{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,3]],"date-time":"2026-05-03T11:03:26Z","timestamp":1777806206759,"version":"3.51.4"},"reference-count":50,"publisher":"SAGE Publications","issue":"6","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["JCS"],"published-print":{"date-parts":[[2022,11,23]]},"abstract":"<jats:p>Non-interactive zero-knowledge proof or argument (NIZK) systems are widely used in many security sensitive applications to enhance computation integrity, privacy and scalability. In such systems, a prover wants to convince one or more verifiers that the result of a public function is correctly computed without revealing the (potential) private input, such as the witness. In this work, we introduce a new notion, called scriptable SNARK, where the prover and verifier(s) can specify the function (or language instance) to be proven via a script. We formalize this notion in UC framework and provide a generic trusted hardware based solution. We then instantiate our solution in both SGX and Trustzone with Lua script engine. The system can be easily used by typical programmers without any cryptographic background. The benchmark result shows that our solution is better than all the known SNARK proof systems w.r.t. prover\u2019s running time (1000 times faster), verifier\u2019s running time, and the proof size. In addition, we also give a lightweight scriptable SNARK protocol for hardware with limited state, e.g., \u0398 ( \u03bb ) bits. Finally, we show how the proposed scriptable SNARK can be readily deployed to solve many well-known problems in the blockchain context, e.g. verifier\u2019s dilemma, fast joining for new players, etc.<\/jats:p>","DOI":"10.3233\/jcs-210167","type":"journal-article","created":{"date-parts":[[2022,4,1]],"date-time":"2022-04-01T12:10:32Z","timestamp":1648815032000},"page":"757-793","source":"Crossref","is-referenced-by-count":0,"title":["Scriptable and composable SNARKs in the trusted hardware model1"],"prefix":"10.1177","volume":"30","author":[{"given":"Zhelei","family":"Zhou","sequence":"first","affiliation":[{"name":"School of Computer Science and Technology, Zhejiang University, Zhejiang, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bingsheng","family":"Zhang","sequence":"additional","affiliation":[{"name":"School of Computer Science and Technology, Zhejiang University, Zhejiang, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yuan","family":"Chen","sequence":"additional","affiliation":[{"name":"School of Computer Science and Technology, Zhejiang University, Zhejiang, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jiaqi","family":"Li","sequence":"additional","affiliation":[{"name":"School of Computer Science and Technology, Zhejiang University, Zhejiang, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yajin","family":"Zhou","sequence":"additional","affiliation":[{"name":"School of Computer Science and Technology, Zhejiang University, Zhejiang, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yibiao","family":"Lu","sequence":"additional","affiliation":[{"name":"School of Computer Science and Technology, Zhejiang University, Zhejiang, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kui","family":"Ren","sequence":"additional","affiliation":[{"name":"School of Computer Science and Technology, Zhejiang University, Zhejiang, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Phuc","family":"Thai","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Virginia Commonwealth University, VA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hong-Sheng","family":"Zhou","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Virginia Commonwealth University, VA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"179","reference":[{"key":"10.3233\/JCS-210167_ref1","doi-asserted-by":"crossref","unstructured":"S.