryptography
*Jonathan Katz and Yehuda Lindell*
[author's notes](http://www.cs.umd.edu/~jkatz/imc.html)
**Open-source Tools (mostly in C++)**:
- [[yacl-r]](https://github.com/Jamie-Cui/yacl-r): OT(e), OPRF, VOLE, PSI (DISCLAIMER: I participant in the develop of yacl and yacl-r)
- [[emp-toolkit]](https://github.com/emp-toolkit): OT(e), ZKP, MPC
- [[libOTe]](https://github.com/osu-crypto/libOTe): OT(e), VOLE
- [[libPSI]](https://github.com/osu-crypto/libPSI): PSI
- [[MP-SPDZ]](https://github.com/mc2-project/MP-SPDZ): Generic MPC
## Contents
- [MPC](mpc.md)
* [Summaries and Talks](mpc.md/#summaries-and-talks)
* [OT](mpc.md/#ot)
* [OLE/vOLE](mpc.md/#vole)
* [OPRF and PSI](mpc.md/#oprf-and-psi)
* [PIR](mpc.md/#pir)
* [PFE](mpc.md/#pfe)
* [FSS](mpc.md/#fss)
* [Semi-honest MPC](mpc.md/#semi-honest-mpc)
* [Malicious MPC](mpc.md/#malicious-mpc)
- [ZKP](zkp.md)
(Big shout out to [Austin Wu](https://github.com/xfap)!)
- [Survey \& Tutorial](zkp.md/#survey--tutorial)
- [Milestones](zkp.md/#milestones)
- [Specific ZKP](zkp.md/#specific-zkp)
- [Traditional \& simple relations (over logarithm)](zkp.md/#traditional--simple-relations-over-logarithm)
- [Membership(Range) Proof](zkp.md/#membershiprange-proof)
- [General purpose ZKP](zkp.md/#general-purpose-zkp)
- [Frameworks](zkp.md/#frameworks)
- [with SRS(Structured Reference String), including ZKSNARK](zkp.md/#with-srsstructured-reference-string-including-zksnark)
- [with updatable universal SRS](zkp.md/#with-updatable-universal-srs)
- [with URS(Uniform Reference String), including ZKSTARK](zkp.md/#with-ursuniform-reference-string-including-zkstark)
- [DL-based](zkp.md/#dl-based)
- [MPC-in-the-head-based](zkp.md/#mpc-in-the-head-based)
- [VOLE-based (Commit-and-prove type)](zkp.md/#vole-based-commit-and-prove-type)
- [Applications on ZKP systems](zkp.md/#applications-on-zkp-systems)
- [For Machine Learning(Federated Learning)](zkp.md/#for-machine-learningfederated-learning)
- [For Web3(Authentication)](zkp.md/#for-web3authentication)
- [For Blockchains](zkp.md/#for-blockchains)
- [Signature from ZKP](zkp.md/#signature-from-zkp)
- [ZKP Standard Efforts](zkp.md/#zkp-standard-efforts)
- TODO [Lattice]
## License
see [LICENSE](LICENSE).
================================================
FILE: he.md
================================================
# Homomorphic Encryption (HE)
 
HE, especially FHE(Fully Homomorphic Encryption), does matter and are keys for now and future.
- [Homomorphic Encryption (HE)](#homomorphic-encryption-he)
- [Survey](#survey)
- [Partial HE(PHE)](#partial-hephe)
- [FHE](#fhe)
- [Classical(or Milestones)](#classicalor-milestones)
- [Multi-key FHE](#multi-key-fhe)
- [Impl. Efforts](#impl-efforts)
- [Hardware-based Acceleration](#hardware-based-acceleration)
- [Open-sourced libs](#open-sourced-libs)
- [Applications](#applications)
- [Standard Efforts](#standard-efforts)
- [Other Resources](#other-resources)
## Survey
- Computing Blindfolded,New Developments in Fully Homomorphic Encryption
*V. Vinod*
FOCS 2011, [paper](https://people.csail.mit.edu/vinodv/FHE/FHE-focs-survey.pdf), Vin11
- Practical homomorphic encryption: A survey
*C. Moore, M. O’Neill, E. O’Sullivan, Y. Doroz, and B. Sunar*
ISCAS 2014, [paper](https://pure.qub.ac.uk/files/17845072/Practical_Homomorphic_Encryption_Survey_CameraReady.pdf), MOO+14
- A Guide to Fully Homomorphic Encryption
*F. Armknecht, C. Boyd, C. Carr, A. Jaschke, and C. A. Reuter*
2016, [paper](https://eprint.iacr.org/2015/1192.pdf), ACC+16
- Homomorphic Encryption
*H. Shai*
2017, [paper](https://shaih.github.io/pubs/he-chapter.pdf), Shai17
- A Survey on Fully Homomorphic Encryption: An Engineering Perspective
*P. Martins, L. Sousa, and A. Mariano*
ACM Comput. Surv. 2018, [paper](https://eprint.iacr.org/2022/1602.pdf), MSM18
- Fundamentals of Fully Homomorphic Encryption – A survey
*Z. Brakerski*
[paper](https://eccc.weizmann.ac.il/report/2018/125/download/), Bra18
- A Decade (or So) of Fully Homomorphic Encryption
*C. Gentry*
presented at the Eurocrypt2021 invited talk, [paper](https://eurocrypt.iacr.org/2021/slides/gentry.pdf)
## Partial HE(PHE)
- ⭐️⭐️⭐️ A method for obtaining digital signatures and public-key cryptosystems
*R. L. Rivest, A. Shamir, and L. Adleman*
Communications of the ACM, [paper](https://dl.acm.org/doi/pdf/10.1145/359340.359342), RSA78
- Probabilistic encryption & how to play mental poker keeping secret all partial information
*S. Goldwasser and S. Micali*
STOC 82, [paper](https://dl.acm.org/doi/10.1145/800070.802212), GM82
- A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms
*T. ElGamal*
CRYPTO 1984, [paper](https://link.springer.com/chapter/10.1007/3-540-39568-7_2), ElGamal84
- ⭐️⭐️⭐️ A new public-key cryptosystem as secure as factoring,” in Advances in Cryptology
*T. Okamoto and S. Uchiyama*
EUROCRYPT 1998, [paper](https://link.springer.com/chapter/10.1007/bfb0054135), OU98
- A new public key cryptosystem based on higher residues
*D. Naccache and J. Stern*
CCS 98, [paper](https://dl.acm.org/doi/10.1145/288090.288106), NS98
- ⭐️⭐️⭐️ Public-Key Cryptosystems Based on Composite Degree Residuosity Classes
*P. Paillier*
EUROCRYPT 1999, [paper](https://link.springer.com/chapter/10.1007/3-540-48910-X_16), Paillier99
- ⭐️⭐️ Why Textbook ElGamal and RSA Encryption Are Insecure?
*D. Boneh, A. Joux, and P. Q. Nguyen*
ASIACRYPT 2000, [paper](https://link.springer.com/chapter/10.1007/3-540-44448-3_3), BJN00
- Chosen-Ciphertext Security for Any One-Way Cryptosystem
*D. Pointcheval*
PKC 2000, [paper](https://link.springer.com/chapter/10.1007/978-3-540-46588-1_10), Poi00
- A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System
*Ivan Damgård and Mads Jurik*
PKC 2001, [paper](https://link.springer.com/chapter/10.1007/3-540-44586-2_9), DJ01
- Elliptic Curve Paillier Schemes
*S. D. Galbraith*
J. Cryptology 2002, [paper](https://link.springer.com/article/10.1007/s00145-001-0015-6), Gal02
- Multi-bit Cryptosystems Based on Lattice Problems
*A. Kawachi, K. Tanaka, and K. Xagawa*
PKC 2007, [paper](https://link.springer.com/chapter/10.1007/978-3-540-71677-8_21),KTX07
- Optimized Paillier’s Cryptosystem with Fast Encryption and Decryption
*H. Ma, S. Han, and H. Lei*
ACSAC 21, [paper](https://doi.org/10.1145/3485832.3485842), MHL21
## FHE
### Classical(or Milestones)
- A fully homomorphic encryption scheme
*Gentry, Craig*
Stanford university 2009, [paper](https://www.proquest.com/openview/93369e65682e50979432340f1fdae44e/1?pq-origsite=gscholar&cbl=18750), Gentry09
- Fully Homomorphic Encryption Using Ideal Lattices
*Gentry, Craig*
STOC 2009, [paper](https://www.cs.cmu.edu/~odonnell/hits09/gentry-homomorphic-encryption.pdf), Gentry09
- A simple BGN-type cryptosystem from LWE
*Gentry, Craig, Shai Halevi, and Vinod Vaikuntanathan*
EUROCRYPT 2010, [paper](https://link.springer.com/chapter/10.1007/978-3-642-13190-5_26), GSV10
- Fully homomorphic encryption from ring-LWE and security for key dependent messages
*Zvika Brakerski, Vinod Vaikuntanathan*
CRYPTO 2011, [paper](https://www.iacr.org/archive/crypto2011/68410501/68410501.pdf), BV11
- (Leveled) fully homomorphic encryption without bootstrapping
*Zvika Brakerski, Craig Gentry, Vinod Vaikuntanathan
ITCS 2012, [paper](https://eprint.iacr.org/2011/277.pdf), BGV12
- Fully Homomorphic Encryption without Modulus Switching from Classical GapSVP
*Zvika Brakerski*
CRYPTO 2012, [paper](https://eprint.iacr.org/2012/078.pdf), Brakerski12
- Somewhat Practical Fully Homomorphic Encryption
*Junfeng Fan, Frederik Vercauteren*
eprint 2012, [paper](https://eprint.iacr.org/2012/144.pdf), FV12
- Packed Ciphertexts in LWE-based Homomorphic Encryption
*Zvika Brakerski, Craig Gentry, Shai Halevi*
PKC 2013, [paper](https://eprint.iacr.org/2012/565.pdf), BGH13
- Homomorphic Encryption from Learning with Errors: Conceptually-Simpler, Asymptotically-Faster, Attribute-Based
*Craig Gentry, Amit Sahai, Brent Waters*
