Search Results (31)

Polynomial commitment schemes (PCS) enable a prover to commit to a polynomial and later reveal evaluations with succinct, verifiable proofs. As critical components of modern cryptographic systems like Verkle trees and zk-SNARKs, these methods are experiencing a significant transition from classical to post-quantum designs. This comprehensive research systematically compares the major scheme families to examine this progression, from pairing-based KZG and transparent Bulletproofs to lattice-based and hash-based post-quantum alternatives. We present a unified taxonomy that maps the classical-to-post-quantum transition across trust models, security assumptions, and efficiency measures after conducting a PRISMA-guided systematic review of 77 works. Our analysis reveals a fundamental trade-off between efficiency and security: classical schemes, which rely on quantum-vulnerable assumptions, provide optimal performance with constant-sized proofs, while post-quantum alternatives offer quantum resistance at the cost of larger proofs and higher computational overhead. By combining research works, we highlight recurrent problems with adaptive security, verification efficiency, and proof conciseness. We offer a specific research roadmap with prioritized short-, medium-, and long-term directions to close the performance gap between quantum-resistant and classical architectures based on our quantitative analysis. This study offers a technical reference and a strategic roadmap for constructing practical post-quantum polynomial commitments. Full article

The transition from isolated distributed ledgers to a unified “Internet of Value” is hindered by the lack of efficient, verifiable, and privacy-preserving cross-chain data retrieval mechanisms. While asset bridging has matured, generalized data indexing remains a critical bottleneck, constrained by the semantic gap between heterogeneous storage layouts and the prohibitive verification tax of cryptographic proofs. In this paper, we present HyperCross, a novel semantic-aware zero-knowledge indexing framework designed to bridge this divide. We first formalize the heterogeneous cross-chain storage optimization problem (HCCSOP) and prove its NP-completeness. To tackle this, HyperCross employs a synergistic tri-layered architecture. At the semantic layer, we introduce a unified data abstraction (UDA) that leverages category-theoretic functors and schema morphisms to ensure mathematically rigorous state mapping for both simple assets and complex smart contract logic. At the indexing layer, a zero-knowledge learning index (ZKLI) shifts prediction intelligence to the client side, integrating zk-SNARKs with silent oblivious transfer to achieve constant-time verification ($O\left(1\right)$) while concealing access patterns. Finally, a multi-level cache (MLC) utilizes predictive prefetching with $\Delta$-bounded staleness to mask network latency. Extensive evaluations demonstrate that HyperCross reduces query latency by $2.4\times$ and storage overhead by $40\%$ compared to state-of-the-art baselines, establishing a scalable foundation for data-intensive inter-chain applications. Full article

The proliferation of sensor networks in critical infrastructure, healthcare monitoring, and smart city applications demands robust privacy-preserving mechanisms for data verification. Zero-knowledge succinct non-interactive arguments of knowledge (zk-SNARKs) offer a promising cryptographic primitive that enables data integrity verification without revealing sensitive sensor readings. However, the practical feasibility of deploying zk-SNARKs in resource-constrained sensor network environments remains insufficiently characterized. This paper presents a systematic benchmarking study of the Groth16 zk-SNARK protocol across eight representative circuit types spanning six orders of magnitude in computational complexity, from basic arithmetic operations (1 constraint) to ECDSA signature verification (1,510,185 constraints). Using an automated open-source benchmarking framework built on the Circom-snarkjs toolchain, we conducted 160 statistically controlled measurements (20 iterations per circuit) with cold/warm separation, collecting proof generation time, verification time, proof size, memory consumption, and witness generation overhead. Our results demonstrate that Groth16 proofs maintain a constant size of $804.7\pm 1.7$ bytes and near-constant verification time of $0.662\pm 0.032$ s regardless of circuit complexity, with coefficients of variation below 5% across all circuit types. Proof generation time exhibits sub-linear scaling ($\alpha =0.256$, $R^2=0.608$), with statistically significant differences between circuit categories confirmed by one-way ANOVA ($F=355.0$, $p<{10}^{-79}$, ${\eta }^2=0.94$). We identify three operational deployment tiers for sensor network architectures and estimate energy budgets for battery-powered devices. These findings provide actionable guidance for the design of privacy-preserving data verification systems in next-generation sensor networks. Full article

