Home

Awesome

libSTARK: a C++ library for zk-STARK systems

Overview

The libSTARK library implements scalable and transparent argument of knowledge (STARK) systems. These systems can be executed with, or without, zero knowledge (ZK), and may be designed as either interactive or non-interactive protocols. The theoretical constructions which this library implements are described in detail in the zk-STARK paper. Briefly, the main properties of (zk)-STARK systems are:

Disclaimer

The code is academic grade, meant for academic peer review and evaluation. It very likely contains multiple serious security flaws, and should not be relied upon for any other purpose.

Dependencies

Hardware acceleration

Compiler

The code was tested with gcc version 7.3.0 (https://gcc.gnu.org), using c++11 standard. But should probably work with most common versions of gcc.

Compilation on macOS

In order to compile on macOS please use this thread: https://github.com/elibensasson/libSTARK/issues/2

Libraries (all should be available in standard Linux distribution package managers)

How to run the code

Compilation:

git clone https://github.com/elibensasson/libSTARK.git
cd libSTARK
make -j8

STARK for DPM (DNA fingerprint blacklist)

Arguments format:

./stark-dpm <database file path> <fingerprint file path> [-s<security parameter>]

for example:

./stark-dpm examples-dpm/database.txt examples-dpm/fp_no_match.txt

The above execution results in execution of STARK simulation over the DPM blacklist program, with the database represented by examples-dpm/database.txt, the suspect's fingerprint in examples-dpm/fp_nomatch.txt, and soundness error at most 2<sup>-120</sup>. The prover generates in this case a proof for the claim that the fingerprint does not perfectly match any entry in the database.

A single fingerprint is represented by a single line, each line contains 20 pairs delimited by spaces, each pair contains two 8 bit numbers in hexadecimal basis, separated by a single period. A database is a file where each line represents a fingerprint.

STARK for TinyRAM programs

Arguments format:

./stark-tinyram <TinyRAM assembly file path> -t<trace length log_2> [-s<security parameter]>

for example:

./stark-tinyram examples-tinyram/collatz.asm -t10 -s120

The above execution results in execution of STARK simulation over the collatz program, using at most 1023 (which is 2<sup>10</sup>-1) machine steps, and soundness error at most 2<sup>-120</sup>.

Execution results

In the simulation the Prover and Verifier interact, the Prover generates a proof and the Verifier verifies it. During the executions the specifications of generated BAIR and APR, measurements, and Verifier's decision, are printed to the standard output.

Unit-tests

Compilation:

make -j8 tests

Execution:

./bin/algebralib-tests/algebralib_tests
./bin/libstark-tests/libstark-tests
./bin/stark-tinyram-tests/stark-tinyram-tests

Academic literature (partial list, reverse chronological order)

  1. Scalable perfect zero knowledge IOP systems [BCGV, BCFGRS].
  2. A STARK without ZK [SCI].
  3. Survey of alternative (non-STARK) proof systems [WB].
  4. Interactive Oracle Proofs [BCS, RRR].
  5. PCPs with scalable (quasi-linear) proof size [BS, D].
  6. ZK-PCPs [K, KPT, IMS].
  7. Probabilistically checkable proofs (PCPs) [AS, ALMSS] and PCPs of Proximity (PCPPs) [BGHSV, DR].
  8. Scalable (poly-logarithmic) verification of computations [BFLS, BGHSV].
  9. Interactive and ZK proof systems [BM, GMR, BFL].