MozZ(2k) arella: Efficient Vector-OLE and Zero-Knowledge Proofs over Z(2k)

Zero-knowledge proof systems are usually designed to support computations for circuits over F-2 or F-p for large p, but not for computations over Z(2k), which all modern CPUs operate on. Although Z(2k)-arithmetic can be emulated using prime moduli, this comes with an unavoidable overhead. Recently, Baum et al. (CCS 2021) suggested a candidate construction for a designated-verifier zero-knowledge proof system that natively runs over Z(2k). Unfortunately, their construction requires preprocessed random vector oblivious linear evaluation (VOLE) to be instantiated over Z(2k). Currently, it is not known how to efficiently generate such random VOLE in large quantities. In this work, we present a maliciously secure, VOLE extension protocol that can turn a short seed-VOLE over Z(2k) into a much longer, pseudo-random VOLE over the same ring. Our construction borrows ideas from recent protocols over finite fields, which we non-trivially adapt to work over Z(2k). Moreover, we show that the approach taken by the QuickSilver zero-knowledge proof system (Yang et al. CCS 2021) can be generalized to support computations over Z(2k). This new VOLE-based proof system, which we call QuarkSilver, yields better efficiency than the previous zero-knowledge protocols suggested by Baum et al. Furthermore, we implement both our VOLE extension and our zero-knowledge proof system, and show that they can generate 13-50 million VOLEs per second for 64 bit to 256 bit rings, and evaluate 1.3million 64 bit multiplications per second in zero-knowledge.