This study presents ZK-EHR, a decentralized access control framework designed to enable secure and privacy-preserving sharing of encrypted electronic health records across institutional boundaries. Unlike existing blockchain-based EHR access control systems that expose user identities on-chain or lack cryptographic privacy guarantees, ZK-EHR decouples authorization from identity disclosure by integrating zk-SNARK-based proofs with blockchain smart contracts to verify policy compliance without revealing user roles, affiliations, or credentials. The framework employs three differentiated actor roles—Patient (Data Owner), Doctor (Care Provider), and Researcher (Authorized Analyst)—with distinct policy-driven access workflows, a custom Groth16 zero-knowledge circuit for role-based constraint enforcement, and a modular architecture combining on-chain verification with off-chain encrypted storage via IPFS. Concrete design proposals for access revocation and replay attack prevention are introduced to address operational security requirements. The system was evaluated under multiple operational and adversarial scenarios. Experimental results indicate consistent on-chain verification latency (approximately 390 ms), reliable rejection of tampered submissions, and per-verification gas consumption of 216,631 gas. A comparative analysis against representative baseline systems demonstrates that ZK-EHR uniquely combines identity anonymity, on-chain cryptographic policy enforcement, and auditable encrypted record retrieval. These findings establish the feasibility of zk-SNARK-based access control for decentralized, verifiable, and privacy-aware EHR management. Full article

Large-scale Virtual Power Plants (VPPs) are increasingly essential as Distributed Energy Resources (DERs) assume ancillary service duties once supplied by conventional generation, yet scaling a VPP exposes a persistent trilemma among economic efficiency, data privacy, and operational security. Centralized coordination can approach optimal revenue but requires collecting fine-grained DER operational data and creates a single point of compromise. Federated Learning (FL) mitigates raw data centralization by keeping measurements and experience local, but it introduces a fragile trust assumption that the aggregator will correctly and fairly combine model updates. This trust gap is acute in reinforcement learning-based VPP control because aggregation deviations, including selectively dropping updates, manipulating weights, replaying stale models, or injecting a replacement model, can silently bias the learned policy and degrade both profit and compliance. We propose a zero-knowledge federated reinforcement learning framework for trustless VPP coordination in which each DER trains a local deep reinforcement learning agent to solve a multi-objective dispatch problem that balances ancillary service revenue against battery degradation under operational and grid constraints, while the global aggregation step is made externally verifiable. In each round, participants bind membership via signed receipts and commit to their updates, and the aggregator produces a zk-SNARK, proving that the published global parameters equal the agreed aggregation rule applied to the receipt-bound set of committed updates under a fixed-point encoding with range constraints. Verification is lightweight and can be performed independently by each DER, removing the need to trust the aggregator for aggregation integrity without centralizing raw DER operational data or trajectories. The proposed design does not aim to hide model updates from the aggregator. Instead, it provides external verifiability of the aggregation computation while keeping raw measurements and local experience. We formalize the threat model and verifiable security properties for aggregation correctness and update inclusion, present a circuit construction with proof complexity characterized by model dimension and fleet size, and evaluate the approach in power and cyber co-simulation on the IEEE 33 bus feeder with ancillary service signals. Results show near-centralized economic performance under benign conditions and improved robustness to aggregator side deviations compared to standard federated reinforcement learning. Full article

