Privacy-preserving Blockchain-enabled Parametric Insurance via Remote Sensing and IoT

Keyang Qian; Mingyu Hao; Sid Chi-Kin Chau

arxiv: 2305.08384 · v3 · submitted 2023-05-15 · 💻 cs.CR · cs.NI

Privacy-preserving Blockchain-enabled Parametric Insurance via Remote Sensing and IoT

Mingyu Hao , Keyang Qian , Sid Chi-Kin Chau This is my paper

Pith reviewed 2026-05-24 08:59 UTC · model grok-4.3

classification 💻 cs.CR cs.NI

keywords privacy-preservingparametric insuranceblockchainzero-knowledge proofszk-SNARKsremote sensingIoTgas cost

0 comments

The pith

Zero-knowledge proofs let users submit parametric insurance claims on blockchain without revealing private remote-sensing or IoT data.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper sets out a framework in which an insurance claim based on external data sources can be checked on a public blockchain while all underlying measurements stay hidden. An insuree produces a succinct proof that both the claim conditions are met and the data sources are authentic, then posts only that proof for anyone to verify. The authors modify existing proof systems so they can accept several different kinds of sensor inputs at once and lower the cost of running the proof on Ethereum by roughly four-fifths. A working prototype for bushfire coverage demonstrates the approach on real data. The central tension addressed is how to gain the automation and transparency of blockchain insurance without exposing policyholder information that would normally be required for verification.

Core claim

We propose a privacy-preserving parametric insurance framework based on succinct zero-knowledge proofs, whereby an insuree submits a zero-knowledge proof for the validity of an insurance claim and the authenticity of its data sources to a blockchain for transparent verification. We extend recent zk-SNARKs to support robust privacy protection for multiple heterogeneous data sources and improve efficiency to cut the incurred gas cost by 80 percent.

What carries the argument

An extension of zk-SNARKs that accepts multiple heterogeneous data sources in one proof while preserving zero-knowledge privacy and lowering on-chain verification cost.

If this is right

Parametric policies for events such as bushfire can be settled automatically on-chain once the proof is posted.
Verification becomes fully public and repeatable without any party needing to trust a central data custodian.
The same proof template can be reused for other sensor-driven products once the multi-source extension is in place.
Operational overhead drops because manual claim review and data disclosure steps are replaced by a single on-chain check.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

The same pattern could be applied to other domains that combine public ledgers with private sensor streams, such as supply-chain compliance or environmental monitoring.
If the cost reduction holds across varying numbers of inputs, the technique might make blockchain-based insurance practical for lower-value policies where gas fees currently dominate.
Further work could test whether the same extension preserves soundness when data sources have different sampling rates or error characteristics.

Load-bearing premise

The extended proof system can combine several different remote-sensing and IoT inputs into a single proof that stays private and still delivers the stated gas-cost reduction on a live blockchain.

What would settle it

A deployed Ethereum transaction for a multi-source claim whose gas cost is more than 20 percent of the baseline non-extended proof, or whose published proof allows an observer to extract any original sensor value.

Figures

Figures reproduced from arXiv: 2305.08384 by Keyang Qian, Mingyu Hao, Sid Chi-Kin Chau.

**Figure 2.** Figure 2: The basic construction of Sonic zk-SNARK protocol. [PITH_FULL_IMAGE:figures/full_fig_p006_2.png] view at source ↗

**Figure 3.** Figure 3: Example satellite images from Sentinel-2B MSI Definitive ARD [PITH_FULL_IMAGE:figures/full_fig_p010_3.png] view at source ↗

**Figure 4.** Figure 4: Proving time & verification time in Table VII [PITH_FULL_IMAGE:figures/full_fig_p012_4.png] view at source ↗

read the original abstract

Traditional Insurance, a popular approach of financial risk management, has suffered from the issues of high operational costs, opaqueness, inefficiency and a lack of trust. Recently, blockchain-enabled "parametric insurance" through authorized data sources (e.g., remote sensing and IoT) aims to overcome these issues by automating the underwriting and claim processes of insurance policies on a blockchain. However, the openness of blockchain platforms raises a concern of user privacy, as the private user data in insurance claims on a blockchain may be exposed to outsiders. In this paper, we propose a privacy-preserving parametric insurance framework based on succinct zero-knowledge proofs (zk-SNARKs), whereby an insuree submits a zero-knowledge proof (without revealing any private data) for the validity of an insurance claim and the authenticity of its data sources to a blockchain for transparent verification. Moreover, we extend the recent zk-SNARKs to support robust privacy protection for multiple heterogeneous data sources and improve its efficiency to cut the incurred gas cost by 80%. As a proof-of-concept, we implemented a working prototype of bushfire parametric insurance on real-world blockchain platform Ethereum, and present extensive empirical evaluations.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