CRYPTO 2013, [paper](https://eprint.iacr.org/2013/340.pdf), GSW13
- Efficient Fully Homomorphic Encryption from (Standard) LWE
*Zvika Brakerski, Vinod Vaikuntanathan*
SIAM Journal on computing 2014, [paper](https://eprint.iacr.org/2011/344.pdf), BV14
- FHEW: Bootstrapping Homomorphic Encryption in less than a second
*Léo Ducas, Daniele Micciancio*
EUROCRYPT 2015, [paper](https://eprint.iacr.org/2014/816.pdf), DM15
- Faster Fully Homomorphic Encryption: Bootstrapping in less than 0.1 Seconds
*Ilaria Chillotti, Nicolas Gama, Mariya Georgieva, and Malika Izabachène*
ASIACRYPT 2016, [paper](https://eprint.iacr.org/2016/870.pdf), CGG+16
- Homomorphic Encryption for Arithmetic of Approximate Numbers
*Jung Hee Cheon, Andrey Kim, Miran Kim, Yongsoo Song*
ASIACRYPT 2017, [paper](https://eprint.iacr.org/2016/421.pdf) , CKKS17
- Threshold Cryptosystems from Threshold Fully Homomorphic Encryption
*Dan Boneh, Rosario Gennaro, Steven Goldfeder, Aayush Jain, Sam Kim, Peter M. R. Rasmussen, Amit Sahai*
CRYPTO 2018, [paper](https://eprint.iacr.org/2017/956.pdf), BGG+18
- TFHE: Fast Fully Homomorphic Encryption Over the Torus
*Ilaria Chillotti, Nicolas Gama, Mariya Georgieva, Malika Izabachène*
Journal of Cryptology 2019, [paper](https://eprint.iacr.org/2018/421.pdf), BGG+2019
- Bootstrapping fully homomorphic encryption over the integers in less than one second
*Hilder Vitor Lima Pereira*
PKC 2021, [paper](https://eprint.iacr.org/2020/995.pdf), Pereira21
- Improved Programmable Bootstrapping with Larger Precision and Efficient Arithmetic Circuits for TFHE
*Ilaria Chillotti, Damien Ligier, Jean-Baptiste Orfila, Samuel Tap*
ASIACRYPT 2021, [paper](https://eprint.iacr.org/2021/729.pdf), CLO+21
- Efficient FHEW Bootstrapping with Small Evaluation Keys, and Applications to Threshold Homomorphic Encryption
*Yongwoo Lee, Daniele Micciancio, Andrey Kim, Rakyong Choi, Maxim Deryabin, Jieun Eom, Donghoon Yoo*
EUROCRYPT 2023, [paper](https://eprint.iacr.org/2022/198.pdf), LMK+23
### Multi-key FHE
- On-the-Fly Multiparty Computation on the Cloud via Multikey Fully Homomorphic Encryption
*Adriana Lopez-Alt, Eran Tromer, Vinod Vaikuntanathan*
STOC 2012, [paper](https://eprint.iacr.org/2013/094.pdf), LTV12
- Multi-Identity and Multi-Key Leveled FHE from Learning with Errors
*Michael Clear, Ciarán McGoldrick*
CRYPTO 2015, [paper](https://eprint.iacr.org/2014/798.pdf), CM15
- Lattice-Based Fully Dynamic Multi-key FHE with Short Ciphertexts
*Zvika Brakerski, Renen Perlman*
CRYPTO 2016, [paper](https://eprint.iacr.org/2016/339.pdf), BP16
- Multi-Key FHE from LWE, Revisited
*Chris Peikert, Sina Shiehian*
TCC 2016, [paper](https://eprint.iacr.org/2016/196.pdf), PS16
- Two Round Multiparty Computation via Multi-Key FHE
*Pratyay Mukherjee, Daniel Wichs*
EUROCRYPT 2016, [paper](https://eprint.iacr.org/2015/345.pdf), MW16
- Efficient Multi-Key Homomorphic Encryption with Packed Ciphertexts with Application to Oblivious Neural Network Inference
*Hao Chen, Wei Dai, Miran Kim, Yongsoo Song*
CCS 2019, [paper](https://eprint.iacr.org/2019/524.pdf), CDKS19
- Multi-Key Homomophic Encryption from TFHE
*Hao Chen, Ilaria Chillotti, Yongsoo Song*
ASIACRYPT 2019, [paper](https://eprint.iacr.org/2019/116.pdf), CCS19
## Impl. Efforts
- Can homomorphic encryption be practical?
*M. Naehrig, K. Lauter, and V. Vaikuntanathan*
the 3rd ACM workshop on Cloud computing security workshop 2011, [paper](https://eprint.iacr.org/2011/405.pdf), NLV11
- A Comparison of the Homomorphic Encryption Schemes FV and YASHE
*T. Lepoint and M. Naehrig*
AFRICACRYPT 2014, [paper](https://eprint.iacr.org/2014/062.pdf), LN14
- Building an Efficient Lattice Gadget Toolkit: Subgaussian Sampling and More
*N. Genise, D. Micciancio, and Y. Polyakov*
EUROCRYPT 2019, [paper](https://eprint.iacr.org/2018/946.pdf), GMP19
- Simple Encrypted Arithmetic Library - SEAL v2.1
*Hao Chen, Kim Laine, Rachel Player*
FC 2017,[paper](https://eprint.iacr.org/2017/224.pdf), [version 2.3 by Kim Laine](https://www.microsoft.com/en-us/research/uploads/prod/2017/11/sealmanual-2-3-1.pdf), CLP17
- Faster Homomorphic Linear Transformations in HElib
*S. Halevi and V. Shoup*
CRYPTO 2018, [paper](https://eprint.iacr.org/2018/244), HS18
- OpenFHE: Open-Source Fully Homomorphic Encryption Library
*A. A. Badawi et al.*
WAHC 2022, [paper](https://eprint.iacr.org/2022/915), BBB+22
### Hardware-based Acceleration
- Intel HEXL: Accelerating Homomorphic Encryption with Intel AVX512-IFMA52
*Fabian Boemer, Sejun Kim, Gelila Seifu, Fillipe D. M. de Souza, Vinodh Gopal*
Proceedings of the 9th on Workshop on Encrypted Computing & Applied Homomorphic Cryptography 2021, [paper](https://dl.acm.org/doi/abs/10.1145/3474366.3486926), BKS+21
### Open-sourced libs
| Name | Description | Scheme | Language |
| ------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------- | ----------- |
| [Secretflow/HEU](https://github.com/secretflow/heu) | A high-performance homomorphic encryption algorithm library | Paillier, OU, ElGamal, FHE(in developing) | C++, python |
| [OpenFHE](https://github.com/openfheorg/openfhe-development) | OpenFHE is an open-source FHE library that includes efficient implementations of all common FHE schemes | - BFV, BGV, CKKS, DM, CGGI, <br/> - Threshold FHE & Proxy Re-Encryption for BFV, BGV, CKKS | C++ |
| [microsoft/SEAL](https://github.com/microsoft/SEAL) | an easy-to-use open-source homomorphic encryption library | BFV, BGV, CKKS | C++, C# |
See more, https://github.com/jonaschn/awesome-he#libraries
## Applications
Here just list several inspirational and instructive applicaitons.
## Standard Efforts
- PSEC-3: Provably Secure Elliptic Curve Encryption Scheme
*T. Okamoto and D. Pointcheval*
Submission to IEEE P1363a, 2000, [paper](https://citeseerx.ist.psu.edu/document?repid=rep1&type=pdf&doi=4acdabff9b41622d0ee49ade2d0b4302e3727bf5), OP00; [a note by Rachel Shipsey](https://www.cosic.esat.kuleuven.be/nessie/reports/phase1/rhuwp3-008b.pdf),
- Homomorphic Encryption Security Standard v1.1
*Martin Albrecht and Melissa Chase and Hao Chen and Jintai Ding and Shafi Goldwasser and Sergey Gorbunov and Shai Halevi and Jeffrey Hoffstein and Kim Laine and Kristin Lauter and Satya Lokam and Daniele Micciancio and Dustin Moody and Travis Morrison and Amit Sahai and Vinod Vaikuntanathan*
HomomorphicEncryption.org, [paper](http://homomorphicencryption.org/wp-content/uploads/2018/11/HomomorphicEncryptionStandardv1.1.pdf), [homepage](https://homomorphicencryption.org/standard/), ACC+18
## Other Resources
- [Homomorphic Encryption References](https://people.csail.mit.edu/vinodv/FHE/FHE-refs.html)
================================================
FILE: mpc.md
================================================
# MPC
> MPC: Multi-Party Computation
## Summaries and Talks
- 10th BIU Winter School: information-theoretic cryptography, 2020, [link](https://cyber.biu.ac.il/event/the-10th-biu-winter-school-on-cryptography/)
- 9th BIU Winter School: information-theoretic cryptography: zero-knowledge proofs, 2019
- SoK: General purpose compilers for secure multi-party computation, 2019, [Github](https://github.com/MPC-SoK/frameworks), [Paper](https://ieeexplore.ieee.org/abstract/document/8835312)
- Crypto Innovation School 2018, [link](https://crypto.sjtu.edu.cn/cis2018/)
## OT
> OT: Oblivious Transfer
> 1-out-of-2 base OT and OT Extensions
- Half-Tree: Halving the Cost of Tree Expansion in COT and DPF
*Xiaojie Guo, Kang Yang, Xiao Wang, Wenhao Zhang, Xiang Xie, Jiang Zhang, Zheli Liu*
EUROCRYPT 2023, [eprint](https://eprint.iacr.org/2022/1431), GYWZ+23
- SoftSpokenOT: Quieter OT Extension from Small-Field Silent VOLE in the Minicrypt Model
*Lawrence Roy*
Crypto 2022, [publisher](https://www.iacr.org/cryptodb//data/paper.php?pubkey=32258), Roy22
- Silver: Silent VOLE and Oblivious Transfer from Hardness of Decoding Structured LDPC Codes