This paper proposes a process-aware, tag-based digital identity framework that enhances interoperability while enabling identity unlinkability and selective disclosure across multi-party workflows involving sensitive data. We realize this framework within the self-sovereign identity (SSI) paradigm, employing zk-SNARK–based zero-knowledge proofs to enable verifiable identity authentication without plaintext disclosure. The framework introduces a protocol-tagging mechanism to support multiple proof systems within a unified architecture, thereby enhancing SSI scalability and interoperability. Its core innovation lies in combining identity unlinkability and process-driven data disclosure: derived sub-identities mitigate identity-linkage attacks, while layered encryption enables selective, stepwise decryption of sensitive information (e.g., delivery addresses), ensuring participants access only the minimal information necessary for their tasks. In addition, zero-knowledge proof-based verification guarantees that the validation of derived sub-identities can be performed without sharing any plaintext attributes or identifying factors. We applied the framework to logistics, where sub-identities anonymize participants and layered encryption allows for delivery addresses to be decrypted progressively along the logistics chain, with only the final courier authorized to access complete information. During the parcel receipt process, users can complete verification using derived sub-identities and zero-knowledge proofs alone, without disclosing any real personal information or attributes that could be linked back to their identity. Trusted Execution Environments (TEEs) ensure the authenticity of decryption requests, while blockchain provides immutable audit trails. A demonstration system was implemented, formally verified using Scyther, and performance-tested across multiple platforms, including resource-constrained environments, showing high efficiency and strong practical potential. The core paradigms of identity unlinkability and process-driven data disclosure are generalizable and applicable to multi-party scenarios involving sensitive data flows. Full article

Because of the advancement of IT, cross-domain environments have emerged where independent clouds with different security policies share data. However, sharing data between clouds with heterogeneous security levels is a challenging task, and most existing access control schemes focus on a single cloud domain. Among various access control models, RBAC is suitable for cross-domain data sharing, but existing RBAC schemes cannot provide strong role privacy and do not support freshness in role verification, so they are vulnerable to replay-based misuse of credentials. In this paper, we propose an RBAC scheme for cross-domain cloud environments based on a hash-chain-augmented zk-SNARK and identity-based signatures. The TA issues IBS-based role signing keys to users, and the user proves, through a zk-SNARK circuit, that there exists a valid role signing key satisfying the access policy without revealing the concrete role information to the CDS. In addition, a synchronized hash chain between the user and the CDS is embedded into the proof so that each proof is tied to the current hash-chain state and any previously used proof fails verification when replayed. We formalize role privacy, replay resistance, and MitM resistance in the cross-domain setting and analyze the proposed scheme by comparing it with Saxena and Alam’s I-RBAC, Xu et al.’s RBAC, MO-RBE, and PE-RBAC. The security analysis shows that the proposed scheme achieves robust role privacy against both the CDS and external attackers and prevents replay and man-in-the-middle attacks. Furthermore, the computational cost evaluation based on the number of pairing, exponentiation, point addition, and hash operations confirms that the verifier-side overhead remains comparable to existing schemes, while the additional prover cost is the price for achieving stronger privacy and security. Therefore, the proposed scheme can be applied to cross-domain cloud systems that require secure and privacy-preserving role verification, such as military, healthcare, and government cloud infrastructures. Full article

To address the issues of privacy-utility imbalance, insufficient incentives, and lack of verifiable computation in current medical data sharing, this paper proposes a blockchain-based fair verification and adaptive differential privacy mechanism. The mechanism adopts an integrated design that systematically tackles three core challenges: privacy protection, fair incentives, and verifiability. Instead of using a traditional fixed privacy budget allocation, it introduces a reputation-aware adaptive strategy that dynamically adjusts the privacy budget based on the contributors’ historical behavior and data quality, thereby improving aggregation performance under the same privacy constraints. Meanwhile, a fair incentive verification layer is established via smart contracts to quantify and confirm data contributions on-chain, automatically executing reciprocal rewards and mitigating the trust and motivation deficiencies in collaboration. To ensure enforceable privacy guarantees, the mechanism integrates lightweight zero-knowledge proof (zk-SNARK) technology to publicly verify off-chain differential privacy computations, proving correctness without revealing private data and achieving auditable privacy protection. Experimental results on multiple real-world medical datasets demonstrate that the proposed mechanism significantly improves analytical accuracy and fairness in budget allocation compared with baseline approaches, while maintaining controllable system overhead. The innovation lies in the organic integration of adaptive differential privacy, blockchain, fair incentives, and zero-knowledge proofs, establishing a trustworthy, efficient, and fair framework for medical data sharing. Full article

