Command Palette
Search for a command to run...
Prezta: التنفيذ عن بُعد القابل للإثبات لتفويض الثقة المعدومة باستخدام SNARKs
Prezta: التنفيذ عن بُعد القابل للإثبات لتفويض الثقة المعدومة باستخدام SNARKs
Zhongjing Wei Yupeng Zhang Osaid Muhammad Ameer Nikita Borisov
الملخص
أصبح تحديث أمن أنظمة التكنولوجيا التشغيلية التي تتحكم في البنى التحتية الحيوية تحديًا ملحًا. نظرًا لقدرات الأجهزة الطرفية المحدودة، اعتمد التحديث على بوابات التطبيقات التي تتواصل مع أنظمة إدارة الهوية وتفرض سياسات الوصول. هذه البوابات قوية بما يكفي لتنفيذ قرارات تفويض معقدة ودعم بنى الثقة المعدومة، لكنها تخلق أعباء نشر وإدارة كبيرة: يجب أن تكون موجودة في نفس موقع الأجهزة الطرفية البعيدة والموزعة، وأن تُحدَّث باستمرار بتصحيحات الأمان، وأن تُدار بأقل وقت تعطل ممكن. نقترح "التنفيذ عن بُعد القابل للإثبات لتفويض الثقة المعدومة" (PREZTA)، وهي بنية تلغي هذه البوابات من خلال تقييم السياسات داخل آلة افتراضية عديمة المعرفة (zkVM) تعمل على العميل. تنتج الآلة الافتراضية عديمة المعرفة إثباتًا موجزًا للتفويض يمكن للأجهزة الطرفية التحقق منه بكفاءة، مما يوسع نطاق حماية الثقة المعدومة ليشمل الأجهزة الطرفية. يمكن للسياسات ومخططات إدارة الهوية أن تتطور دون الحاجة لتحديث الأجهزة الطرفية. لإثبات جدوى PREZTA، ننفذ نموذجًا أوليًا مبنيًا باستخدام الآلة الافتراضية عديمة المعرفة RISC Zero، يدعم سياسات XACML 3.0 ومطالبات هوية JWT. بينما تقدم الآلات الافتراضية عديمة المعرفة عبئًا كبيرًا في إنشاء الإثبات، فإننا نخفف من ذلك عن طريق ترجمة السياسات إلى كود Rust وترجمة التعابير النمطية مسبقًا. وبدمج ذلك مع التحقق المُحسَّن من التوقيع وتحليل JWT، تقلل هذه الإجراءات وقت المُثبِت بأكثر من درجة أسية. ينفذ مترجمنا بشكل صحيح 83% من مجموعة مطابقة XACML 3.0، مع اكتمال إنشاء الإثبات في عشرات الثواني على حاسوب مكتبي. في المقابل، يستغرق التحقق بضع عشرات من المللي ثانية فقط - وهو سريع بما يكفي حتى للأجهزة الطرفية محدودة الموارد.
One-sentence Summary
Researchers from the University of Illinois Urbana-Champaign propose PREZTA, an architecture that eliminates the need for co-located application gateways by using a zero-knowledge virtual machine to generate succinct proofs of authorization, thereby extending zero-trust security to resource-constrained edge devices while enabling policy evolution without device updates, and optimized compilation reduces proof generation to tens of seconds with verification taking only tens of milliseconds.
Key Contributions
- The PREZTA architecture eliminates application gateways by evaluating zero-trust authorization policies within a zero-knowledge virtual machine (zkVM) on the client, producing a succinct proof that edge devices can verify efficiently, extending the zero-trust envelope to the edge without requiring device updates for policy changes.
- A prototype built on the RISC Zero zkVM supports XACML 3.0 policies and JWT identity claims; it compiles policies into Rust code, pre-compiles regular expressions, and with optimized signature verification and JWT parsing reduces prover time by more than an order of magnitude.
- The compiler correctly implements 83% of the XACML 3.0 conformance suite, with proof generation in tens of seconds on a desktop and verification in tens of milliseconds, demonstrating that verification is fast enough for resource-constrained edge devices.
Introduction
Operational technology (OT) networks control critical physical infrastructure, yet the devices on these networks often have minimal built-in security and multi-decade upgrade cycles. To extend zero-trust security practices into such environments, existing solutions deploy application gateways that evaluate complex authorization policies before forwarding requests to edge devices. However, these gateways must be physically collocated with OT devices to avoid implicitly trusted network segments, which creates a significant management burden: each gateway is a security-critical asset that must be continuously patched and hardened. The authors propose PREZTA, an architecture that moves policy evaluation away from the gateway and into a zero-knowledge virtual machine (zkVM). Instead of running a heavyweight policy decision point on-site, a client executes the policy inside a zkVM and produces a succinct proof of correct authorization. The OT device can verify this proof at very low cost, enabling even resource-constrained devices to enforce sophisticated, evolvable policies without requiring on-site gateway upgrades.