*Geoffroy Couteau, Peter Rindal, Srinivasan Raghuraman*
Crypto 2021, [eprint](https://eprint.iacr.org/2021/1150), CRR21
- The Rise of Paillier: Homomorphic Secret Sharing and Public-Key Silent OT
*Claudio Orlandi, Peter Scholl, Sophia Yakoubov*
EuroCrypt 2021, [eprint](https://eprint.iacr.org/2021/262), OSY21
- Batching Base Oblivious Transfers
*Ian McQuoid, Mike Rosulek, Lawrence Roy*
AsiaCrypt 2021, [eprint](https://eprint.iacr.org/2021/682), MRR21
- Ferret: Fast Extension for coRRElated oT with small communication
*Kang Yang, Chenkai Weng, Xiao Lan, Jiang Zhang, Xiao Wang*
CCS'20, [eprint](https://eprint.iacr.org/2020/924), YWLZ+20
- Efficient Two-Round OT Extension and Silent Non-Interactive Secure Computation
*Elette Boyle, Geoffroy Couteau, Niv Gilboa, Yuval Ishai, Lisa Kohl, Peter Rindal, Peter Scholl*
CCS 2019, [eprint](https://eprint.iacr.org/2019/1159), BCGI+19 (with Peter Rindal)
- Endemic Oblivious Transfer
*Daniel Masny, Peter Rindal*
CCS 2019, [eprint](https://eprint.iacr.org/2019/706), MR19
- Efficient Pseudorandom Correlation Generators: Silent OT Extension and More
*Elette Boyle, Geoffroy Couteau, Niv Gilboa, Yuval Ishai, Lisa Kohl, Peter Scholl*
Crypto 2019, [eprint](https://eprint.iacr.org/2019/448), BCGI+19 (without Peter Rindal)
- Actively Secure 1-out-of-N OT Extension with Application to Private Set Intersection
*Michele Orrù, Emmanuela Orsini, Peter Scholl*
CT-RSA 2017, [eprint](https://eprint.iacr.org/2016/933), OOS17
- Actively Secure OT Extension with Optimal Overhead
*Marcel Keller, Emmanuela Orsini, Peter Scholl*
Crypto 2015, [eprint](https://eprint.iacr.org/2015/546), KOS15
- The Simplest Protocol for Oblivious Transfer
*Tung Chou, Claudio Orlandi*
LatinCrypt 2015, [eprint](https://eprint.iacr.org/2015/267), CO15
- More Efficient Oblivious Transfer and Extensions for Faster Secure Computation
*Gilad Asharov, Yehuda Lindell, Thomas Schneider, Michael Zohner*
CCS 2013, [eprint](https://eprint.iacr.org/2013/552), ALSZ13
- Extending Oblivious Transfers Efficiently
*Yuval Ishai, Joe Kilian, Kobbi Nissim, Erez Petrank*
Crypto 2003, [eprint](https://www.iacr.org/archive/crypto2003/27290145/27290145.pdf), IKNP03
- Oblivious Transfer and Polynomial Evaluation
*Moni Naor, Benny Pinkas*
STOC 1999, [eprint](https://dl.acm.org/doi/pdf/10.1145/301250.301312), NP99
## (s)(v)OLE
- Two-Round Oblivious Linear Evaluation from Learning with Errors
*Pedro Branco, Nico Do ̈ttling, Paulo Mateus*
PKC 2022, [eprint](https://eprint.iacr.org/2020/635), BDM22
- Correlated Pseudorandomness from Expand-Accumulate Codes
*Elette Boyle, Geoffroy Couteau, Niv Gilboa, Yuval Ishai, Lisa Kohl, Nicolas Resch, Peter Scholl*
Crypto 2022, [eprint](https://eprint.iacr.org/2022/1014), BCG+22
- Silver: Silent VOLE and Oblivious Transfer from Hardness of Decoding Structured LDPC Codes
*Geoffroy Couteau, Peter Rindal, Srinivasan Raghuraman*
Crypto 2021, [eprint](https://eprint.iacr.org/2021/1150), CRR21
- Two-Round Oblivious Linear Evaluation from Learning with Errors
*Pedro Branco, Nico Döttling, Paulo Mateus*
PKC 2022, [eprint](https://eprint.iacr.org/2020/635), BDM20
- Efficient Protocols for Oblivious Linear Function Evaluation from Ring-LWE
*Carsten Baum, Daniel Escudero, Alberto Pedrouzo-Ulloa, Peter Scholl, Juan Ramón Troncoso-Pastoriza*
SCN 2020, [eprint](https://eprint.iacr.org/2020/970), BEPS+20
- Distributed vector-OLE: Improved constructions and implementation
*Phillipp Schoppmann, Adrià Gascón, Leonie Reichert, Mariana Raykova*
CCS 2019, [eprint](https://eprint.iacr.org/2019/1084), SGRR19
- Compressing vector OLE
*Elette Boyle, Geoffroy Couteau, Niv Gilboa, Yuval Ishai*
CCS 2018, [eprint](https://eprint.iacr.org/2019/273), BCGI18
- Maliciously secure oblivious linear function evaluation with constant overhead
*Satrajit Ghosh, Jesper Buus Nielsen, Tobias Nilges*
AsiaCrypt 2017, [eprint](https://eprint.iacr.org/2017/409), GNN17
- TinyOLE: Efficient actively secure two-party computation from oblivious linear function evaluation, 2017,
*Nico Döttling, Satrajit Ghosh, Jesper Buus Nielsen, Tobias Nilges, Roberto Trifiletti*
CCS 2017, [eprint](https://eprint.iacr.org/2017/790), DGNN+17
- Oblivious Transfer and Polynomial Evaluation
*Moni Naor, Benny Pinkas*
STOC 1999, [eprint](https://dl.acm.org/doi/pdf/10.1145/301250.301312), NP99
## OPRF and PSI
- Improved Private Set Intersection for Sets with Small Entries
*S. Dov Gordon, Carmit Hazay, Phi Hung Le*
PKC 2023, [eprint](https://eprint.iacr.org/2022/334)
- Blazing Fast PSI from Improved OKVS and Subfield VOLE
*Peter Rindal, Srinivasan Raghuraman*
CCS 2022, [eprint](https://eprint.iacr.org/2022/320)
- Fully Secure PSI via MPC-in-the-Head
*S. Dov Gordon, Carmit Hazay, Phi Hung Le*
Pets 2022, [eprint](https://eprint.iacr.org/2022/379)
- PSI from Ring-OLE
*Wutichai Chongchitmate, Yuval Ishai, Steve Lu, Rafail Ostrovsky*
CCS 2022, [link](https://dl.acm.org/doi/abs/10.1145/3548606.3559378)
- (Industry) The Apple PSI System
[analysis](https://www.apple.com/child-safety/pdf/Apple_PSI_System_Security_Protocol_and_Analysis.pdf)
- Circuit-PSI with Linear Complexity via Relaxed Batch OPPRF
*Nishanth Chandran, Divya Gupta, Akash Shah*
PETS 2022, [eprint](https://eprint.iacr.org/2021/034), CGS22
- Oblivious Key-Value Stores and Amplification for Private Set Intersection
*Gayathri Garimella, Benny Pinkas, Mike Rosulek, Ni Trieu, Avishay Yanai*
Crypto 2021, [eprint](https://eprint.iacr.org/2021/883), GPRT+21
- Compact and Malicious Private Set Intersection for Small Sets
*Mike Rosulek, Ni Trieu*
CCS 2021, [eprint](https://eprint.iacr.org/2021/1159), RT21
- Simple, Fast Malicious Multiparty Private Set Intersection
*Ofri Nevo, Ni Trieu, Avishay Yanai*
CCS 2021, [eprint](https://eprint.iacr.org/2021/1221), NTY21
- Labeled PSI from Homomorphic Encryption with Reduced Computation and Communication
*Kelong Cong, Radames Cruz Moreno, Mariana Botelho da Gama, Wei Dai, Ilia Iliashenko, Kim Laine, Michael Rosenberg*
CCS 2021, [eprint](https://eprint.iacr.org/2021/1116), CMBD+21
- VOLE-PSI: Fast OPRF and Circuit-PSI from Vector-OLE
*Peter Rindal, Phillipp Schoppmann*
EuroCrypt 2021, [eprint](https://eprint.iacr.org/2021/266), RS21
- Private Set Operations from Oblivious Switching
*Gayathri Garimella, Payman Mohassel, Mike Rosulek, Saeed Sadeghian, Jaspal Singh*
PKC 2021, [eprint](https://eprint.iacr.org/2021/243), GMRS21
- Private Matching for Compute
*Prasad Buddhavarapu, Andrew Knox, Payman Mohassel, Shubho Sengupta, Erik Taubeneck, Vlad Vlaskin*
Unpublished 2020, [eprint](https://eprint.iacr.org/2020/599)
- Private Set Intersection in the Internet Setting From Lightweight Oblivious PRF
*Melissa Chase, Peihan Miao*
Crypto 2020, [eprint](https://eprint.iacr.org/2020/729), CM20
- SpOT-Light: Lightweight Private Set Intersection from Sparse OT Extension, 2019,
*Benny Pinkas, Mike Rosulek, Ni Trieu, Avishay Yanai*
Crypto 2019, [eprint](https://eprint.iacr.org/2019/634), PRTY19
- PIR-PSI: Scaling Private Contact Discovery
*Daniel Demmler, Peter Rindal, Mike Rosulek, Ni Trieu*
PETS 2018, [eprint](https://eprint.iacr.org/2018/579), DRRT18
- Malicious-Secure Private Set Intersection via Dual Execution
*Peter Rindal, Mike Rosulek*
CCS 2017, [eprint](https://eprint.iacr.org/2017/769), RR17b
- Improved Private Set Intersection Against Malicious Adversaries
*Peter Rindal, Mike Rosulek*
EuroCrypt 2017, [eprint](https://eprint.iacr.org/2016/746), RR17a
- Efficient Batched Oblivious PRF with Applications to Private Set Intersection
*Vladimir Kolesnikov, Ranjit Kumaresan, Mike Rosulek, Ni Trieu*
CCS 2016, [eprint](https://eprint.iacr.org/2016/799), KKRT16
- Phasing: Private Set Intersection using Permutation-based Hashing
*Benny Pinkas, Thomas Schneider, Gil Segev, Michael Zohner*
Usenix Security 2015, [eprint](https://eprint.iacr.org/2015/634), PSSZ15
- Private Set Intersection: Are Garbled Circuits Better than Custom Protocols?
