CryptoDB
FREPack: Improved SNARK Frontend for Highly Repetitive Computations
| Authors: |
|
|---|---|
| Download: | |
| Conference: | ASIACRYPT 2025 |
| Abstract: | Modern SNARK designs typically follow a frontend-backend paradigm: The frontend compiles a user's program into some equivalent circuit representation, while the backend calls for a SNARK specifically made for proving circuit satisfiability. While these circuits are often defined over small fields, the backend prover always needs to lift the computation to much larger fields to ensure soundness. This gap introduces concrete overheads for ZK applications like zkRollups, where group-based SNARKs are used to provide constant-size proofs for Merkle tree openings. For a class of highly repetitive computations, we propose FREPack, an improved frontend that effectively bridges this gap. The larger the gap between circuit's small field and backend's large field, the more FREPack reduces the circuit size, making it particularly well-suited for group-based backends. Our implementation shows that, for proving ~ 300 iterations of SHA-256, FREPack improves the performance of Groth16 by 3.6x, Nova by 3.8x, and Spartan by 5.9x. |
BibTeX
@inproceedings{asiacrypt-2025-35937,
title={FREPack: Improved SNARK Frontend for Highly Repetitive Computations},
publisher={Springer-Verlag},
author={Sriram Sridhar and Yinuo Zhang},
year=2025
}