International Association
for Cryptologic Research

Digital signatures underpin identity, authenticity, and trust in modern systems. Advanced variants of signatures—such as proofs of possession, ring signatures, and threshold signatures—offer security, privacy, and anonymity benefits but are rarely deployed due to incompatibility with widely used legacy schemes. This talk explores how to transform these legacy signatures— concretely, RSA, ECDSA, Ed25519, and the new NIST standards Falcon and Dilithium— into advanced variants using zkSNARKs. Making our zkSNARK-based schemes practical requires closing a huge efficiency gap that stems from, roughly, the cost of proving signature verification using the zkSNARK. We will present optimized protocols for expensive parts of signature verification, such as hashing and elliptic curve scalar multiplication. Using our techniques, we can generate a 240-byte proof of possession of an RSA signature over a message the size of a typical TLS certificate—two kilobytes—in only three seconds; the proof takes only 28 milliseconds to verify.