大数据时代的到来导致数据量急剧增加，数据的存储、检索和计算均面临着巨大的挑战。因此，第三方计算平台成为了对外包数据进行保存和处理必不可少的工具。当用户将数据或计算任务委托至第三方计算平台时，不可避免的会带来一些与可验证隐私计算相关的问题。当前已有一些工作针对该问题进行了研究，但是它们依然无法对托管数据的计算完整性进行保障和证明，且在效率上仍有提升的空间。另一方面，零知识证明作为重要的密码学原语之一，能够让证明者在不泄露隐私的前提下令验证者相信自己所持有命题的正确性，是可验证隐私计算中的有效工具。本文基于以上背景，从第三方计算平台存在的不同问题出发，开展了基于零知识证明的可验证隐私计算及其应用研究，旨在解决外包计算的完整性证明和隐私保护问题。通过设计提出三个零知识证明方案并面向不同的场景功能对算法进行实例化，有效缓解了当前第三方平台中可验证隐私计算存在的计算转换困难、隐私性能不足、验证效率低下的问题。本文的主要创新点如下：（1）提出了一个轻量级的零知识证明方案，有效缓解了第三方计算平台证明时前序计算量大，算数电路转换困难的问题，并使用云计算平台机器学习服务对方案进行了实例化，证明了方案的有效性。通过对复杂元计算构建电路小组件，并对重复出现的复杂计算设计优化算法，所提方案能够极大地减小R1CS 约束系统（Rank-1 Constraint System）算术电路的大小，从而对零知识证明协议的性能进行优化。进一步地，我们采用部署在云计算平台的机器学习Pipeline 计算模型对提出的轻量级零知识证明协议进行实例化。分析与实验表明，该轻量级零知识证明协议能够在确保隐私安全的前提下对计算完整性进行证明，且优于Baseline方法10 到1e3 倍。（2）提出了一个具有零知识属性的数据可取回性方案（Proof of Retrievability, PoR），有效解决了当前外包计算中存在的数据隐私泄露和隐私保护功能缺失的问题，并使用物流追溯系统对方案进行了实例化。该方案通过为服务器设置公钥三元组和双线性映射，构建了基于BLS 签名的PoR 方案zk-BLS-PoR，实现了隐私保护的数据存储审计。进一步地，我们采用分布式混合区块链数据存储审计功能中的物流追溯系统对zk-BLS-PoR 方案进行了实例化，并提出利用基站数据，将区块链上虚拟节点与链下物理实体进行绑定，有效缓解了物流追溯系统中的可追溯性和可信性的问题。（3）提出了一个具有快速验证特性的零知识证明方案，有效缓解了第三方计算平台存在的验证复杂度高、验证者工作量过大导致方案不具备可行性的问题，并在任意SQL 查询验证中对方案进行了实例化，证明了方案的有效性。通过将结构化参考字符串（Structural Reference Strings, SRS）与Kate 多项式承诺方案结合，有效解决了当前方案在验证时，验证者需要计算线性时间复杂度的椭圆曲线乘法，导致验证成本过高的问题。进一步地，我们采用分布式混合区块链数据检索结果验证场景对算法进行了实例化，并通过对不同类型的查询命令分别构建
特定SQL 命令检查和多项式评估检查，实现了实例化算法中对任意SQL 命令的结果验证。实验表明，快速验证零知识证明方案在证明时间、验证时间、和证明体量上均优于Baseline 方法两倍以上。综上，本文围绕不同第三方计算平台的现有问题，以零知识证明方案为主要方法，设计提出了三个具有隐私保护性质且高效的可验证计算协议。通过对算法分别实例化，证明了本文提出的方案能够有效解决计算转换困难、数据泄露隐患、和验证效率低下的问题。上述设计的方案和算法为零知识证明协议的设计和可验证隐私计算的相关研究提供了一定的思路。

The advent of the big data era has led to an enormous increase in the volume of data, leading the storage, retrieval, and computation of data to become considerable challenges. As a result, third-party computing platforms have become essential tools for storing and processing outsourced data. When users delegate their data or computation tasks to third-party computing platforms, it inevitably brings some problems related to verifiable computation and privacy-preservation. Some current works have been conducted to address the data security and computational efficiency issues of thirdparty platforms. Yet, they are still unable to guarantee the computational integrity of the data. Furthermore, the efficiency of the existing methods can also be improved. On the other hand, zero-knowledge proofs as one of the essential cryptographic primitives, are able to convince the verifier of the correctness of a certain proposition without compromising the privacy of the prover. Based on the above background and analysis, in this thesis, we conduct research on verifiable privacy-preserving computation and its applications based on zero-knowledge proofs. The objective is to solve the integrity-proof of the outsourced computation and privacy-preserving problems. In our paper, we propose three novel zero-knowledge proof schemes for different functional designs in an in-depth manner. We also instantiate the algorithms using corresponding use-cases, which effectively alleviate the current problems of verifiable privacy computing on third-party platforms. The main contributions of this thesis are as follows: (1) We propose a lightweight zero-knowledge proof scheme for a large amount of preamble computation and difficulties in converting the arithmetic circuits in centralized cloud computing platforms. By constructing concrete gadgets for complex meta computations and designing optimization algorithms for recurring complex calculations, our protocol is able to reduce the size of the arithmetic circuits of the Rank-1 Constraint System. Furthermore, we instantiate the model deployed on the cloud platform via a machine learning pipeline inference model. We adopted the lightweight zero-knowledge proof protocol we proposed to prove the inference procedure of the deployed model efficiently. We design comprehensive experiments to evaluate our method. The experimental results show that the lightweight zero-knowledge proof protocol is able to prove computational integrity while ensuring privacy and security and outperforms the baseline method by a factor of 10 to 1e3. (2) We propose a proof of retrievability (PoR) scheme with zero-knowledge property to preserve the data privacy on the decentralized blockchain platforms. By crafting the public key triples and exerting bilinear mappings for servers, we construct a PoR scheme based on BLS signatures called zk-BLS-PoR, which realizes privacy-preserving data storage auditing in a hybrid blockchain storage system. Further, this thesis instantiates the zk-BLS-PoR scheme using a logistics traceability system and proposes to utilize the base station data to bind the virtual nodes on the blockchain with the off-chain physical entities, which effectively mitigates the problems of traceability and trustworthiness in the logistics traceability system. (3) We propose a zero-knowledge proof scheme with a fast verification protocol to alleviate the issue of the high cost and infeasibility of the verification workload. Since
the scenarios such as smart contracts in blockchain systems automatically execute fair and transparent protocol verification, there are extremely strict requirements on the workload of the verifier. In this paper, we craft the synergy of the Structural Reference Strings and Kate polynomial commitment scheme. Our verification protocols are highly customized for decentralized storage, where the complexity of on-chain verification can be completed in logarithmic time, significantly decreasing gas consumption. Furthermore, we realize fast verification for arbitrary SQL queries in the instantiated algorithm by constructing specific SQL command checks and polynomial evaluation checks for different query commands. The experimental results show that the zeroknowledge proof with a fast verification scheme proposed in this paper significantly outperforms the baseline approaches regarding proof time, verification time, and proof size. In summary, this paper focuses on the key problems of third-party computing platforms and designs three novel zero-knowledge proof protocols. Our proposed schemes are highly efficient and able to preserve privacy. The methods and instantiated algorithms can effectively solve the problems of arithmetic circuit conversion, data leakage on the hybrid blockchain, and the inefficiency of verification existing in the current third-party computing platforms. The above-designed protocols and algorithms provide some promising perspectives for the design of zero-knowledge proof protocols and verifiable privacy computation.