\u00a0Ames, C.\u00a0Hazay, Y.\u00a0Ishai and M.\u00a0Venkitasubramaniam, Ligero: Lightweight sublinear arguments without a trusted setup, in: ACM CCS 2017, B.M.\u00a0Thuraisingham, D.\u00a0Evans, T.\u00a0Malkin and D.\u00a0Xu, eds, ACM Press, 2017, pp.\u00a02087\u20132104.","DOI":"10.1145\/3133956.3134104"},{"key":"10.3233\/JCS-210167_ref2","doi-asserted-by":"crossref","unstructured":"C.\u00a0Baum, J.\u00a0Bootle, A.\u00a0Cerulli, R.\u00a0Del Pino, J.\u00a0Groth and V.\u00a0Lyubashevsky, Sub-linear lattice-based zero-knowledge arguments for arithmetic circuits, in: Annual International Cryptology Conference, Springer, 2018, pp.\u00a0669\u2013699.","DOI":"10.1007\/978-3-319-96881-0_23"},{"issue":"3","key":"10.3233\/JCS-210167_ref3","doi-asserted-by":"publisher","first-page":"8","DOI":"10.1145\/2799647","article-title":"Shielding applications from an untrusted cloud with haven","volume":"33","author":"Baumann","year":"2015","journal-title":"ACM Transactions on Computer Systems (TOCS)"},{"key":"10.3233\/JCS-210167_ref5","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40084-1_6"},{"key":"10.3233\/JCS-210167_ref6","doi-asserted-by":"crossref","unstructured":"E.\u00a0Ben-Sasson, A.\u00a0Chiesa, M.\u00a0Riabzev, N.\u00a0Spooner, M.\u00a0Virza and N.P.W.\u00a0Aurora, Transparent succinct arguments for r1cs, in: Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, 2019, pp.\u00a0103\u2013128.","DOI":"10.1007\/978-3-030-17653-2_4"},{"key":"10.3233\/JCS-210167_ref7","unstructured":"E.\u00a0Ben-Sasson, A.\u00a0Chiesa, E.\u00a0Tromer and M.\u00a0Virza, Succinct non-interactive zero knowledge for a von Neumann architecture, in: USENIX Security 2014, K.\u00a0Fu and J.\u00a0Jung, eds, USENIX Association, 2014, pp.\u00a0781\u2013796."},{"key":"10.3233\/JCS-210167_ref8","doi-asserted-by":"crossref","unstructured":"M.\u00a0Blum, P.\u00a0Feldman and S.\u00a0Micali, Non-interactive zero-knowledge and its applications (extended abstract), in: 20th ACM STOC, ACM Press, 1988, pp.\u00a0103\u2013112.","DOI":"10.1145\/62212.62222"},{"key":"10.3233\/JCS-210167_ref9","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-49896-5_12"},{"key":"10.3233\/JCS-210167_ref10","doi-asserted-by":"crossref","unstructured":"J.\u00a0Bootle, A.\u00a0Cerulli, E.\u00a0Ghadafi, J.\u00a0Groth, M.\u00a0Hajiabadi and S.K.\u00a0Jakobsen, Linear-time zero-knowledge proofs for arithmetic circuit satisfiability, in: International Conference on the Theory and Application of Cryptology and Information Security, Springer, 2017, pp.\u00a0336\u2013365.","DOI":"10.1007\/978-3-319-70700-6_12"},{"key":"10.3233\/JCS-210167_ref11","doi-asserted-by":"publisher","DOI":"10.1109\/SocialCom.2010.118"},{"key":"10.3233\/JCS-210167_ref12","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00020"},{"key":"10.3233\/JCS-210167_ref14","doi-asserted-by":"crossref","unstructured":"R.\u00a0Canetti, Universally composable security: A new paradigm for cryptographic protocols, in: 42nd FOCS, IEEE Computer Society Press, 2001, pp.\u00a0136\u2013145.","DOI":"10.1109\/SFCS.2001.959888"},{"key":"10.3233\/JCS-210167_ref15","first-page":"1212","article-title":"Triply adaptive uc nizk","volume":"2020","author":"Canetti","year":"2020","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"10.3233\/JCS-210167_ref19","doi-asserted-by":"crossref","unstructured":"G.\u00a0Danezis, C.\u00a0Fournet, J.\u00a0Groth and M.