This paper delivers a working Ethereum prototype for zk-SNARK privacy in parametric insurance, with a multi-source extension and measured 80% gas reduction.

read the letter

The main thing to know is that the authors built and ran a real prototype on Ethereum for bushfire parametric insurance. Claimants submit zk-SNARK proofs that verify claim validity and data authenticity from remote sensing or IoT sources without revealing the underlying data, and the system handles multiple heterogeneous inputs while cutting gas costs by 80% compared to the baseline they cite. They report empirical evaluations that back the privacy and efficiency numbers. That combination of extension plus measured deployment is the concrete advance here, and it sits on top of prior zk-SNARK work rather than reinventing the primitives. The prototype and gas measurements give the claims some grounding that pure theory papers often lack. The soft spot is the level of detail on the circuit changes for the multi-source case. The abstract treats the extension as an improvement that preserves both zero-knowledge and the efficiency gain, but the exact modifications are not spelled out in the summary, so a referee would want the full construction and any trade-offs made explicit. No circular reasoning or hidden fitting appears in the stated results. This is the sort of applied systems paper that readers working on blockchain insurance, privacy-preserving oracles, or real deployments would find useful. It is not foundational theory, but the implementation evidence is solid enough to merit referee attention rather than a desk reject.

Referee Report

1 major / 0 minor

Summary. The manuscript proposes a privacy-preserving parametric insurance framework on blockchain using succinct zero-knowledge proofs (zk-SNARKs). An insuree submits a zk-proof attesting to claim validity and data-source authenticity (from remote sensing and IoT) without revealing private data. The work extends recent zk-SNARKs to handle multiple heterogeneous data sources while reducing gas costs by 80%. A working prototype for bushfire parametric insurance is implemented and evaluated on Ethereum.

Significance. If the results hold, the contribution is significant because it supplies a concrete, working Ethereum prototype together with empirical gas and privacy measurements that directly support the claims of privacy preservation and efficiency. The prototype and evaluations constitute reproducible evidence for the multi-source extension and the 80% gas reduction, which is a strength for an implementation-focused paper in this area.

major comments (1)

[Abstract] Abstract (paragraph on the zk-SNARK extension): the claim that the extension simultaneously supports multiple heterogeneous data sources while preserving zero-knowledge privacy and delivering an 80% gas-cost reduction is load-bearing for the central efficiency result, yet the specific circuit modifications or proof-system changes that realize this are left implicit.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for the constructive comment and the recommendation for minor revision. We address the point on the abstract below.

read point-by-point responses

Referee: [Abstract] Abstract (paragraph on the zk-SNARK extension): the claim that the extension simultaneously supports multiple heterogeneous data sources while preserving zero-knowledge privacy and delivering an 80% gas-cost reduction is load-bearing for the central efficiency result, yet the specific circuit modifications or proof-system changes that realize this are left implicit.

Authors: We agree that the abstract paragraph is high-level and does not enumerate the concrete circuit modifications. The full manuscript details these in Sections 4.2 (multi-source circuit composition via recursive aggregation of per-source sub-circuits) and 5.1 (optimized pairing-based verification with batching). To address the concern directly, we will revise the abstract to include one additional sentence briefly naming the two key changes: composite-circuit construction for heterogeneous sources and proof aggregation for gas reduction, while preserving the zero-knowledge guarantee. revision: yes

Circularity Check

0 steps flagged

No significant circularity identified

full rationale

The paper's central contribution is a privacy-preserving parametric insurance framework implemented as a working Ethereum prototype using zk-SNARKs, with empirical gas-cost measurements showing an 80% reduction. No derivation chain is presented that reduces by construction to fitted parameters, self-citations, or ansatzes; the claims rest on concrete implementation and external benchmarks rather than internal redefinition or prediction from inputs. The extension for multiple heterogeneous data sources is demonstrated via prototype rather than asserted via self-referential uniqueness theorems or renamed empirical patterns.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The paper relies on standard cryptographic assumptions for zk-SNARK security and does not introduce new fitted parameters or postulated entities; the contribution is an engineering extension and prototype.

axioms (1)

standard math zk-SNARKs satisfy completeness, soundness, and zero-knowledge properties
The privacy and verification guarantees rest on these established properties of the underlying proof system.

pith-pipeline@v0.9.0 · 5734 in / 1341 out tokens · 22055 ms · 2026-05-24T08:59:49.682540+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

69 extracted references · 69 canonical work pages

[1]