Distributed digital identity is an emerging identity management technology aimed at achieving comprehensive interconnectivity between digital objects. However, there is still the problem of privacy leakage in distributed identities, and selective disclosure technology partially solves the privacy issue in distributed identities. Most of the existing selective disclosure algorithms use anonymous credentials or hash functions. Anonymous credential schemes offer high security and meet the requirements of unforgeability and unlinkability, but their exponential operations result in low efficiency. The scheme based on hash functions, although more efficient, is susceptible to man-in-the-middle attacks. This article proposes an efficient selective disclosure scheme based on hash functions and implicit certificates. The attribute values are treated as leaf nodes of the Merkle tree, and the root node is placed in a verifiable credential. According to the implicit certificate algorithm process, a key pair that can use the credential is generated. During the attribute disclosure process, the user autonomously selects the attribute value to be presented and generates a verification path from the attribute to the root node. The verifier checks the Merkle tree verification path. All operations are completed within 10 ms while meeting the unforgeability requirements and resisting man-in-the-middle attacks. This article also utilizes the ZK-SNARK algorithm to hide the validation path of the Merkle tree, enhancing the security of the path during the disclosure process. The experimental results show that the selective disclosure algorithm performs well in both performance and privacy protection, with an efficiency 80% faster than that of existing schemes. This enhances the proposed scheme’s potential and value in the field of identity management; it also holds broad application prospects in fields such as the Internet of Things, finance, and others. Full article

In an age of AI-generated content and deepfakes, fake news and disinformation are increasingly spread using manipulated or fabricated images. To address this challenge, we introduce Post-Quantum VerITAS, a cryptographic framework for verifying the authenticity and history of digital images—even in a future where quantum computers threaten classical encryption. Our system supports common image edits, like cropping or resizing, while proving that the image is derived from a legitimate, signed source. Using quantum-resistant tools, like lattice-based hashing, modified Poseidon functions, and zk-SNARK proofs, we ensure fast, privacy-preserving verification without relying on trusted third parties. Post-Quantum VerITAS offers a scalable, post-quantum-ready solution for image integrity, with direct applications in journalism, social media, and secure digital communication. Full article

The rapid development of blockchain has significantly promoted research on zero-knowledge proofs (ZKPs), especially zero-knowledge succinct noninteractive arguments of knowledge (zk-SNARK). As is well known, protocol proof and verification time, as well as proof size, are the main obstacles that restrict the implementation of ZKPs in practical applications, so they have become the main concerns of researchers in recent years. This work achieves a new recursive zk-SNARK called GENES, which does not have a trusted setup and is secure under the standard discrete logarithm assumption. GENES is designed from the form of the rank-1 constraint system (R1CS) satisfiability problem. Recursive proof composition is achieved by merging multiple R1CS instances, which transforms the verification of numerous proofs into the verification of a single proof. Moreover, multi-helpers amortize proof commitments in this study, significantly reducing the computational pressure and time cost of proof generation. Compared with previous work, GENES effectively improves the proof time and verification time, but at the cost of larger proof sizes. We provide a blockchain Layer-1 scaling solution leveraging GENES to demonstrate its practicality. Full article

Efficient cattle healthcare management is vital for ensuring productivity and welfare in dairy production, yet traditional record-keeping methods often lack transparency, security, and efficiency, leading to challenges in livestock product quality and healthcare. This study introduces a novel framework leveraging Zero Knowledge (ZK)-Rollups-enhanced Layer 2 blockchain and Non-Fungible Tokens (NFTs) to address these issues. NFTs serve as secure digital certificates for individual cattle health records, ensuring transparency and traceability. ZK-Rollups on the Layer 2 blockchain enhance scalability, privacy, and cost-efficiency, while smart contracts automate key processes such as veterinary scheduling, medication delivery, and insurance claims, minimizing administrative overhead. Performance evaluations reveal significant advancements, with transaction delays of 4.1 ms, throughput of 249.8 TPS, gas costs reduced to 26,499.76 Gwei, and a time-to-finality of 1.1 ms, achieved through ZK-SNARKs (ZK-Succinct Non-Interactive Arguments of Knowledge) integration. These results demonstrate the system’s potential to revolutionize cattle healthcare management by combining transparency, security, and operational efficiency. Full article

