Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

ZK-ACE: Identity-Centric Zero-Knowledge Authorization for Post-Quantum Blockchain Systems

Jian Sheng Wang

TL;DR

This work presents ZK-ACE (Zero-Knowledge Authorization for Cryptographic Entities), an authorization layer that replaces transaction-carried signature objects entirely with identity-bound zero-knowledge authorization statements and demonstrates an order-of-magnitude reduction in consensus-visible authorization data relative to direct post-quantum signature deployment.

Abstract

Post-quantum signature schemes introduce kilobyte-scale authorization artifacts when applied directly to blockchain transaction validation. A widely considered mitigation is to verify post-quantum signatures inside zero-knowledge circuits and publish only succinct proofs on-chain. However, this approach preserves the signature-centric authorization model, merely relocating the verification cost, and embeds expensive high-dimensional lattice arithmetic into prover circuits.We present ZK-ACE (Zero-Knowledge Authorization for Cryptographic Entities), an authorization layer that replaces transaction-carried signature objects entirely with identity-bound zero-knowledge authorization statements. Rather than proving the correctness of a specific post-quantum signature, the prover demonstrates in zero knowledge that a transaction is authorized by an identity consistent with an on-chain commitment and bound replay state. The construction assumes a deterministic identity derivation primitive (DIDP) as a black box and uses a compact identity commitment as the primary on-chain identity anchor, supplemented by per-transaction replay-prevention state. We formalize ZK-ACE with explicit game-based security definitions for authorization soundness, replay resistance, substitution resistance, and cross-domain separation. We present a complete circuit constraint specification, define two replay-prevention models, and provide reduction-based security proofs under standard assumptions (knowledge soundness, collision resistance, and DIDP identity-root recovery hardness). A structural, protocol-level data accounting demonstrates an order-of-magnitude reduction in consensus-visible authorization data relative to direct post-quantum signature deployment. The design supports batch aggregation and recursive proof composition, and is compatible with account-abstraction and rollup-based deployment architectures.

ZK-ACE: Identity-Centric Zero-Knowledge Authorization for Post-Quantum Blockchain Systems

TL;DR

This work presents ZK-ACE (Zero-Knowledge Authorization for Cryptographic Entities), an authorization layer that replaces transaction-carried signature objects entirely with identity-bound zero-knowledge authorization statements and demonstrates an order-of-magnitude reduction in consensus-visible authorization data relative to direct post-quantum signature deployment.

Abstract

Post-quantum signature schemes introduce kilobyte-scale authorization artifacts when applied directly to blockchain transaction validation. A widely considered mitigation is to verify post-quantum signatures inside zero-knowledge circuits and publish only succinct proofs on-chain. However, this approach preserves the signature-centric authorization model, merely relocating the verification cost, and embeds expensive high-dimensional lattice arithmetic into prover circuits.We present ZK-ACE (Zero-Knowledge Authorization for Cryptographic Entities), an authorization layer that replaces transaction-carried signature objects entirely with identity-bound zero-knowledge authorization statements. Rather than proving the correctness of a specific post-quantum signature, the prover demonstrates in zero knowledge that a transaction is authorized by an identity consistent with an on-chain commitment and bound replay state. The construction assumes a deterministic identity derivation primitive (DIDP) as a black box and uses a compact identity commitment as the primary on-chain identity anchor, supplemented by per-transaction replay-prevention state. We formalize ZK-ACE with explicit game-based security definitions for authorization soundness, replay resistance, substitution resistance, and cross-domain separation. We present a complete circuit constraint specification, define two replay-prevention models, and provide reduction-based security proofs under standard assumptions (knowledge soundness, collision resistance, and DIDP identity-root recovery hardness). A structural, protocol-level data accounting demonstrates an order-of-magnitude reduction in consensus-visible authorization data relative to direct post-quantum signature deployment. The design supports batch aggregation and recursive proof composition, and is compatible with account-abstraction and rollup-based deployment architectures.
Paper Structure (70 sections, 6 theorems, 11 equations, 3 tables, 1 algorithm)

This paper contains 70 sections, 6 theorems, 11 equations, 3 tables, 1 algorithm.

Table of Contents

  1. Keywords.
  2. Introduction
  3. Post-Quantum Signatures and Blockchain Scalability
  4. Limitations of ZK-Compressed Signature Verification
  5. Key Observation: Authorization versus Signature Objects
  6. Our Setting and Scope
  7. Contributions
  8. Design Goals
  9. Paper Organization
  10. Related Work
  11. Post-quantum signatures on blockchains.
  12. ZK-compressed signature verification.
  13. Transparent and hash-based proof systems.
  14. Commitment and nullifier systems.
  15. Account abstraction and modular validation.
  16. ...and 55 more sections

Key Result

Theorem 8.1

Under (i) knowledge soundness of the proof system, (ii) collision resistance of $H$, and (iii) identity-root recovery hardness of the DIDP (Section sec:prelim:didp-security), for any $\mathsf{PPT}$ adversary $\mathcal{A}$:

Theorems & Definitions (19)

  • Remark 7.1
  • Remark 8.1: Mapping practical attack scenarios to formal games
  • Definition 8.1: Authorization Soundness Game
  • Remark 8.2: Strength of the adversarial model
  • Theorem 8.1: Authorization Soundness
  • proof
  • Definition 8.2: Replay-Resistance Game
  • Theorem 8.2: Replay Resistance
  • proof
  • Definition 8.3: Substitution-Resistance Game
  • ...and 9 more