\u00a0Kohlweiss, Square span programs with applications to succinct NIZK arguments, in: ASIACRYPT 2014, Part I, P.\u00a0Sarkar and T.\u00a0Iwata, eds, LNCS, Vol.\u00a08873, Springer, Heidelberg, 2014, pp.\u00a0532\u2013550.","DOI":"10.1007\/978-3-662-45611-8_28"},{"key":"10.3233\/JCS-210167_ref21","unstructured":"G.\u00a0Edward Suh, D.\u00a0Clarke, B.\u00a0Gassend, M.\u00a0Van Dijk and S.\u00a0Devadas, Aegis: Architecture for tamper-evident and tamper-resistant processing, in: ACM International Conference on Supercomputing 25th Anniversary Volume, ACM, 2014, pp.\u00a0357\u2013368."},{"key":"10.3233\/JCS-210167_ref22","doi-asserted-by":"crossref","unstructured":"B.\u00a0Fisch, D.\u00a0Vinayagamurthy, D.\u00a0Boneh and S.\u00a0Gorbunov, IRON: Functional encryption using intel SGX, in: ACM CCS 2017, B.M.\u00a0Thuraisingham, D.\u00a0Evans, T.\u00a0Malkin and D.\u00a0Xu, eds, ACM Press, 2017, pp.\u00a0765\u2013782.","DOI":"10.1145\/3133956.3134106"},{"key":"10.3233\/JCS-210167_ref23","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-38348-9_37"},{"key":"10.3233\/JCS-210167_ref24","doi-asserted-by":"crossref","unstructured":"C.\u00a0Gentry and D.\u00a0Wichs, Separating succinct non-interactive arguments from all falsifiable assumptions, in: 43rd ACM STOC, L.\u00a0Fortnow S.P.\u00a0Vadhan, ed., ACM Press, 2011, pp.\u00a099\u2013108.","DOI":"10.1145\/1993636.1993651"},{"issue":"1","key":"10.3233\/JCS-210167_ref26","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/BF00195207","article-title":"Definitions and properties of zero-knowledge proof systems","volume":"7","author":"Goldreich","year":"1994","journal-title":"Journal of Cryptology"},{"key":"10.3233\/JCS-210167_ref27","doi-asserted-by":"crossref","unstructured":"S.\u00a0Goldwasser, Y.\u00a0Tauman Kalai and G.N.\u00a0Rothblum, Delegating computation: Interactive proofs for muggles, in: 40th ACM STOC, R.E.\u00a0Ladner and C.\u00a0Dwork, eds, ACM Press, 2008, pp.\u00a0113\u2013122.","DOI":"10.1145\/1374376.1374396"},{"key":"10.3233\/JCS-210167_ref28","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-76900-2_10"},{"key":"10.3233\/JCS-210167_ref29","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-25385-0_23"},{"key":"10.3233\/JCS-210167_ref30","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-96878-0_24"},{"key":"10.3233\/JCS-210167_ref31","doi-asserted-by":"crossref","unstructured":"J.\u00a0Groth, R.\u00a0Ostrovsky and A.\u00a0Sahai, Perfect non-interactive zero knowledge for np, in: Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, 2006, pp.\u00a0339\u2013358.","DOI":"10.1007\/11761679_21"},{"key":"10.3233\/JCS-210167_ref32","doi-asserted-by":"publisher","DOI":"10.1109\/CCC.2007.10"},{"key":"10.3233\/JCS-210167_ref33","doi-asserted-by":"crossref","unstructured":"Y.\u00a0Ishai, E.\u00a0Kushilevitz, R.\u00a0Ostrovsky and A.\u00a0Sahai, Zero-knowledge from secure multiparty computation, in: 39th ACM STOC, D.S.\u00a0Johnson and U.\u00a0Feige, eds, ACM Press, 2007, pp.\u00a021\u201330.","DOI":"10.1145\/1250790.1250794"},{"key":"10.3233\/JCS-210167_ref35","doi-asserted-by":"crossref","unstructured":"A.\u00a0Juels, A.E.\u00a0Kosba and E.\u00a0Shi, The ring of Gyges: Investigating the future of criminal smart contracts, in: ACM CCS 2016, E.R.\u00a0Weippl, S.\u00a0Katzenbeisser, C.\u00a0Kruegel, A.C.\u00a0Myers and S.\u00a0Halevi, eds, ACM Press, 2016, pp.\u00a0283\u2013295.","DOI":"10.1145\/2976749.2978362"},{"key":"10.3233\/JCS-210167_ref38","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.55"},{"key":"10.3233\/JCS-210167_ref39","unstructured":"S.\u00a0Lee, M.-W.\u00a0Shih, P.\u00a0Gera, T.\u00a0Kim, H.\u00a0Kim and M.