Privacy-preserving Blockchain- enabled Parametric Insurance via Remote Sensing and IoT,

M. Hao, K. Qian, and S. C.-K. Cha, “Privacy-preserving Blockchain- enabled Parametric Insurance via Remote Sensing and IoT,”IEEE Trans. Service Computing, 2026

work page 2026
[2]

Application of parametric insurance in principle-compliant and innovative ways,

X. Lin and W. J. Kwon, “Application of parametric insurance in principle-compliant and innovative ways,” Risk Management and Insur- ance Review, vol. 23, no. 2, pp. 121–150, 2020

work page 2020
[3]

Global parametrics - Mexican reef protection program

MRPP2020, “Global parametrics - Mexican reef protection program.”

work page
[4]

Blockchain-enabled parametric solar energy insurance via remote sensing,

M. Hao, K. Qian, and S. C.-K. Chau, “Blockchain-enabled parametric solar energy insurance via remote sensing,” inACM Intl. Conf. on Future Energy Systems (e-Energy) , 2023

work page 2023
[5]

Etherisc,

Etherisc, “Etherisc,” Apr 2022. [Online]. Available: https://etherisc.com

work page 2022
[6]

Usgs global visualization viewer,

U.S. Department of the Interior, “Usgs global visualization viewer,”

work page
[7]

Available: https://glovis.usgs.gov/

[Online]. Available: https://glovis.usgs.gov/

work page
[8]

Earth online,

European Space Agency, “Earth online,” 2022. [Online]. Available: https://earth.esa.int/eogateway/catalog

work page 2022
[9]

Deanonymization and linkability of cryptocurrency transactions based on network analysis,

A. Biryukov and S. Tikhomirov, “Deanonymization and linkability of cryptocurrency transactions based on network analysis,” in IEEE European symposium on security and privacy (EuroS&P) , 2019

work page 2019
[10]

Gas and fees,

Ethreum.org, “Gas and fees,” Feb 2023. [Online]. Available: https: //ethereum.org/en/developers/docs/gas/

work page 2023
[11]

Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack,

C. Rackoff and D. R. Simon, “Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack,” in Annual International Cryptology Conference, 1991, pp. 433–444

work page 1991
[12]

Sonic: Zero- knowledge snarks from linear-size universal and updatable structured reference strings,

M. Maller, S. Bowe, M. Kohlweiss, and S. Meiklejohn, “Sonic: Zero- knowledge snarks from linear-size universal and updatable structured reference strings,” in Proc. the ACM SIGSAC Conf. Computer and Communications Security (CCS) , 2019, pp. 2111–2128

work page 2019
[13]

Munich re Blockchain initiative B3i gains truly international scope,

B3i, “Munich re Blockchain initiative B3i gains truly international scope,” Feb 2017

work page 2017
[14]

Toward privacy-assured health insurance claims,

X. He, S. Alqahtani, and R. Gamble, “Toward privacy-assured health insurance claims,” in Intl. Conf. on Internet of Things , 2018, pp. 1634– 1641

work page 2018
[15]

Practical verified com- putation with streaming interactive proofs,

G. Cormode, M. Mitzenmacher, and J. Thaler, “Practical verified com- putation with streaming interactive proofs,” in Proc. Innovations in Theoretical Computer Science Conference , 2012, pp. 90–112

work page 2012
[16]

Verifiable computa- tion using multiple provers,

A. J. Blumberg, J. Thaler, V . Vu, and M. Walfish, “Verifiable computa- tion using multiple provers,” Cryptology ePrint Archive , 2014

work page 2014
[17]

Flashproofs: Efficient zero-knowledge arguments of range and polynomial evaluation with transparent setup,

N. Wang and S. C.-K. Chau, “Flashproofs: Efficient zero-knowledge arguments of range and polynomial evaluation with transparent setup,” in IACR AsiaCrypt , 2022. [Online]. Available: https://eprint.iacr.org/ 2022/1251

work page 2022
[18]

Proofs, arguments, and zero-knowledge,

J. Thaler, “Proofs, arguments, and zero-knowledge,” 2022

work page 2022
[19]

Pinocchio: Nearly practical verifiable computation,

B. Parno, J. Howell, C. Gentry, and M. Raykova, “Pinocchio: Nearly practical verifiable computation,” Communications of the ACM , vol. 59, no. 2, pp. 103–112, 2016

work page 2016
[20]

Plonk: Permutations over lagrange-bases for oecumenical noninteractive arguments of knowl- edge,

