一種用於 BFV 同態加密方案之解密過程驗證的高效 zk-SNARK 證明設計

Abstract

隨著現在區塊鏈的普及，在區塊鏈上的應用也越來越多，其中在區塊鏈上的隱私保護是不可或缺的。而在區塊鏈上最關鍵的兩個隱私保護的技術就是 Fully Homomorphic Encryption (FHE) 跟 Zero-Knowledge Proof (ZKP)，本文結合了兩者的技術來做到利用 ZKP 證明 FHE 的解密過程，首次提出利用 zk-SNARK 去證明 BFV 同態加密方案解密過程的正確性。 我們改造了 Greco 專案所提出的加密電路，並以 Halo2-lib 為基礎設計出對應的解密證明電路。本文實驗針對了不同 BFV 的安全等級都進行了模擬，證實了不同的 BFV 安全等級都可以透過本文實做出的電路進行證明，並且驗證時間都符合現在的實務應用需求，證明皆可成功生成且驗證時間穩定於毫秒等級。 本研究證實：在不洩露私鑰與明文的前提下，能有效證明解密的正確性，並可根據應用程式不同需求來證明解密後的明文符合特定性質。這樣的技術能應用在需要隱私保護的區塊鏈場景上，例如在隱私保護的電子投票或是密封拍賣，有助於在保障隱私的同時提升效率與安全性。

With the increasing adoption of blockchain technology, the number of applications deployed on blockchain platforms has skyrocketed. Among these, privacy-preserving applications have become an essential concern. Two of the most critical techniques for achieving privacy on the blockchain are Fully Homomorphic Encryption (FHE) and Zero-Knowledge Proof (ZKP). This study combines these two technologies to demonstrate a novel approach: using ZKP to prove the correctness of the FHE decryption process. Specifically, we present the first implementation of a zk-SNARK to verify the decryption process of the BFV homomorphic encryption scheme without revealing the secret key or the decrypted plaintext. Our work extends the Greco project, originally designed to prove FHE encryption by adapting its circuits for proof of decryption. Based on Halo2-lib, we construct a custom zero-knowledge circuit for the BFV decryption process. Through simulations across multiple BFV security levels, we demonstrate that our circuit can successfully generate proof and verify them within milliseconds, satisfying the efficiency requirements of real-world applications. This research confirms that verifying the correctness of FHE decryption in zero-knowledge is feasible. Furthermore, the decrypted message can be proven to satisfy specific properties depending on application requirements. Such a technique is especially valuable in privacy-preserving blockchain applications, such as electronic voting or sealed-bid auctions, where ensuring both privacy and verifiability is crucial to achieving security and trust.