\u00a0Peinado, Inferring fine-grained control flow inside sgx enclaves with branch shadowing, in: USENIX Security, USENIX Association, 2017."},{"key":"10.3233\/JCS-210167_ref40","doi-asserted-by":"crossref","unstructured":"G.V.\u00a0Leslie, Universal circuits (preliminary report), in: Proceedings of the Eighth Annual ACM Symposium on Theory of Computing, STOC \u201976, ACM, New York, NY, USA, 1976, pp.\u00a0196\u2013203.","DOI":"10.1145\/800113.803649"},{"key":"10.3233\/JCS-210167_ref42","unstructured":"M.\u00a0Lipp, D.\u00a0Gruss, R.\u00a0Spreitzer, C.\u00a0Maurice and S.\u00a0Mangard, ARMageddon: Cache attacks on mobile devices, in: USENIX Security 2016, T.\u00a0Holz and S.\u00a0Savage, eds, USENIX Association, 2016, pp.\u00a0549\u2013564."},{"key":"10.3233\/JCS-210167_ref43","doi-asserted-by":"crossref","unstructured":"L.\u00a0Luu, J.\u00a0Teutsch, R.\u00a0Kulkarni and P.\u00a0Saxena, Demystifying incentives in the consensus computer, in: ACM CCS 2015, I.\u00a0Ray, N.\u00a0Li and C.\u00a0Kruegel, eds, ACM Press, 2015, pp.\u00a0706\u2013719.","DOI":"10.1145\/2810103.2813659"},{"key":"10.3233\/JCS-210167_ref44","first-page":"99","article-title":"Sonic: Zero-knowledge snarks from linear-size universal and updateable structured reference strings","volume":"2019","author":"Maller","year":"2019","journal-title":"IACR Cryptology ePrint Archive"},{"key":"10.3233\/JCS-210167_ref45","doi-asserted-by":"crossref","unstructured":"J.M.\u00a0McCune, B.J.\u00a0Parno, A.\u00a0Perrig, M.K.\u00a0Reiter and H.\u00a0Isozaki, Flicker: An execution infrastructure for tcb minimization, in: ACM SIGOPS Operating Systems Review, Vol.\u00a042, ACM, 2008, pp.\u00a0315\u2013328.","DOI":"10.1145\/1357010.1352625"},{"key":"10.3233\/JCS-210167_ref46","doi-asserted-by":"crossref","unstructured":"O.\u00a0Ohrimenko, M.\u00a0Costa, C.\u00a0Fournet, C.\u00a0Gkantsidis, M.\u00a0Kohlweiss and D.\u00a0Sharma, Observing and preventing leakage in MapReduce, in: ACM CCS 2015, I.\u00a0Ray, N.\u00a0Li and C.\u00a0Kruegel, eds, ACM Press, 2015, pp.\u00a01570\u20131581.","DOI":"10.1145\/2810103.2813695"},{"key":"10.3233\/JCS-210167_ref47","unstructured":"O.\u00a0Ohrimenko, F.\u00a0Schuster, C.\u00a0Fournet, A.\u00a0Mehta, S.\u00a0Nowozin, K.\u00a0Vaswani and M.\u00a0Costa, Oblivious multi-party machine learning on trusted processors, in: USENIX Security 2016, T.\u00a0Holz and S.\u00a0Savage, eds, USENIX Association, 2016, pp.\u00a0619\u2013636."},{"key":"10.3233\/JCS-210167_ref48","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.47"},{"key":"10.3233\/JCS-210167_ref49","doi-asserted-by":"crossref","unstructured":"R.\u00a0Pires, D.\u00a0Gavril, P.\u00a0Felber, E.\u00a0Onica and M.\u00a0Pasin, A lightweight mapreduce framework for secure processing with sgx, in: Proceedings of the 17th IEEE\/ACM International Symposium on Cluster, Cloud and Grid Computing, CCGrid \u201917, IEEE Press, Piscataway, NJ, USA, 2017, pp.\u00a01100\u20131107.","DOI":"10.1109\/CCGRID.2017.129"},{"key":"10.3233\/JCS-210167_ref50","doi-asserted-by":"crossref","unstructured":"O.\u00a0Reingold, G.N.\u00a0Rothblum and R.D.\u00a0Rothblum, Constant-round interactive proofs for delegating computation, in: 48th ACM STOC, D.\u00a0Wichs and Y.\u00a0Mansour, eds, ACM Press, 2016, pp.\u00a049\u201362.","DOI":"10.1145\/2897518.2897652"},{"key":"10.3233\/JCS-210167_ref51","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.10"},{"key":"10.3233\/JCS-210167_ref53","doi-asserted-by":"crossref","unstructured":"F.\u00a0Tramer, F.\u00a0Zhang, H.\u00a0Lin, J.\u00a0Hubaux, A.\u00a0Juels and E.\u00a0Shi, Sealed-glass proofs: Using transparent enclaves to prove and sell knowledge, in: Euro S&P 2017, 2017, pp.