A. Gabizon, Z. J. Williamson, and O. Ciobotaru, “Plonk: Permutations over lagrange-bases for oecumenical noninteractive arguments of knowl- edge,” Cryptology ePrint Archive , 2019

work page 2019
[21]

Fast reed- solomon interactive oracle proofs of proximity,

E. Ben-Sasson, I. Bentov, Y . Horesh, and M. Riabzev, “Fast reed- solomon interactive oracle proofs of proximity,” in International Col- loquium on Automata, Languages, and Programming (ICALP) , 2018

work page 2018
[22]

Efficient polynomial commitment schemes for multiple points and polynomials,

D. Boneh, J. Drake, B. Fisch, and A. Gabizon, “Efficient polynomial commitment schemes for multiple points and polynomials,” Cryptology ePrint Archive, 2021

work page 2021
[23]

On the size of pairing-based non-interactive arguments,

J. Groth, “On the size of pairing-based non-interactive arguments,” in Annual Intl. Conf. on Theory and Applications of Cryptographic Techniques, 2016, pp. 305–326

work page 2016
[24]

Marlin: preprocessing zksnarks with universal and updatable srs,

A. Chiesa, Y . Hu, M. Maller, P. Mishra, N. Vesely, and N. Ward, “Marlin: preprocessing zksnarks with universal and updatable srs,” in Annual Intl. Conf. on the Theory and Applications of Cryptographic Techniques, 2020, pp. 738–768

work page 2020
[25]

Transparent snarks from dark compilers,

B. B ¨unz, B. Fisch, and A. Szepieniec, “Transparent snarks from dark compilers,” inAdvances in Cryptology–EUROCRYPT 2020: 39th Annual Intl. Conf. on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, May 10–14, 2020, Proceedings, Part I 39 . Springer, 2020, pp. 677–706

work page 2020
[26]

Scalable, trans- parent, and post-quantum secure computational integrity,

E. Ben-Sasson, I. Bentov, Y . Horesh, and M. Riabzev, “Scalable, trans- parent, and post-quantum secure computational integrity,” Cryptology ePrint Archive, 2018

work page 2018
[27]

Dory: Efficient, transparent arguments for generalised inner products and polynomial commitments,

J. Lee, “Dory: Efficient, transparent arguments for generalised inner products and polynomial commitments,” in Intl. Conf. on Theory of Cryptography, 2021, pp. 1–34

work page 2021
[28]

W. J. Buchanan, Cryptography. River Publishers, 2017

work page 2017
[29]

Constant-size commitments to polynomials and their applications,

A. Kate, G. M. Zaverucha, and I. Goldberg, “Constant-size commitments to polynomials and their applications,” in Intl. Conf. on Theory and application of Cryptology and Information Security , 2010, pp. 177–194

work page 2010
[30]

EIP-4844,

Ethereum Community, “EIP-4844,” 2022. [Online]. Available: https: //www.eip4844.com/

work page 2022
[31]

zk-snarks: A gentle introduction,

A. Nitulescu, “zk-snarks: A gentle introduction,” Tech. Rep., 2019

work page 2019
[32]

Efficient zero- knowledge arguments for arithmetic circuits in the discrete log setting,

J. Bootle, A. Cerulli, P. Chaidos, J. Groth, and C. Petit, “Efficient zero- knowledge arguments for arithmetic circuits in the discrete log setting,” in Annual Intl. Conf. on Theory and Applications of Cryptographic Techniques, 2016, pp. 327–357

work page 2016
[33]

Numerical investigation of bushfire-wind interaction and its impact on building structure,

Y . He, K. C. Kwok, G. Douglas, and I. Razali, “Numerical investigation of bushfire-wind interaction and its impact on building structure,” Fire Saf. Sci, vol. 10, pp. 1449–1462, 2011

work page 2011
[34]

Fire intensity, fire severity and burn severity: a brief review and suggested usage,

J. E. Keeley, “Fire intensity, fire severity and burn severity: a brief review and suggested usage,” International J. wildland fire , vol. 18, no. 1, pp. 116–126, 2009

work page 2009
[35]

Climatic stress increases forest fire severity across the western u nited s tates,

P. J. van Mantgem, J. C. Nesmith, M. Keifer, E. E. Knapp, A. Flint, and L. Flint, “Climatic stress increases forest fire severity across the western u nited s tates,” Ecology letters, vol. 16, no. 9, pp. 1151–1156, 2013

work page 2013
[36]

Digital earth australia notebooks and tools repository,

C. Krause, B. Dunn, and R. Bishop-Taylor, “Digital earth australia notebooks and tools repository,” 2021. [Online]. Available: http: //pid.geoscience.gov.au/dataset/ga/145234

work page 2021
[37]

Dannen, Introducing Ethereum and solidity

C. Dannen, Introducing Ethereum and solidity . Springer, 2017, vol. 1

work page 2017
[38]

Goerli ETH – What is the Goerli Testnet?