UAVs are increasingly being used in various domains, from personal and commercial applications to military operations. Ensuring the security and trustworthiness of UAV communications is crucial, and blockchain technology has been explored as a solution. However, privacy remains a challenge, especially in public blockchains. In this work, we propose a novel approach utilizing zero-knowledge proof techniques, specifically zk-SNARKs, which are non-interactive cryptographic proofs. This approach allows UAVs to prove their authenticity or location without disclosing sensitive information. We generated zk-SNARK proofs using the Zokrates tool on a Raspberry Pi, simulating a drone environment, and analyzed power consumption and CPU utilization. The results are promising, especially in the case of larger drones with higher battery capacities. Ethereum was chosen as the public blockchain platform, with smart contracts developed in Solidity and tested on the Sepolia testnet using Remix IDE. This novel proposed approach paves the way for a new path of research in the UAV area. Full article

In the era of cloud computing, guaranteeing the safety and effectiveness of data management is of utmost importance. This investigation presents a novel approach that amalgamates the sharding concept, encryption, zero-knowledge proofs (zkp), and blockchain technology for secure data retrieval and data access control to improve data security, efficiency in cloud storage and migration. Further, we utilize user-specific digital wallets for secure encryption keys in order to encrypt the file before storing into the cloud. As Large files (greater than 50 MB) or Big data files (greater than 1 TB) require greater computational complexity, we leverage the sharding concept to enhance both space and time complexity in cloud storage. Hence, the large files are divided into shards and stored in different database servers. We also employ a blockchain smart contract to enhance secure retrieval of the file and also a secure access method, which ensures the privacy of the user. The zk-snark protocol is utilized to ensure the safe transfer of data between different cloud services. By utilizing this approach, data privacy is preserved, as only the proof of the data’s authenticity is shared with the verifier at the destination cloud, rather than the actual data themselves. The suggested method tackles important concerns related to data protection, privacy, and efficient resource utilization in cloud computing settings by ensuring it meets all the cloud policies required to store data. Since the environment maintains the privacy of the user data and the raw data of the user is not stored anywhere, the entire environment is set up as a Zero trust model. Full article

The integration of Unmanned Aircraft Systems (UASs) into the current airspace poses significant challenges in terms of safety, security, and operability. As an example, in 2019, the European Union defined a set of rules to support the digitalization of UAS traffic management (UTM) systems and services, namely the U-Space regulations. Current propositions opted for a centralized and private model, concentrated around governmental authorities (e.g., AlphaTango provides the Registration service and depends on the French government). In this paper, we advocate in favor of a more decentralized and transparent model in order to improve safety, security, operability among UTM stakeholders, and legal compliance. As such, we propose DFly, a publicly auditable and privacy-preserving UAS traffic management system on Blockchain, with two initial services: Registration and Flight Authorization. We demonstrate that the use of a blockchain guarantees the public auditability of the two services and corresponding service providers’ actions. In addition, it facilitates the comprehensive and distributed monitoring of airspace occupation and the integration of additional functionalities (e.g., the creation of a live UAS tracker). The combination with zero-knowledge proofs enables the deployment of an automated, distributed, transparent, and privacy-preserving Flight Authorization service, performed on-chain thanks to the blockchain logic. In addition to its construction, this paper details the instantiation of the proposed UTM system with the Ethereum Sepolia’s testnet and the Groth16 ZK-SNARK protocol. On-chain (gas cost) and off-chain (execution time) performance analyses confirm that the proposed solution is a viable and efficient alternative in the spirit of digitalization and offers additional security guarantees. Full article