\u00a019\u201334.","DOI":"10.1109\/EuroSP.2017.28"},{"key":"10.3233\/JCS-210167_ref54","unstructured":"T.\u00a0Tuan, A.\u00a0Dinh, P.\u00a0Saxena, E.-C.\u00a0Chang, B.\u00a0Chin Ooi and C.\u00a0Zhang, M2R: Enabling stronger privacy in MapReduce computation, in: USENIX Security 2015, J.\u00a0Jung and T.\u00a0Holz, eds, USENIX Association, 2015, pp.\u00a0447\u2013462."},{"key":"10.3233\/JCS-210167_ref55","doi-asserted-by":"crossref","unstructured":"P.\u00a0Valiant, Incrementally verifiable computation or proofs of knowledge imply time\/space efficiency, in: TCC 2008, R.\u00a0Canetti, ed., LNCS, Vol.\u00a04948, Springer, Heidelberg, 2008, pp.\u00a01\u201318.","DOI":"10.1007\/978-3-540-78524-8_1"},{"key":"10.3233\/JCS-210167_ref56","unstructured":"J.\u00a0Van Bulck, M.\u00a0Minkin, O.\u00a0Weisse, D.\u00a0Genkin, B.\u00a0Kasikci, F.\u00a0Piessens, M.\u00a0Silberstein, T.F.\u00a0Wenisch, Y.\u00a0Yarom and R.\u00a0Strackx, Foreshadow: Extracting the keys to the intel sgx kingdom with transient out-of-order execution, in: USENIX Security Symposium, 2018."},{"key":"10.3233\/JCS-210167_ref57","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00060"},{"key":"10.3233\/JCS-210167_ref58","doi-asserted-by":"crossref","unstructured":"N.\u00a0Weichbrodt, A.\u00a0Kurmus, P.R.\u00a0Pietzuch and R.\u00a0Kapitza, Asyncshock: Exploiting synchronisation bugs in intel SGX enclaves, in: ESORICS 2016, 2016, pp.\u00a0440\u2013457.","DOI":"10.1007\/978-3-319-45744-4_22"},{"key":"10.3233\/JCS-210167_ref59","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.45"},{"key":"10.3233\/JCS-210167_ref60","doi-asserted-by":"crossref","unstructured":"B.\u00a0Zhang, Y.\u00a0Chen, J.\u00a0Li, Y.\u00a0Zhou, P.\u00a0Thai, H.-S.\u00a0Zhou and K.\u00a0Ren, Succinct scriptable nizk via trusted hardware, in: European Symposium on Research in Computer Security, Springer, 2021, pp.\u00a0430\u2013451.","DOI":"10.1007\/978-3-030-88418-5_21"},{"key":"10.3233\/JCS-210167_ref61","doi-asserted-by":"crossref","unstructured":"F.\u00a0Zhang, E.\u00a0Cecchetti, K.\u00a0Croman, A.\u00a0Juels and E.\u00a0Shi, Town crier: An authenticated data feed for smart contracts, in: ACM CCS 2016, E.R.\u00a0Weippl, S.\u00a0Katzenbeisser, C.\u00a0Kruegel, A.C.\u00a0Myers and S.\u00a0Halevi, eds, ACM Press, 2016, pp.\u00a0270\u2013282.","DOI":"10.1145\/2976749.2978326"},{"key":"10.3233\/JCS-210167_ref62","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.43"}],"container-title":["Journal of Computer Security"],"original-title":[],"link":[{"URL":"https:\/\/content.iospress.com\/download?id=10.3233\/JCS-210167","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T20:45:40Z","timestamp":1777495540000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.medra.org\/servlet\/aliasResolver?alias=iospress&doi=10.3233\/JCS-210167"}},"subtitle":[],"editor":[{"given":"Elisa","family":"Bertino","sequence":"additional","affiliation":[],"role":[{"role":"editor","vocabulary":"crossref"}]},{"given":"Haya","family":"Shulman","sequence":"additional","affiliation":[],"role":[{"role":"editor","vocabulary":"crossref"}]},{"given":"Michael","family":"Waidner","sequence":"additional","affiliation":[],"role":[{"role":"editor","vocabulary":"crossref"}]}],"short-title":[],"issued":{"date-parts":[[2022,11,23]]},"references-count":50,"journal-issue":{"issue":"6"},"URL":"https:\/\/doi.org\/10.3233\/jcs-210167","relation":{},"ISSN":["1875-8924","0926-227X"],"issn-type":[{"value":"1875-8924","type":"electronic"},{"value":"0926-227X","type":"print"}],"subject":[],"published":{"date-parts":[[2022,11,23]]}}}