Moralis, “Goerli ETH – What is the Goerli Testnet?” Feb 2022. [Online]. Available: https://moralis.io/goerli-eth-what-is-the-goerli-testnet/

work page 2022
[39]

Ethereum price,

CryptoCompare, “Ethereum price,” Feb 2023. [Online]. Available: https://ycharts.com/indicators/ethereum price

work page 2023
[40]

EIP-197: Precompiled contracts for optimal pairing check on the elliptic curve alt bn128,

Ethereum Community, “EIP-197: Precompiled contracts for optimal pairing check on the elliptic curve alt bn128,” 2022. [Online]. Available: https://eips.ethereum.org/EIPS/eip-197

work page 2022
[41]

Cloud-based privacy- preserving collaborative consumption for sharing economy,

L. Lyu, S. C.-K. Chau, N. Wang, and Y . Zheng, “Cloud-based privacy- preserving collaborative consumption for sharing economy,”IEEE Trans. Cloud Computing, vol. 10, no. 3, pp. 1647–1660, 2022

work page 2022
[42]

Blockchain-enabled decentralized privacy- preserving group purchasing for retail energy plans,

S. C.-K. Chau and Y . Zhou, “Blockchain-enabled decentralized privacy- preserving group purchasing for retail energy plans,” in Proc. ACM Intl. Conf. on Future Energy Systems (e-Energy) , 2022, pp. 172–187

work page 2022
[43]

Sharing economy meets energy markets: Group purchasing of energy plans in retail energy markets,

Y . Zhou and S. C.-K. Chau, “Sharing economy meets energy markets: Group purchasing of energy plans in retail energy markets,” in ACM Intl. Conf. on Systems for Energy-Efficient Built Environments (BuildSys) , 2021

work page 2021
[44]

Privacy-preserving energy storage sharing with blockchain,

N. Wang, S. C.-K. Chau, and Y . Zhou, “Privacy-preserving energy storage sharing with blockchain,” in Proc. ACM Intl. Conf. on Future Energy Systems (e-Energy) , 2021, pp. 185–198

work page 2021
[45]

Privacy-preserving energy storage sharing with blockchain and secure multi-party computation,

——, “Privacy-preserving energy storage sharing with blockchain and secure multi-party computation,” ACM SIGEnergy Energy Informatics Review, vol. 1, no. 1, pp. 32–50, 2021

work page 2021
[46]

Integrating IoT-sensing and crowdsensing with privacy: Privacy-preserving hybrid sensing for smart cities,

H. Zhu, S. C.-K. Chau, G. Guarddin, and W. Liang, “Integrating IoT-sensing and crowdsensing with privacy: Privacy-preserving hybrid sensing for smart cities,” ACM Trans. Internet-of-Things , vol. 3, no. 4, Sep 2022

work page 2022
[47]

The algebraic group model and its applications,

G. Fuchsbauer, E. Kiltz, and J. Loss, “The algebraic group model and its applications,” in Annual International Cryptology Conference , 2018, pp. 33–62

work page 2018
[48]

How to prove yourself: Practical solutions to identification and signature problems,

A. Fiat and A. Shamir, “How to prove yourself: Practical solutions to identification and signature problems,” in Advances in Cryptology — CRYPTO’ 86, A. M. Odlyzko, Ed. Berlin, Heidelberg: Springer Berlin Heidelberg, 1987, pp. 186–194. 13 APPENDIX A. Restricted KZG Polynomial Commitment We present a restricted version of KZG polynomial commit- ment scheme...

work page 1987
[49]

The verifier generates a random challenge β $← −Fp

work page
[50]

The verifier receives π1 from the prover

work page
[51]

The verifier generates a random challenge µ $← −Fp

work page
[52]

The verifier receives π2 from the prover

work page
[53]

Let wµ[X] ≜ ℓµ[X] (X−µ)

The verifier checks the following pairing equation: e⟨π2, hαx⟩ ?= e D Θ[µ], h E · e D Φ′[µ], hα E (6) where Ψi[µ] ≜ βi−1 · ZS\Si[µ], Θ[µ] ≜ KY i=1 F Ψi[µ] i , Φ′[µ] ≜ πµ 2 πZS[µ] 1 KY i=1 g−γi[µ]·Ψi[µ] 14 Given a random challenge µ $ ← −Fp from the verifier, define: ˆfµ[X] ≜ KX i=1 βi−1 · ZS\S i[µ] · (fi[X] − γi[µ]) ℓµ[X] ≜ ˆfµ[X] − ˆf[X] It is evident to...

