An efficient implementation of the NIZKPoK outlined in KKW 2018

Reverie is an implementation (prover and verifier) of the MPC-in-the-head NIZKPoK outlined in Improved Non-Interactive Zero Knowledge with Applications to Post-Quantum Signatures. Reverie seeks to offer concrete prover efficiency (linear proving time with small constants) for complex predicates. The implementation seeks to offer 128-bits of (classical) security and support arbitrary rings, most efficiently Z₂ and Z₆₄.

Reverie provides both a library (with a simplified and a streaming interface), in addition to a CLI program for proving/verifying statements specified in Bristol format to enable easy experimentation.

Reverie requires a relatively recent nightly Rust.

Using SSE+AESNI

time RUSTFLAGS="-C target-cpu=native -C target-feature=+aes,+ssse3,+sse2" cargo run --release

Or even better with AVX2+AESNI

time RUSTFLAGS="-C target-cpu=native -C target-feature=+aes,+ssse3,+sse2,+avx2" cargo run --release

• Pack 8 instances of 8 players over GF(2) into a single 64-bit integer (see gist for details).
• Switch to AES with AESNI
• Just-in-time preprocessing to condense proving into a single pass