Method
The authors propose PREZTA, a novel zero-trust architecture that leverages Succinct Non-interactive Arguments of Knowledge (SNARKs) and digital signatures to enforce access control policies without relying on traditional gateways. In conventional zero-trust setups, an Application Gateway acts as a Policy Enforcement Point and Policy Decision Point, which introduces significant update and maintenance overhead.
As shown in the figure below:
The authors completely remove the gateway from the architecture. Instead, the overhead of policy evaluation and proof generation is shifted to the subject.
Refer to the framework diagram:
The PREZTA architecture consists of an Identity Provider, a Policy Authority, a Subject, and an Edge Device. The Identity Provider authenticates the subject and issues an authentication token containing attributes. The Policy Authority sets the authorization policy, compiles it, and signs it. The subject runs a zkVM to execute the policy logic and generates a zkSNARK proof. The subject then sends the request, context, and proof to the Edge Device, where the Policy Enforcement Point verifies the proof and makes the final access decision.
The system operates in three main stages: Policy Deployment, Proof Generation, and Proof Verification. To enable verifiable evaluation of policies, the authors developed a policy compiler that translates XACML policies directly into Rust code, which is then compiled into RISC-V machine code for execution in the RISC Zero zkVM.
As shown in the figure below:
The pipeline transforms the XACML policy into an Intermediate Representation, then into Rust Code, and finally into a RISC-V Binary. During runtime, the guest program executes within the zkVM environment, taking the JWT and request attributes as inputs, and outputs the access decision along with the request attributes.
To make the system efficient, the authors introduce several optimizations for the zkVM. For regular expressions, instead of running a generic regex engine at runtime, patterns are precompiled into deterministic finite automata and embedded as static data, eliminating parsing overhead. For JWT parsing, they directly use the serde_json library in Rust, which is efficient for common tokens. For RSA verification, which is computationally expensive, they utilize pre-compiled system calls in the RISC Zero zkVM and hardcode the public key parameters to avoid dynamic construction overhead.
Experiment
The compiler is validated on 323 XACML conformance test policies, all passing, confirming correct implementation of the supported feature set. End-to-end experiments on an AWS instance show that prover time is dominated by RSA verification and zkVM padding, with most policies proving in tens of seconds; removing the RSA module reduces the majority to about 7 seconds. Optimizations yield a dramatic speedup over a naive approach, with regex and RSA improvements as the largest contributors. The verifier is fast and proof sizes are small, demonstrating that PREZTA is practical and can be further enhanced with dedicated circuits.
In PREZTA, input attributes are separated into private and public categories based on how they are validated and bound to real-world sources. Private attributes like the JWT are verified inside the zkVM, while public attributes (JWT public key, subject IP, resource ID, timestamp) are bound to sources such as the network stack, request context, and system clock, enabling edge devices to check their authenticity before accepting a proof. The JWT is a private attribute validated implicitly through signature verification inside the zkVM, so the edge device never sees its contents. The JWT public key is a public attribute committed with the zkVM code, giving the verifier a trusted binding for checking the prover's identity. Subject IP address, requested resource ID, and system timestamp are public attributes bound to the network stack, request context, and system clock respectively, allowing edge devices to verify them directly.
Cumulatively adding RSA and regex optimizations slashes proof generation time from 1301.7 seconds to 27.3 seconds, a 47.7× speedup. The RSA step delivers the largest absolute reduction in cycles and prover time, while the regex step yields the biggest relative gain from the previous stage. Verifier time and proof size also shrink dramatically, from 196.9 ms to 15.1 ms and from 3.2 MB to 250 KB. RSA optimization alone reduces user cycles from 10.5M to 805K and prover time from 1301.7s to 176s, a 7.4× improvement. Adding regex optimization further cuts cycles to 154K and slashes prover time to 27.3s, a 6.4× speedup over the RSA-only stage.
In the analyzed policy with the highest user cycles, regex matching and RSA verification are the two dominant operations, together accounting for over 90% of the total. The regex component alone consumes nearly half of the cycles, while RSA takes a similarly large share, leaving only a small fraction for all other tasks. This distribution explains why regex-focused optimizations and offloading RSA to dedicated circuits are the most impactful for reducing prover time. Regex matching is the largest single contributor to user cycles, representing roughly 47% of the total. RSA verification consumes a comparable portion of cycles, around 45%, making it the second major bottleneck. All other operations combined (labeled 'Others') account for less than 10% of the user cycles, showing that the system's cost is heavily concentrated in these two modules.
The evaluation examines the effect of incremental optimizations on proof generation for a system that separates private and public attributes, with the private JWT verified inside the zkVM and public attributes bound to external sources. A cycle breakdown reveals that RSA verification and regex matching are the two dominant bottlenecks, together consuming over 90% of the computational cost. Sequentially offloading RSA to a dedicated circuit and applying regex-specific optimizations dramatically reduces proof generation time, while also shrinking verifier time and proof size. These results confirm that targeting the primary cost centers yields a substantial overall speedup, making the approach practical for edge devices.