work page
[54]

Given srs ← SetuprKZGb(λ, α, x), A outputs a set of commitments (Fi)K i=1, such that each Fi =QN t=1 srsat,i t

work page
[55]

Extractor EA, given access to A’s internal states, extract polynomials (fi[X])K i=1

work page
[56]

A provides (Si)K i=1, {γi[X]}K i=1

work page
[57]

The verifier generates a random challenge β $ ← −Fp

work page
[58]

The verifier generates a random challenge µ $ ← −Fp

work page
[59]

real pairing check

A wins if proof (π1, π2) passes BatchVerifyrKZGb, but there exists j ∈ {1, ..., K}, z ∈ S j, such that fj[z] ̸= γj[z]. We follow a similar argument in [19]. Let us assume that such a winning A exists. Note that fj[z] ̸= γj[z] is equivalent to (fj[X] − γj[X]) being indivisible by ZSj[X]. Since EA has access to A’s internal states, when A ouputs Fi =Qd i=−d...

work page
[60]

Setup: // Only store necessary srs elements on chain // or store SRS by an oracle and retrieve from it when needed srs ← SetuprKZGb(λ), srsj ← SetuprKZGb(λ)

work page
[61]

Dataj ⇒ Prover: (Dj , γDj ) ← CommitrKZGb(srsj , dj[X]), σ j ← Sign(skj , Dj)

work page
[62]

Verifier ⇒ Prover: y $← −Fp, β $← −Fp // (Fiat-Shamir): y ← Hash(D1|, ..., |DJ), β ← Hash′(D1|, ..., |DJ)

work page
[63]

Prover ⇒ Verifier: //SX , ˆk, ˆs, ˆs1, ˆs2 computing is outsourced to prover: (Dj , γDj , σj)J j=1 (SY , γSy ) ← CommitrKZGb(srs, ˆs[1, Y ]) (K, γK) ← CommitrKZGb(srs, ˆk[Y ]) (R, γR) ← CommitrKZGb(srs, r[X, 1]) (S, γS) ← CommitrKZGb(srs, t[X, y]) ( ˜R, γ ˜R) ← CommitrKZGb(srs, ˜r[X, 1]) (SX , γsx) ← CommitrKZGb(srs, ˆs[X, y])

work page
[64]

Verifier ⇒ Prover: z $← −Fp // (Fiat-Shamir): z ← Hash(D1|, ..., |DJ |SY |K|R|S| ˜R|SX)

work page
[65]

Prover ⇒ Verifier: (π1, π2) ← BatchOpenrKZGb srs, {fi[X]}K i=1 = n {dj[X]}J j=1, ˜r[X, 1], r[X, 1], t[X, y], ˆk[Y ], ˆs[X, y], ˆs[1, Y ] o , {γi[X]}K i=1 = n {γDj }J j=1, γ ˜R, γR, γS , γK , γsx , γSy o r1 ← r[z, 1], t ← t[z, y], ˜r ← ˜r[z, 1], r2 ← r[zy, 1], dj ← dj[z], ∀j ˆs ← ˆs[z, y], k ← ˆk[y], ˆs1 ← ˆs[1, y], ˆs2 ← ˆs[1, y]

work page
[66]

Row 5n + 1 to row 6n verifies i is binary and row 6n + 1 to 6n + (n + 2)k verifies e, θd, G are a non-negative

Verifier checks: VJ j=1 VerifySign(pkj , Dj , σj) ∧VJ j=1 Verify(srsj , Dj , z, dj , πdj )∧ r1 ?= ˜r +PJ j=1 dj zN+PJ−1 j=1 mj ∧ t ?= r1(r2 + ˆs) − k ∧ (ˆs1 ?= ˆs2)∧ BatchVerifyrKZGb srs, F K i = {Dj }J j=1, ˜R, R, S, K, SX , SY , SK i = {z}, {z}, {z, zy}, {z}, {y}, {z, 1}, {y} , {γi[X]}K i=1 = [VJ j=1 γDj , γ ˜R, γR, γS , γK , γsx , γSy ], (π1, π2) which...

work page
[67]

Completeness Assume the restricted KZG is used as the commitment scheme. Given public input λ, ˆs[X, Y ], ˆk[Y ], (pkj)J j=1, and public data from J data sources dj[X] (each of length mj), The honest prover inputs r[X, Y ] and follows the protocol from step 1 to 7 correctly. As a result, the prover generates 6+ J commit- ments SY , K, R, ˜R, T, SX, and Dj...