*Yan Huang, David Evans, Jonathan Katz*
NDSS 2012, [eprint](https://www.cs.umd.edu/~jkatz/papers/psi.pdf), HEK12
- Linear-Complexity Private Set Intersection Protocols Secure in Malicious Model
*Emiliano De Cristofaro, Jihye Kim, Gene Tsudik*
AsiaCrypt 2010, [eprint](https://eprint.iacr.org/2010/469), CKT10
- Practical Private Set Intersection Protocols with Linear Computational and Bandwidth Complexity
*Emiliano De Cristofaro, Gene Tsudik*
Unpublished 2010, [eprint](https://eprint.iacr.org/2009/491), CT10
- Information Sharing Across Private Databases
*Rakesh Agrawal, Alexandre V. Evfimievski, Ramakrishnan Srikant*
SIGMOD 2003, [eprint](https://www.cs.cornell.edu/aevf/research/SIGMOD_2003.pdf), AES03
## PIR
- OnionPIR: Response Efficient Single-Server PIR
*Muhammad Haris Mughees, Hao Chen, Ling Ren*
CCS 2021, [eprint](https://eprint.iacr.org/2021/1081), MCR21
- On the Security of Doubly Efficient PIR
*Elette Boyle, Justin Holmgren, Fermi Ma, Mor Weiss*
Report 2021, [eprint](https://eprint.iacr.org/2021/1113)
- Random-index PIR with Applications to Large-Scale Secure MPC
*Craig Gentry, Shai Halevi, Bernardo Magri, Jesper Buus Nielsen, Sophia Yakoubov*
TCC 2021, [eprint](https://eprint.iacr.org/2020/1248), GHMN+20
- Private Information Retrieval with Sublinear Online Time
*Henry Corrigan-Gibbs, Dmitry Kogan*
EuroCrypt 2020, [eprint](https://eprint.iacr.org/2019/1075), GK20
- Batched Differentially Private Information Retrieval
*Kinan Dak Albab, Rawane Issa, Mayank Varia, Kalman Graffi*
Unpublished 2020, [eprint](https://eprint.iacr.org/2020/1596.pdf), AIVG20
- Communication Computation Trade-offs in PIR
*Asra Ali, Tancrède Lepoint, Sarvar Patel, Mariana Raykova, Phillipp Schoppmann, Karn Seth, Kevin Yeo*
Usenix Security 2019, [eprint](https://eprint.iacr.org/2019/1483), ALPR+19
- PIR with Compressed Queries and Amortized Query Processing
*Sebastian Angel, Hao Chen, Kim Laine, Srinath T. V. Setty*
SP 2018, [eprint](https://eprint.iacr.org/2017/1142), ACLS+18
- Private Stateful Information Retrieval
*Sarvar Patel, Giuseppe Persiano, Kevin Yeo*
CCS 2018, [eprint](https://eprint.iacr.org/2018/1083), PPY18
- Can We Access a Database Both Locally and Privately?
*Elette Boyle, Yuval Ishai, Rafael Pass, Mary Wootters*
TCC 2017, [eprint](https://eprint.iacr.org/2017/567), BIPW17
- Towards Doubly Efficient Private Information Retrieval
*Ran Canetti, Justin Holmgren, Silas Richelson*
TCC 2017, [eprint](https://eprint.iacr.org/2017/568), CHR17
- XPIR : Private Information Retrieval for Everyone
*Carlos Aguilar Melchor, Joris Barrier, Laurent Fousse, Marc-Olivier Killijian*
PETS 2016, [eprint](https://eprint.iacr.org/2014/1025), MBFK16
- Optimal Rate Private Information Retrieval from Homomorphic Encryption
*Aggelos Kiayias, Nikos Leonardos, Helger Lipmaa, Kateryna Pavlyk, Qiang Tang*
PETS 2015, [eprint](https://petsymposium.org/2015/papers/23_Kiayias.pdf), KLLP+15
- First CPIR Protocol with Data-Dependent Computation
*Helger Lipmaa*
ICISC 2009, [eprint](https://dl.acm.org/doi/10.5555/1883749.1883769), LIP09
- An Oblivious Transfer Protocol with Log-Squared Communication
*Helger Lipmaa*
ISC 2005, [eprint](https://eprint.iacr.org/2004/063), LIP05
- Single-Database Private Information Retrieval with Constant Communication Rate
*Craig Gentry, Zulfikar Ramzan*
ICALP 2005, [eprint](https://www.cs.umd.edu/~gasarch/TOPICS/pir/logn.pdf), GR05
- A New Efficient All-Or-Nothing Disclosure of Secrets Protocol
*Julien P. Stern*
AsiaCrypt 1998, [eprint](https://link.springer.com/content/pdf/10.1007%2F3-540-49649-1_28.pdf), Stern98
- Replication is NOT needed: SINGLE database, computationally- private information retrieval
*Eyal Kushilevitz, Rafail Ostrovsky*
FOCS 1997, [eprint](https://web.cs.ucla.edu/~rafail/PUBLIC/34.pdf), KO97
## PFE
- Linear-Complexity Private Function Evaluation is Practical
*Marco Holz, Ágnes Kiss, Deevashwer Rathee, Thomas Schneider*
ESORICS 2020, [eprint](https://eprint.iacr.org/2020/853), HKRS20
- An Efficient 2-Party Private Function Evaluation Protocol Based on Half Gates
*Muhammed Ali Bingöl, Osman Biçer, Mehmet Sabir Kiraz, Albert Levi*
Comput. J 2019, [eprint](https://eprint.iacr.org/2017/415), BBKL19
- Highly Efficient and Reusable Private Function Evaluation with Linear Complexity
*Osman Biçer, Muhammed Ali Bingöl, Mehmet Sabir Kiraz*
Unpublished 2018, [eprint](https://eprint.iacr.org/2018/515), BBKL18
- Actively Secure Private Function Evaluation
*Payman Mohassel, Seyed Saeed Sadeghian, Nigel P. Smart*
AsiaCrypt 2014, [eprint](https://eprint.iacr.org/2014/102), MSS14
- How to Hide Circuits in MPC: An Efficient Framework for Private Function Evaluation
*Payman Mohassel, Seyed Saeed Sadeghian*
EuroCrypt 2013, [eprint](https://eprint.iacr.org/2013/137), MS13
- Constant-round private function evaluation with linear complexity
*Jonathan Katz, Lior Malka*
AsiaCrypt 2011, [eprint](https://eprint.iacr.org/2010/528), KM11
- Bureaucratic protocols for secure two-party sorting, selection, and permuting
*Guan Wang, Tongbo Luo, Michael T. Goodrich, Wenliang Du, Zutao Zhu*
AsiaCCS 2010, [eprint](https://dl.acm.org/doi/10.1145/1755688.1755716), WLGD+10
- Selective private function evaluation with applications to private statistics
*Ran Canetti, Yuval Ishai, Ravi Kumar, Michael K. Reiter, Ronitt Rubinfeld, Rebecca N. Wright*
PODC 2001, [eprint](https://dl.acm.org/doi/10.1145/383962.384047), CIKR+01
## FSS
- Lightweight Techniques for Private Heavy Hitters
*Dan Boneh, Elette Boyle, Henry Corrigan-Gibbs, Niv Gilboa, Yuval Ishai*
SP 2021, [eprint](https://arxiv.org/abs/2012.14884), BBGG+21
- Function Secret Sharing for PSI-CA : With Applications to Private Contact Tracing
*Samuel Dittmer, Yuval Ishai, Steve Lu, Rafail Ostrovsky, Mohamed Elsabagh, Nikolaos Kiourtis, Brian Schulte, Angelos Stavrou*
Unpublished 2021, [eprint](https://eprint.iacr.org/2020/1599), DILO+21
- Function Secret Sharing for Mixed-Mode and Fixed-Point Secure Computation
*Elette Boyle, Nishanth Chandran, Niv Gilboa, Divya Gupta, Yuval Ishai, Nishant Kumar, Mayank Rathee*
EuroCrypt 2021, [eprint](https://eprint.iacr.org/2020/1392), BCGI+21
- Correlated Pseudorandom Functions from Variable-Density LPN
*Elette Boyle, Geoffroy Couteau, Niv Gilboa, Yuval Ishai, Lisa Kohl, Peter Scholl*
FOCS 2020, [eprint](https://eprint.iacr.org/2020/1417), BCGI+20
- Secure Computation with Preprocessing via Function Secret Sharing
*Elette Boyle, Niv Gilboa, Yuval Ishai*
TCC 2019, [eprint](https://eprint.iacr.org/2019/1095), BGI19
- Efficient Two-Round OT Extension and Silent Non-Interactive Secure Computation
*Elette Boyle, Geoffroy Couteau, Niv Gilboa, Yuval Ishai, Lisa Kohl, Peter Rindal, Peter Scholl*
CCS 2019, [eprint](https://eprint.iacr.org/2019/1159), BCGI+19
- Function secret sharing: Improvements and extensions
*Elette Boyle, Niv Gilboa, Yuval Ishai*
CCS 2016, [eprint](https://eprint.iacr.org/2018/707), BGI16
- Function Secret Sharing
*Elette Boyle, Niv Gilboa, Yuval Ishai*
EuroCrypt 2015, [eprint](https://www.iacr.org/archive/eurocrypt2015/90560300/90560300.pdf), BGI15
- Distributed Point Functions and Their Applications
*Niv Gilboa, Yuval Ishai*
EuroCrypt 2014, [eprint](https://www.iacr.org/archive/eurocrypt2014/84410245/84410245.pdf), GI19
## Semi-honest MPC
- The Round Complexity of Secure Protocols
*Donald Beaver, Silvio Micali, Phillip Rogaway*
STOC 1990, [eprint](http://web.cs.ucdavis.edu/~rogaway/papers/bmr90), BMR90
- Completeness Theorems for Non-Cryptographic Fault Tolerant Distributed Computation
*Michael Ben-Or, Shafi Goldwasser, Avi Wigderson*
STOC 1988, [eprint](https://dl.acm.org/doi/10.1145/62212.62213), BGW88
- How to play any mental game?
*Oded Goldreich, Silvio Micali, Avi Wigderson*
STOC 1987, [eprint](https://dl.acm.org/doi/10.1145/28395.28420), GMW87
- How to generate and exchange secrets?