work page
[68]

It chooses random vectors a, b from Fp of length n and sets c = a · b

Perfects Honest-Verifier Zero Knowledge Assume an arbitrary polynomial-time simulator Sim who can access all the public input of the protocol and the SRS strings from the J data providers. It chooses random vectors a, b from Fp of length n and sets c = a · b. It then chooses J random vectors d1, ..., dJ, of length mj for j ∈ 1, ..., J. Then the simulator ...

work page
[69]

We made two modifications to orig- inal Sonic: (1) new batch verification of the restricted KZG and (2) validation of input sources

Knowledge Soundness: We argue the knowledge sound- ness of the original Sonic protocol is preserved in the enhanced protocol. We made two modifications to orig- inal Sonic: (1) new batch verification of the restricted KZG and (2) validation of input sources. First, we have proved the knowledge soundness of the new batch verification of restricted KZG in T...

work page

[1] [1]

Privacy-preserving Blockchain- enabled Parametric Insurance via Remote Sensing and IoT,

M. Hao, K. Qian, and S. C.-K. Cha, “Privacy-preserving Blockchain- enabled Parametric Insurance via Remote Sensing and IoT,”IEEE Trans. Service Computing, 2026

work page 2026

[2] [2]

Application of parametric insurance in principle-compliant and innovative ways,

X. Lin and W. J. Kwon, “Application of parametric insurance in principle-compliant and innovative ways,” Risk Management and Insur- ance Review, vol. 23, no. 2, pp. 121–150, 2020

work page 2020

[3] [3]

Global parametrics - Mexican reef protection program

MRPP2020, “Global parametrics - Mexican reef protection program.”

work page

[4] [4]

Blockchain-enabled parametric solar energy insurance via remote sensing,

M. Hao, K. Qian, and S. C.-K. Chau, “Blockchain-enabled parametric solar energy insurance via remote sensing,” inACM Intl. Conf. on Future Energy Systems (e-Energy) , 2023

work page 2023

[5] [5]

Etherisc,

Etherisc, “Etherisc,” Apr 2022. [Online]. Available: https://etherisc.com

work page 2022

[6] [6]

Usgs global visualization viewer,

U.S. Department of the Interior, “Usgs global visualization viewer,”

work page

[7] [7]

Available: https://glovis.usgs.gov/

[Online]. Available: https://glovis.usgs.gov/

work page

[8] [8]

Earth online,

European Space Agency, “Earth online,” 2022. [Online]. Available: https://earth.esa.int/eogateway/catalog

work page 2022

[9] [9]

Deanonymization and linkability of cryptocurrency transactions based on network analysis,

A. Biryukov and S. Tikhomirov, “Deanonymization and linkability of cryptocurrency transactions based on network analysis,” in IEEE European symposium on security and privacy (EuroS&P) , 2019

work page 2019

[10] [10]

Gas and fees,

Ethreum.org, “Gas and fees,” Feb 2023. [Online]. Available: https: //ethereum.org/en/developers/docs/gas/

work page 2023

[11] [11]

Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack,

C. Rackoff and D. R. Simon, “Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack,” in Annual International Cryptology Conference, 1991, pp. 433–444

work page 1991

[12] [12]

Sonic: Zero- knowledge snarks from linear-size universal and updatable structured reference strings,

M. Maller, S. Bowe, M. Kohlweiss, and S. Meiklejohn, “Sonic: Zero- knowledge snarks from linear-size universal and updatable structured reference strings,” in Proc. the ACM SIGSAC Conf. Computer and Communications Security (CCS) , 2019, pp. 2111–2128

work page 2019

[13] [13]

Munich re Blockchain initiative B3i gains truly international scope,

B3i, “Munich re Blockchain initiative B3i gains truly international scope,” Feb 2017

work page 2017

[14] [14]

Toward privacy-assured health insurance claims,

X. He, S. Alqahtani, and R. Gamble, “Toward privacy-assured health insurance claims,” in Intl. Conf. on Internet of Things , 2018, pp. 1634– 1641

work page 2018

[15] [15]

Practical verified com- putation with streaming interactive proofs,

G. Cormode, M. Mitzenmacher, and J. Thaler, “Practical verified com- putation with streaming interactive proofs,” in Proc. Innovations in Theoretical Computer Science Conference , 2012, pp. 90–112

work page 2012

[16] [16]

Verifiable computa- tion using multiple provers,

A. J. Blumberg, J. Thaler, V . Vu, and M. Walfish, “Verifiable computa- tion using multiple provers,” Cryptology ePrint Archive , 2014

work page 2014

[17] [17]