*Andrew Chi-Chih Yao*
FOCS 1986, [eprint](https://ieeexplore.ieee.org/document/4568207), Yao86
## Malicious MPC
- MHz2k: MPC from HE over Z2k with New Packing, Simpler Reshare, and Better ZKP
*Jung Hee Cheon, Dongwoo Kim, Keewoo Lee*
Crypto 2021, [eprint](https://eprint.iacr.org/2021/1383), CKLM+21
- MonZa2k: Fast Maliciously Secure Two Party Computation on Z_{2^k}
*Dario Catalano, Mario Di Raimondo, Dario Fiore, Irene Giacomelli*
PKC 2020, [eprint](https://eprint.iacr.org/2019/211), CRFG20
- Overdrive2k: Efficient Secure MPC over $Z_{2^k}$ from Somewhat Homomorphic Encryption
*Emmanuela Orsini, Nigel P. Smart, Frederik Vercauteren*
CT-RSA 2020, [eprint](https://eprint.iacr.org/2019/153), OSVJ19
- New Primitives for Actively-Secure MPC over Rings with Applications to Private Machine Learning
*Ivan Damgård, Daniel Escudero, Tore Kasper Frederiksen, Marcel Keller, Peter Scholl, Nikolaj Volgushev*
SP 2019, [eprint](https://eprint.iacr.org/2019/599), DEF19
- Using TopGear in Overdrive: A more efficient ZKPoK for SPDZ
*Carsten Baum, Daniele Cozzo, Nigel P. Smart*
SAC 2019, [eprint](https://eprint.iacr.org/2019/035), BCS19
- SPDZ2k: Efficient MPC MOD 2k for dishonest majority
*Ronald Cramer, Ivan Damgård, Daniel Escudero, Peter Scholl, Chaoping Xing*
Crypto 2018, [eprint](https://eprint.iacr.org/2018/482), SDES+18
- Overdrive: Making SPDZ great again
*Marcel Keller, Valerio Pastro, Dragos Rotaru*
EuroCrypt 2018, [eprint](https://eprint.iacr.org/2017/1230), KPR18
- High-throughput secure three-party computation for malicious adversaries and an honest majority
*Jun Furukawa, Yehuda Lindell, Ariel Nof, Or Weinstein*
EuroCrypt 2017, [eprint](https://eprint.iacr.org/2016/944), FLNW17
- MASCOT: Faster Malicious Arithmetic Secure Computation with Oblivious Transfer
*Marcel Keller, Emmanuela Orsini, Peter Scholl*
CCS 2016, [eprint](https://eprint.iacr.org/2016/505), KOS16
- A New Approach to Practical Active-Secure Two-Party Computation
*Jesper Buus Nielsen, Peter Sebastian Nordholt, Claudio Orlandi, Sai Sheshank Burra*
Crypto 2012, [eprint](https://eprint.iacr.org/2011/091), NNOB12
================================================
FILE: zkp.md
================================================
# Zero-knowledge Proof (ZKP)
> **"We are currently experiencing a Cambrian Explosion in the field of cryptographic proofs of computational integrity (CI), a subset of which include zero knowledge proofs**. While a couple of years ago there were about 1–3 new systems a year, the rate has picked up so much that today we are seeing this same amount monthly, if not weekly."
>
> -- ELI BEN-SASSON, [A Cambrian Explosion of Crypto Proofs](https://nakamoto.com/cambrian-explosion-of-crypto-proofs/)
Since its invention in 1986, ZKP systems, more and more, become building blocks for many other important domains, such as blockchains, Anonymous Credentials (in Web3), authentication systems, etc. In the following, we will mainly elaborate on the pratical ZKPs and roughly divide them into two categories: specific purpose ZKP and general purpose ZKP, in which their differences mainly come from the ability to prove different statements.
> If we compare this with Partial Homomorphic Encryption and Fully Homomorphic Encryption, specific ZKP can only prove some specific(simple) and finite statements, while general ZK (theoretically) can prove any statements.
- [Zero-knowledge Proof (ZKP)](#zero-knowledge-proof-zkp)
- [Survey \& Tutorial](#survey--tutorial)
- [Milestones](#milestones)
- [Specific ZKP](#specific-zkp)
- [Traditional \& simple relations (over logarithm)](#traditional--simple-relations-over-logarithm)
- [Membership(Range) Proof](#membershiprange-proof)
- [General purpose ZKP](#general-purpose-zkp)
- [Frameworks](#frameworks)
- [with SRS(Structured Reference String), including ZKSNARK](#with-srsstructured-reference-string-including-zksnark)
- [with updatable universal SRS](#with-updatable-universal-srs)
- [with URS(Uniform Reference String), including ZKSTARK](#with-ursuniform-reference-string-including-zkstark)
- [DL-based](#dl-based)
- [MPC-in-the-head-based](#mpc-in-the-head-based)
- [VOLE-based (Commit-and-prove type)](#vole-based-commit-and-prove-type)
- [Applications on ZKP systems](#applications-on-zkp-systems)
- [For Machine Learning(Federated Learning)](#for-machine-learningfederated-learning)
- [For Web3(Authentication)](#for-web3authentication)
- [For Blockchains](#for-blockchains)
- [Signature from ZKP](#signature-from-zkp)
- [ZKP Standard Efforts](#zkp-standard-efforts)
## Survey & Tutorial
- Zero-Knowledge twenty years after its invention, also called A Short Tutorial of Zero-Knowledge
*Oded Goldreich*
Gol10, [paper](https://www.wisdom.weizmann.ac.il/~oded/PSX/zk-tut10.pdf), [Gol04 older version](https://www.wisdom.weizmann.ac.il/~oded/PSX/zk-tut02v4.pdf),[homepage](https://www.wisdom.weizmann.ac.il/~oded/zk-tut02.html)
- Proofs, Arguments, and Zero-Knowledge
*Justin Thaler*
Tha23, [paper](https://people.cs.georgetown.edu/jthaler/ProofsArgsAndZK.pdf)
## Milestones
- The Knowledge Complexity of Interactive Proof-Systems (**Invention of zero-knowledge**)
*Shafi Goldwasser, Silvio Micali, and Charle Rackoff*
STOC 1985, [paper](https://dl.acm.org/doi/10.1145/22145.22178), GMR85
- On defining proofs of knowledge
*Bellare Mihir and Oded Goldreich*
CRYPTO 1992, [paper](https://link.springer.com/chapter/10.1007/3-540-48071-4_28), BG92
- Algebraic methods for interactive proof systems
*Carsten Lund, Lance Fortnow, Howard Karloff, and Noam Nisan*
JACM 1992, [paper](https://dl.acm.org/doi/pdf/10.1145/146585.146605), LFKN92
- Efficient Identification and Signatures for Smart Cards
*Schnorr Claus-Peter*
CRYPTO 1989, [paper](https://link.springer.com/chapter/10.1007/0-387-34805-0_22), Sch89
- Zero-knowledge from secure multiparty computation
*Yuval Ishai, Eyal Kushilevitz, Rafail Ostrovsky, and Amit Sahai*
STOC 2007, [paper](http://web.cs.ucla.edu/~sahai/work/web/2007%20Publications/STOC2007.pdf), IKOS07
- Delegating computation: interactive proofs for muggles
*Shafi Goldwasser, Yael Tauman Kalai, and Guy N. Rothblum*
STOC 2008, [paper](https://dl.acm.org/doi/pdf/10.1145/2699436), [GKR08 older version](https://web.archive.org/web/20130401194435id_/http://research.microsoft.com/en-us/um/people/yael/publications/2008-DelegatingComputation.pdf), GKR08
- Short Pairing-Based Non-Interactive Zero-Knowledge Arguments
*Groth Jens*
ASIACRYPT 2010, [paper](http://www0.cs.ucl.ac.uk/staff/J.Groth/ShortNIZK.pdf), Gro10
- Quadratic Span Programs and Succinct NIZKs without PCPs
*Rosario Gennaro, Craig Gentry, Bryan Parno, and Mariana Raykova*
EUROCRYPT 2013, [paper](https://eprint.iacr.org/2012/215), GGPR13
- On the Size of Pairing-Based Non-Interactive Arguments
*Groth Jens*
EUROCRYPT 2016, [paper](https://eprint.iacr.org/2016/260), Gro16
- Bulletproofs: Short Proofs for Confidential Transactions and More
*Benedikt Bunz, Jonathan Bootle, Dan Boneh, Andrew Poelstra, Pieter Wuille, and Greg Maxwell*
S&P 2018, [paper](https://eprint.iacr.org/2017/1066), BBB+18
- Fast Reed-Solomon Interactive Oracle Proofs of Proximity
*Eli Ben-Sasson, Iddo Bentov, Ynon Horesh, and Michael Riabzev*
ICALP 2018, [paper](https://drops.dagstuhl.de/opus/volltexte/2018/9018/pdf/LIPIcs-ICALP-2018-14.pdf), BBHR18
- Scalable Zero Knowledge with no Trusted Setup
*Eli Ben-Sasson, Iddo Bentov, Ynon Horesh, and Michael Riabzev*
CRYPTO 2019, [paper](https://www.iacr.org/archive/crypto2019/116940201/116940201.pdf), BBHR19
- PLONK: Permutations over Lagrange-Bases for Oecumenical Noninteractive Arguments of Knowledge
*Ariel Gabizon, Zachary J. Williamson, and Oana Ciobotaru*
eprint 2019, [paper](https://eprint.iacr.org/2019/953), GWC19
- Wolverine: Fast, Scalable, and Communication-Efficient Zero-Knowledge Proofs for Boolean and Arithmetic Circuits
*Chenkai Weng, Kang Yang, Jonathan Katz, and Xiao Wang*
S&P 2021, [paper](https://eprint.iacr.org/2020/925), WYK+21
- Gemini: Elastic SNARKs for Diverse Environments
*Jonathan Bootle, Alessandro Chiesa, Yuncong Hu, and Michele Orrù*
EUROCRYPT 2022, [paper](https://eprint.iacr.org/2022/420.pdf), BCHO22
## Specific ZKP
### Traditional & simple relations (over logarithm)
- Efficient Identification and Signatures for Smart Cards
*Claus-Peter Schnorr*
CRYPTO 1989, [paper](https://link.springer.com/chapter/10.1007/0-387-34805-0_22), Sch89
- A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory
*Louis C. Guillou, and Jean-Jacques Quisquater*
EUROCRYPT 1988, [paper](http://link.springer.com/10.1007/3-540-45961-8_11), GQ88
- Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols
*Ronald Cramer, Ivan Damgård, and Berry Schoenmakers*
CRYPTO 1994, [paper](https://link.springer.com/chapter/10.1007/3-540-48658-5_19), CDS94
- Proof Systems for General Statements about Discrete Logarithms
*Jan Camenisch, and Markus Stadler*
ETH Zurich Report 1997, [paper](https://www.research-collection.ethz.ch/handle/20.500.11850/69316), CS97
- Short Group Signatures
*Dan Boneh, Xavier Boyen, and Hovav Shacham*
CRYPTO 2004, [paper](https://eprint.iacr.org/2004/174), BBS04
- Unifying Zero-Knowledge Proofs of Knowledge
*Maurer Ueli*
AFRICACRYPT 2009, [paper](https://link.springer.com/chapter/10.1007/978-3-642-02384-2_17), Mau09
- Non-Interactive Composition of Sigma-Protocols via Share-Then-Hash
*Masayuki Abe, Miguel Ambrona, Andrej Bogdanov, Miyako Ohkubo, and Alon Rosen*
ASIACRYPT 2020, [paper](https://eprint.iacr.org/2021/457), AAB+20
- Compressing Proofs of K-Out-Of-n Partial Knowledge
*Thomas Attema, Ronald Cramer, and Serge Fehr*
CRYPTO 2021, [paper](https://eprint.iacr.org/2020/753), ACF21
- DAG-Sigma: A DAG-Based Sigma Protocol for Relations in CNF
*Gongxian Zeng, Junzuo Lai, Zhengan Huang, Yu Wang, and Zhiming Zheng*
ASIACRYPT 2022, [paper](https://eprint.iacr.org/2022/1569), ZLH+22
- Revisiting BBS Signatures
*Stefano Tessaro and Chenzhi Zhu*
EUROCRYPT 2023, [paper](https://eprint.iacr.org/2023/275), TZ23
### Membership(Range) Proof
- A Digital Signature Based on a Conventional Encryption Function
*Ralph C Merkle*
CRYPTO 1987, [paper](https://link.springer.com/chapter/10.1007/3-540-48184-2_32), Mer87
- Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations
*Eiichiro Fujisaki, and Tatsuaki Okamoto*
CRYPTO 1997, [paper](https://link.springer.com/chapter/10.1007/BFb0052225), FO97
- Efficient proofs that a committed number lies in an interval
*Fabrice Boudot*
EUROCRYPT 2000, [paper](https://link.springer.com/chapter/10.1007/3-540-45539-6_31), Bou00
- Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials
*Jan Camenisch and Anna Lysyanskaya*
CRYPTO 2002, [paper](https://link.springer.com/chapter/10.1007/3-540-45708-9_5), CL02
- Accumulators from Bilinear Pairings and Applications to ID-Based Ring Signatures and Group Membership Revocation
*Nguyen Lan*
CT-RSA 2005, [paper](https://eprint.iacr.org/2005/123), Ngu05
- Efficient Protocols for Set Membership and Range Proofs
*Jan Camenisch, Rafik Chaabouni, and abhi shelat*
ASIACRYPT 2008, [paper](https://link.springer.com/chapter/10.1007/978-3-540-89255-7_15), CCs08
- An Accumulator Based on Bilinear Maps and Efficient Revocation for Anonymous Credentials
*Jan Camenisch, Markulf Kohlweiss, and Claudio Soriente*
PKC 2009, [paper](https://eprint.iacr.org/2008/539), CKS09
- Bulletproofs: Short Proofs for Confidential Transactions and More
*Benedikt Bunz, Jonathan Bootle, Dan Boneh, Andrew Poelstra, Pieter Wuille, and Greg Maxwell*
S&P 2018, [paper](https://eprint.iacr.org/2017/1066), BBB+18
- Batching Techniques for Accumulators with Applications to IOPs and Stateless Blockchains
*Dan Boneh, Benedikt Bünz, and Ben Fisch*
CRYPTO 2019, [paper](https://eprint.iacr.org/2018/1188), BBF19
- Compressed $\varSigma$-Protocol Theory and Practical Application to Plug & Play Secure Algorithmics
*Thomas Attema, and Ronald Cramer*
CRYPTO 2020, [paper](https://eprint.iacr.org/2020/152), AC20
- Caulk: Lookup Arguments in Sublinear Time
*Arantxa Zapico, Vitalik Buterin, Dmitry Khovratovich, Mary Maller, Anca Nitulescu, and Mark Simkin*
CCS21, [paper](https://eprint.iacr.org/2022/621), ZBK+21
- Zero-Knowledge Proofs for Set Membership: Efficient, Succinct, Modular
*Daniel Benarroch, Matteo Campanelli, Dario Fiore, Kobi Gurkan, and Dimitris Kolonelos*
FC 2021, [paper](https://eprint.iacr.org/2019/1255), BGF+21
- Batching, Aggregation, and Zero-Knowledge Proofs in Bilinear Accumulators
*Shravan Srinivasan, Ioanna Karantaidou, Foteini Baldimtsi, and Charalampos Papamanthou*
CCS 2022, [paper](https://eprint.iacr.org/2022/1779), SKB+22
- Succinct Zero-Knowledge Batch Proofs for Set Accumulators
*Matteo Campanelli, Dario Fiore, Semin Han, Jihye Kim, Dimitris Kolonelos, and Hyunok Oh*
CCS 2022, [paper](https://eprint.iacr.org/2021/1672), CFH+22
## General purpose ZKP
### Frameworks
- Interactive Oracle Proofs
*Eli Ben-Sasson, Alessandro Chiesa, and Nicholas Spooner*
TCC 2016, [paper](https://eprint.iacr.org/2016/116), BCS16
- Spartan: Efficient and General-Purpose ZkSNARKs Without Trusted Setup
*Srinath Setty*
CRYPTO 2020, [paper](https://eprint.iacr.org/2019/550), Set20
- VOProof: Efficient ZkSNARKs from Vector Oracle Compilers
*Yuncong Zhang, Alan Szepeniec, Ren Zhang, Shi-Feng Sun, Geng Wang, and Dawu Gu*
CCS 2022, [paper](https://eprint.iacr.org/2021/710), ZSZ+22
### with SRS(Structured Reference String), including ZKSNARK
Traditional SRS usually need trusted setup per curcuit.
- Short Pairing-Based Non-Interactive Zero-Knowledge Arguments
*Groth Jens*
ASIACRYPT 2010, [paper](http://www0.cs.ucl.ac.uk/staff/J.Groth/ShortNIZK.pdf), Gro10
- From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again
*Nir Bitansky, R. Canetti, A. Chiesa, and Eran Tromer*
ITCS 2012, [paper](https://dl.acm.org/doi/10.1145/2090236.2090263), BCC+12
- Quadratic Span Programs and Succinct NIZKs without PCPs
*Rosario Gennaro, Craig Gentry, Bryan Parno, and Mariana Raykova*
EUROCRYPT 2013, [paper](https://eprint.iacr.org/2012/215), GGPR13
- Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture
*Eli Ben-Sasson, A. Chiesa, Eran Tromer, and M. Virza*
USENIX 2014, [paper](https://eprint.iacr.org/2013/879), BCT+14
- On the Size of Pairing-Based Non-Interactive Arguments
*Groth Jens*
EUROCRYPT 2016, [paper](https://eprint.iacr.org/2016/260), Gro16
- DIZK: A Distributed Zero Knowledge Proof System
*Howard Wu, Wenting Zheng, Alessandro Chiesa, Raluca Ada Popa, and Ion Stoica*
USENIX 2018, [paper](https://eprint.iacr.org/2018/691), WZC+18
- Snarky Ceremonies
*Markulf Kohlweiss, Mary Maller, Janno Siim, and Mikhail Volkhov*
ASIACRYPT 2021, [paper](https://eprint.iacr.org/2021/219), KMS+21
### with updatable universal SRS
Updatable universal SRS means that the same SRS by a trusted setup could be used for statements about all circuits of a certain bounded size.
- Sonic: Zero-Knowledge SNARKs from Linear-Size Universal and Updatable Structured Reference Strings
*Mary Maller, Sean Bowe, Markulf Kohlweiss, and Sarah Meiklejohn*
CCS 2019, [paper](https://eprint.iacr.org/2019/099), MBK+19
- Marlin: Preprocessing ZkSNARKs with Universal and Updatable SRS
*Alessandro, Chiesa, Yuncong Hu, Mary Maller, Pratyush Mishra, Noah Vesely, and Nicholas Ward*
EUROCRYPT 2020, [paper](https://eprint.iacr.org/2019/1047), CHM+20
- PLONK: Permutations over Lagrange-Bases for Oecumenical Noninteractive Arguments of Knowledge
*Ariel Gabizon, Zachary J. Williamson, and Oana Ciobotaru*
eprint 2019, [paper](https://eprint.iacr.org/2019/953), GWC19
- Libra: Succinct Zero-Knowledge Proofs with Optimal Prover Computation
*Tiancheng Xie, Jiaheng Zhang, Yupeng Zhang, Charalampos Papamanthou, and Dawn Song*
CRYPTO 2019, [paper](https://eprint.iacr.org/2019/317.pdf), XZZ+19
- MIRAGE: Succinct Arguments for Randomized Algorithms with Applications to Universal Zk-SNARKs
*Ahmed Kosba, Dimitrios Papadopoulos, Charalampos Papamanthou, and Dawn Song*
USENIX Security 2020, [paper](https://eprint.iacr.org/2020/278), KPP+20
- Lunar: A Toolbox for More Efficient Universal and Updatable ZkSNARKs and Commit-and-Prove Extensions
*Matteo Campanelli, Antonio Faonio, Dario Fiore, Anaïs Querol, and Hadrián Rodríguez*
ASIACRYPT 2021, [paper](https://eprint.iacr.org/2020/1069), CFF+21
- An Algebraic Framework for Universal and Updatable SNARKs
*Carla Ràfols, and Arantxa Zapico*
CRYPTO 2021, [paper](https://eprint.iacr.org/2021/590), RZ21
- Counting Vampires: From Univariate Sumcheck to Updatable ZK-SNARK
*Helger Lipmaa, Janno Siim, and Michał Zając*
ASIACRYPT 2022, [paper](https://eprint.iacr.org/2022/406), LSZ22
- HyperPlonk: Plonk with Linear-Time Prover and High-Degree Custom Gates
*Binyi Chen, Benedikt Bünz, Dan Boneh, and Zhenfei Zhang*
EUROCRYPT 2023, [paper](https://eprint.iacr.org/2022/1355), CBB+23
### with URS(Uniform Reference String), including ZKSTARK
Without trusted setup.
- Ligero: Lightweight Sublinear Arguments Without a Trusted Setup
*Scott Ames, Carmit Hazay, Yuval Ishai, and Muthuramakrishnan Venkitasubramaniam*
CCS 2017, [paper](https://eprint.iacr.org/2022/1608), AHI+17
- Scalable Zero Knowledge with No Trusted Setup
*Eli Ben-Sasson, Iddo Bentov, Yinon Horesh, and Michael Riabzev*
CRYPTO 2019, [paper](https://www.iacr.org/archive/crypto2019/116940201/116940201.pdf), BBH+19
- HALO: Recursive Proof Composition without a Trusted Setup
*Sean Bowe, J. Grigg, and Daira Hopwood*
eprint 2019, [paper](https://eprint.iacr.org/2019/1021), BGH19
- Aurora: Transparent Succinct Arguments for R1CS
*Eli Ben-Sasson, Alessandro Chiesa, Michael Riabzev, Nicholas Spooner, Madars Virza, and Nicholas P. Ward*
EUROCRYPT 2019, [paper](https://eprint.iacr.org/2018/828), BCR+19
- DEEP-FRI: Sampling Outside the Box Improves Soundness
*Eli Ben-Sasson, Lior Goldberg, Swastik Kopparty, and Shubhangi Saraf*
arXiv 2019, [paper](https://eprint.iacr.org/2019/336), BGKS19
- Ligero++: A New Optimized Sublinear IOP
*Rishabh Bhadauria, Zhiyong Fang, Carmit Hazay, Muthuramakrishnan Venkitasubramaniam, Tiancheng Xie, and Yupeng Zhang*
CCS 2020, [paper](https://dl.acm.org/doi/10.1145/3372297.3417893), BFH+20
- Fractal: Post-Quantum and Transparent Recursive Proofs from Holography
*Alessandro Chiesa, Dev Ojha, and Nicholas Spooner*
EUROCRYPT 2020, [paper](https://eprint.iacr.org/2019/1076), COS20
- Transparent Polynomial Delegation and Its Applications to Zero Knowledge Proof
*Jiaheng Zhang, Tiancheng Xie, Yupeng Zhang, and Dawn Song*
S&P 2020, [paper](https://eprint.iacr.org/2019/1482), ZXZ+20
- Sumcheck Arguments and Their Applications
*Jonathan Bootle, Alessandro Chiesa, and Katerina Sotiraki*
CRYPTO 2021, [paper](https://eprint.iacr.org/2021/333), BCS21
- Doubly Efficient Interactive Proofs for General Arithmetic Circuits with Linear Prover Time
*Jiaheng Zhang, Tianyi Liu, Weijie Wang, Yinuo Zhang, Dawn Song, and Xiang Xie*
CCS 2021, [paper](https://dl.acm.org/doi/pdf/10.1145/3460120.3484767), ZLW+21
- RedShift: Transparent SNARKs from List Polynomial Commitments
*Assimakis A. Kattis, Konstantin Panarin, and Alexander Vlasov*
CCS 2022, [paper](https://eprint.iacr.org/2019/1400), KPV22
- Flashproofs: Efficient Zero-Knowledge Arguments of Range and Polynomial Evaluation with Transparent Setup
*Nan Wang, and Sid Chi-Kin Chau*
ASIACRYPT 2022, [paper](https://eprint.iacr.org/2022/1251), WC22
- Linear-Time Arguments with Sublinear Verification from Tensor Codes
*Jonathan Bootle, Alessandro Chiesa, and Jens Groth*
TCC 2020, [paper](https://eprint.iacr.org/2020/1426), BCG20
- Orion: Zero Knowledge Proof with Linear Prover Time
*Tiancheng Xie, Yupeng Zhang, and Dawn Song*
CRYPTO 2022, [paper](https://eprint.iacr.org/2022/1010), XZS22
- Dew: Transparent Constant-sized zkSNARKs
*Arasu Arun, Chaya Ganesh, Satya Lokam, Tushar Mopuri, and Sriram Sridhar*
PKC 2023, [paper](https://eprint.iacr.org/2022/419), AGL+23
#### DL-based
- Efficient Zero-Knowledge Arguments for Arithmetic Circuits in the Discrete Log Setting
*Jonathan Bootle, Andrea Cerulli, Pyrros Chaidos, Jens Groth, and Christophe Petit*
EUROCRYPT 2016, [paper](https://eprint.iacr.org/2016/263), BCC+16
- Doubly-Efficient ZkSNARKs Without Trusted Setup
*Riad S. Wahby, Ioanna Tzialla, Abhi Shelat, Justin Thaler, and Michael Walfish*
SP 2018, [paper](https://eprint.iacr.org/2017/1132), WTS+18
- Bulletproofs: Short Proofs for Confidential Transactions and More
*Benedikt Bunz, Jonathan Bootle, Dan Boneh, Andrew Poelstra, Pieter Wuille, and Greg Maxwell*
S&P 2018, [paper](https://eprint.iacr.org/2017/1066), BBB+18
- Non-Interactive Zero-Knowledge Proofs for Composite Statements
*Shashank Agrawal, Chaya Ganesh, and Payman Mohassel*
CRYPTO 2018, [paper](https://eprint.iacr.org/2018/557), AGM18
- Shorter Non-Interactive Zero-Knowledge Arguments and ZAPs for Algebraic Languages
*Geoffroy Couteau, and Dominik Hartmann*
CRYPTO 2020, [paper](https://eprint.iacr.org/2020/286), CH20
- Compressed $\varSigma$-Protocol Theory and Practical Application to Plug & Play Secure Algorithmics
*Thomas Attema, and Ronald Cramer*
CRYPTO 2020, [paper](https://eprint.iacr.org/2020/152), AC20
- Compressed $\varSigma$-Protocols for Bilinear Group Arithmetic Circuits and Application to Logarithmic Transparent Threshold Signatures
*Thomas Attema, Ronald Cramer, and Matthieu Rambaud*
ASIACRYPT 2021, [paper](https://eprint.iacr.org/2020/1447), ACR21
- Halo Infinite: Proof-Carrying Data from Additive Polynomial Commitments
*Dan Boneh, Justin Drake, Ben Fisch, and Ariel Gabizon*
CRYPTO 2021, [paper](https://eprint.iacr.org/2020/1536), BDF+21
- Efficient NIZKs for Algebraic Sets
*Geoffroy Couteau, Helger Lipmaa, Roberto Parisella, and Arne Tobias Ødegaard*
ASIACRYPT 2021, [paper](https://eprint.iacr.org/2021/1251), CLP+21
- ECLIPSE: Enhanced Compiling Method for Pedersen-Committed ZkSNARK Engines
*Diego F. Aranha, Emil Madsen Bennedsen, Matteo Campanelli, Chaya Ganesh, Claudio Orlandi, and Akira Takahashi*
PKC 2022, [paper](https://eprint.iacr.org/2021/934), ABC+22
#### MPC-in-the-head-based
- Zero-knowledge from secure multiparty computation
*Yuval Ishai, Eyal Kushilevitz, Rafail Ostrovsky, and Amit Sahai*
STOC 2007, [paper](http://web.cs.ucla.edu/~sahai/work/web/2007%20Publications/STOC2007.pdf), IKOS07
- Zkboo: Faster zero-knowledge for boolean circuits
*Irene Giacomelli, Jesper Madsen, and Claudio Orlandi*
USENIX 2016, [paper](https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_giacomelli.pdf), GMO16
- Post-quantum zero-knowledge and signatures from symmetric-key primitives
*Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, and Greg Zaverucha*
CCS 2017, [paper](https://dl.acm.org/doi/pdf/10.1145/3133956.3133997), CDG+17
- Ligero: Lightweight sublinear arguments without a trusted setup
*Scott Ames, Carmit Hazay, Yuval Ishai, and Muthuramakrishnan Venkitasubramaniam*
CCS 2017, [paper](https://dl.acm.org/doi/pdf/10.1145/3133956.3134104), AHIV17
- Improved non-interactive zero knowledge with applications to post-quantum signatures
*Jonathan Katz, Vladimir Kolesnikov, and Xiao Wang*
CCS 2018, [paper](https://dl.acm.org/doi/pdf/10.1145/3243734.3243805), KKW18
- Concretely-efficient zero-knowledge arguments for arithmetic circuits and their application to lattice-based cryptography
*Carsten Baum and Ariel Nof*
PKC 2020, [paper](https://eprint.iacr.org/2019/532.pdf), BN20
- Limbo: Efficient zero-knowledge MPCitH-based arguments
*Cyprien de Saint Guilhem, Emmanuela Orsini, and Titouan Tanguy*
CCS 2021, [paper](https://dl.acm.org/doi/pdf/10.1145/3460120.3484595), dOT21
#### VOLE-based (Commit-and-prove type)
- Appenzeller to Brie: Efficient Zero-Knowledge Proofs for Mixed-Mode Arithmetic and Z2k
*Carsten Baum, Lennart Braun, Alexander Munch-Hansen, Benoit Razet, and Peter Scholl*
CCS 2021, [paper](https://eprint.iacr.org/2021/750), BBM+21
- $\mathsf{Mac’n’Cheese}$: Zero-Knowledge Proofs for Boolean and Arithmetic Circuits with Nested Disjunctions
*Carsten Baum, Alex J. Malozemoff, Marc B. Rosen, and Peter Scholl*
CRYPTO 2021, [paper](https://eprint.iacr.org/2020/1410), BMR+21
- Line-Point Zero Knowledge and Its Applications
*Samuel Dittmer, Yuval Ishai, and Rafail Ostrovsky*
ITC 2021, [paper](https://eprint.iacr.org/2020/1446), DIO21
- Wolverine: Fast, Scalable, and Communication-Efficient Zero-Knowledge Proofs for Boolean and Arithmetic Circuits
*Chenkai Weng, Kang Yang, Jonathan Katz, and Xiao Wang*
S&P 2021, [paper](https://eprint.iacr.org/2020/925), WYK+21
- QuickSilver: Efficient and Affordable Zero-Knowledge Proofs for Circuits and Polynomials over Any Field
*Kang Yang, Pratik Sarkar, Chenkai Weng, and Xiao Wang*
CCS 2021, [paper](https://eprint.iacr.org/2021/076), YSW+21
- Mystique: Efficient Conversions for Zero-Knowledge Proofs with Applications to Machine Learning
*Chenkai Weng, Kang Yang, Xiang Xie, Jonathan Katz, and Xiao Wang*
USENIX 2021. [paper](https://eprint.iacr.org/2021/730), WYX+21
- Improving Line-Point Zero Knowledge: Two Multiplications for the Price of One
*Samuel Dittmer, Yuval Ishai, Steve Lu, and Rafail Ostrovsky*
CCS 2022, [paper](https://eprint.iacr.org/2022/552), DIL+22
- AntMan: Interactive Zero-Knowledge Proofs with Sublinear Communication
*Chenkai Weng, Kang Yang, Zhaomin Yang, Xiang Xie, and Xiao Wang*
CCS 2022, [paper](https://eprint.iacr.org/2022/566), WYY+22
## Applications on ZKP systems
Here just list several interesting applicaitons.
- Prio: Private, Robust, and Scalable Computation of Aggregate Statistics
Henry Corrigan-Gibbs and Dan Boneh
USENIX 2017, [paper](https://www.usenix.org/system/files/conference/nsdi17/nsdi17-corrigan-gibbs.pdf)
- Scaling Verifiable Computation Using Efficient Set Accumulators
*Alex Ozdemir, Riad S Wahby, Barry Whitehat, and Dan Boneh*
USENIX 2020, [paper](https://www.usenix.org/conference/usenixsecurity20/presentation/ozdemir), OWW+20
- Efficient Zero-Knowledge Proofs on Signed Data with Applications to Verifiable Computation on Data Streams
*Dario Fiore, and Ida Tucker*
CCS 2022, [paper](https://eprint.iacr.org/2022/1393.pdf), FT22
### For Machine Learning(Federated Learning)
- Zero Knowledge Proofs for Decision Tree Predictions and Accuracy
*Jiaheng Zhang, Zhiyong Fang, Yupeng Zhang, and Dawn Song*
CCS 2020. [paper](https://dl.acm.org/doi/10.1145/3372297.3417278), ZFZ+20
- ZkCNN: Zero Knowledge Proofs for Convolutional Neural Network Predictions and Accuracy
*Tianyi Liu, Xiang Xie, and Yupeng Zhang*
CCS 2021, [paper](https://eprint.iacr.org/2021/673), LXZ21
- Mystique: Efficient Conversions for Zero-Knowledge Proofs with Applications to Machine Learning
*Chenkai Weng, Kang Yang, Xiang Xie, Jonathan Katz, and Xiao Wang*
USENIX 2021. [paper](https://eprint.iacr.org/2021/730), WYX+21
### For Web3(Authentication)
- Constant-Size Dynamic k-TAA
*Man Ho Au, Willy Susilo, and Yi Mu*
SCN06, [paper](https://eprint.iacr.org/2008/136), ASM06
- Anonymous Credentials Light
*Foteini Baldimtsi, and Anna Lysyanskaya*
CCS 2013, [paper](https://eprint.iacr.org/2012/298), BL13
- Anonymous Attestation Using the Strong Diffie Hellman Assumption Revisited
*Jan Camenisch, Manu Drijvers, and Anja Lehmann*
Trust and Trustworthy Computing 2016, [paper](https://eprint.iacr.org/2016/663), CDL16
- DECO: Liberating Web Data Using Decentralized Oracles for Threshold
*Fan Zhang, Sai Krishna Deepak Maram, Harjasleen Malvai, Steven Goldfeder, and Ari Juels*
CCS 2020, [paper](https://dl.acm.org/doi/10.1145/3372297.3417239), ZMM+20
- Zero-Knowledge Middleboxes
*Paul Grubbs, Arasu Arun, Ye Zhang, Joseph Bonneau, and Michael Walfish*
USENIX 2022, [paper](https://eprint.iacr.org/2021/1022), GAZ+22
- Zk-Creds: Flexible Anonymous Credentials from ZkSNARKs and Existing Identity Infrastructure
*Michael Rosenberg, Jacob White, Christina Garman, and Ian Miers*
S&P 2023, [paper](https://eprint.iacr.org/2022/878), RWG+23
### For Blockchains
- Zerocash: Decentralized Anonymous Payments from Bitcoin
*Ben Sasson, Eli, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, and Madars Virza*
S&P 2014, [paper](https://doi.org/10.1109/SP.2014.36), BCG+14
- ZeeStar: Private Smart Contracts by Homomorphic Encryption and Zero-Knowledge Proofs
*Samuel Steffen, Benjamin Bichsel, Roger Baumgartner, and Martin Vechev*
S&P 2022, [paper](https://files.sri.inf.ethz.ch/website/papers/sp22-zeestar.pdf), SBB+22
### Signature from ZKP
- Post-quantum zero-knowledge and signatures from symmetric-key primitives
*Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, and Greg Zaverucha*
CCS 2017, [paper](https://dl.acm.org/doi/pdf/10.1145/3133956.3133997), CDG+17
- Improved non-interactive zero knowledge with applications to post-quantum signatures
*Jonathan Katz, Vladimir Kolesnikov, and Xiao Wang*
CCS 2018, [paper](https://dl.acm.org/doi/pdf/10.1145/3243734.3243805), KKW18
- BBQ: Using AES in picnic signatures
*Cyprien de Saint Guilhem, Lauren De Meyer, Emmanuela Orsini, and Nigel P. Smart*
SAC 2019, [paper](https://eprint.iacr.org/2019/781.pdf), dDOS19
- Improving the Performance of the Picnic Signature Scheme
*Daniel Kales and Greg Zaverucha*
TCHES20, [paper](https://eprint.iacr.org/2020/427.pdf), [The picnic signature scheme, design document v2.1](https://github.com/microsoft/Picnic/blob/master/spec/design-v2.1.pdf), KZ20
- Banquet: Short and fast signatures from AES
*Carsten Baum, Cyprien de Saint Guilhem, Daniel Kales, Emmanuela Orsini, Peter Scholl, and Greg Zaverucha*
PKC 2021, [paper](https://eprint.iacr.org/2021/068.pdf), BdK+21
- Limbo: Efficient zero-knowledge MPCitH-based arguments
*Cyprien de Saint Guilhem, Emmanuela Orsini, and Titouan Tanguy*
CCS 2021, [paper](https://dl.acm.org/doi/pdf/10.1145/3460120.3484595), dOT21
- Shorter signatures based on tailor-made minimalist symmetric-key crypto
*Christoph Dobraunig, Daniel Kales, Christian Rechberger, Markus Schofnegger, and Greg Zaverucha*
CCS 2022, [paper](https://dl.acm.org/doi/pdf/10.1145/3548606.3559353), DKR+21
## ZKP Standard Efforts
- RFC: Schnorr Non-Interactive Zero-Knowledge Proof
*Hao, Feng*
IETF rfc8235, [paper](https://datatracker.ietf.org/doc/rfc8235), Hao21
Below are from organization [zkproof](https://zkproof.org/):
> ZKProof is an open-industry academic initiative that seeks to mainstream zero-knowledge proof (ZKP) cryptography through an inclusive, community-driven standardization process that focuses on interoperability and security.
- Proposal: Commit-and-Prove Zero-Knowledge Proof Systems and Extensions
*Daniel Benarroch, Matteo Campanelli, Dario Fiore, Jihye Kim, Jiwon Lee, Hyunok Oh, and Anaıs Querol*
ZKProof 2,3,4th workshop, [paper](https://docs.zkproof.org/pages/standards/accepted-workshop4/proposal-commit.pdf), BCF+21
- Rinocchio: SNARKs for Ring Arithmetic
*Ganesh, Chaya, Anca Nitulescu, and Eduardo Soria-Vazquez*
ZKProof 4th workshop, 2021, [paper](https://docs.zkproof.org/pages/standards/accepted-workshop4/proposal-rinocchio.pdf), CNS21
- Zk-Proof Community——Proposal: Σ-Protocols
*Stephan Krenn and Michele Orrù*
ZKProof 4th workshop, 2021, [paper](https://docs.zkproof.org/pages/standards/accepted-workshop4/proposal-sigma.pdf), KO21
- See more at [zkproof proposals](https://docs.zkproof.org/standards/proposals).
gitextract_674z_puq/ ├── .github/ │ └── workflows/ │ └── stale.yml ├── LICENSE ├── README.md ├── he.md ├── mpc.md └── zkp.md
Condensed preview — 6 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (71K chars).
[
{
"path": ".github/workflows/stale.yml",
"chars": 986,
"preview": "# This workflow warns and then closes issues and PRs that have had no activity for a specified amount of time.\n#\n# You c"
},
{
"path": "LICENSE",
"chars": 1211,
"preview": "This is free and unencumbered software released into the public domain.\n\nAnyone is free to copy, modify, publish, use, c"
},
{
"path": "README.md",
"chars": 3932,
"preview": "# awesome-secure-computation [](https://awesome.re)\n\nThis repo is a paper summar"
},
{
"path": "he.md",
"chars": 13288,
"preview": "# Homomorphic Encryption (HE)\n\n ![](https://badgen.net/badge/:pap"
},
{
"path": "mpc.md",
"chars": 19854,
"preview": "# MPC\n\n> MPC: Multi-Party Computation\n\n## Summaries and Talks\n\n- 10th BIU Winter School: information-theoretic cryptogra"
},
{
"path": "zkp.md",
"chars": 30338,
"preview": "# Zero-knowledge Proof (ZKP)\n\n> **\"We are currently experiencing a Cambrian Explosion in the field of cryptographic proo"
}
]
About this extraction
This page contains the full source code of the Jamie-Cui/awesome-secure-computation GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 6 files (68.0 KB), approximately 21.8k tokens. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.