Flashproofs: Efficient zero-knowledge arguments of range and polynomial evaluation with transparent setup,

N. Wang and S. C.-K. Chau, “Flashproofs: Efficient zero-knowledge arguments of range and polynomial evaluation with transparent setup,” in IACR AsiaCrypt , 2022. [Online]. Available: https://eprint.iacr.org/ 2022/1251

work page 2022

[18] [18]

Proofs, arguments, and zero-knowledge,

J. Thaler, “Proofs, arguments, and zero-knowledge,” 2022

work page 2022

[19] [19]

Pinocchio: Nearly practical verifiable computation,

B. Parno, J. Howell, C. Gentry, and M. Raykova, “Pinocchio: Nearly practical verifiable computation,” Communications of the ACM , vol. 59, no. 2, pp. 103–112, 2016

work page 2016

[20] [20]

Plonk: Permutations over lagrange-bases for oecumenical noninteractive arguments of knowl- edge,

A. Gabizon, Z. J. Williamson, and O. Ciobotaru, “Plonk: Permutations over lagrange-bases for oecumenical noninteractive arguments of knowl- edge,” Cryptology ePrint Archive , 2019

work page 2019

[21] [21]

Fast reed- solomon interactive oracle proofs of proximity,

E. Ben-Sasson, I. Bentov, Y . Horesh, and M. Riabzev, “Fast reed- solomon interactive oracle proofs of proximity,” in International Col- loquium on Automata, Languages, and Programming (ICALP) , 2018

work page 2018

[22] [22]

Efficient polynomial commitment schemes for multiple points and polynomials,

D. Boneh, J. Drake, B. Fisch, and A. Gabizon, “Efficient polynomial commitment schemes for multiple points and polynomials,” Cryptology ePrint Archive, 2021

work page 2021

[23] [23]

On the size of pairing-based non-interactive arguments,

J. Groth, “On the size of pairing-based non-interactive arguments,” in Annual Intl. Conf. on Theory and Applications of Cryptographic Techniques, 2016, pp. 305–326

work page 2016

[24] [24]

Marlin: preprocessing zksnarks with universal and updatable srs,

A. Chiesa, Y . Hu, M. Maller, P. Mishra, N. Vesely, and N. Ward, “Marlin: preprocessing zksnarks with universal and updatable srs,” in Annual Intl. Conf. on the Theory and Applications of Cryptographic Techniques, 2020, pp. 738–768

work page 2020

[25] [25]

Transparent snarks from dark compilers,

B. B ¨unz, B. Fisch, and A. Szepieniec, “Transparent snarks from dark compilers,” inAdvances in Cryptology–EUROCRYPT 2020: 39th Annual Intl. Conf. on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, May 10–14, 2020, Proceedings, Part I 39 . Springer, 2020, pp. 677–706

work page 2020

[26] [26]

Scalable, trans- parent, and post-quantum secure computational integrity,

E. Ben-Sasson, I. Bentov, Y . Horesh, and M. Riabzev, “Scalable, trans- parent, and post-quantum secure computational integrity,” Cryptology ePrint Archive, 2018

work page 2018

[27] [27]

Dory: Efficient, transparent arguments for generalised inner products and polynomial commitments,

J. Lee, “Dory: Efficient, transparent arguments for generalised inner products and polynomial commitments,” in Intl. Conf. on Theory of Cryptography, 2021, pp. 1–34

work page 2021

[28] [28]

W. J. Buchanan, Cryptography. River Publishers, 2017

work page 2017

[29] [29]

Constant-size commitments to polynomials and their applications,

A. Kate, G. M. Zaverucha, and I. Goldberg, “Constant-size commitments to polynomials and their applications,” in Intl. Conf. on Theory and application of Cryptology and Information Security , 2010, pp. 177–194

work page 2010

[30] [30]

EIP-4844,

Ethereum Community, “EIP-4844,” 2022. [Online]. Available: https: //www.eip4844.com/

work page 2022

[31] [31]

zk-snarks: A gentle introduction,

A. Nitulescu, “zk-snarks: A gentle introduction,” Tech. Rep., 2019

work page 2019

[32] [32]

Efficient zero- knowledge arguments for arithmetic circuits in the discrete log setting,

J. Bootle, A. Cerulli, P. Chaidos, J. Groth, and C. Petit, “Efficient zero- knowledge arguments for arithmetic circuits in the discrete log setting,” in Annual Intl. Conf. on Theory and Applications of Cryptographic Techniques, 2016, pp. 327–357

work page 2016

[33] [33]

Numerical investigation of bushfire-wind interaction and its impact on building structure,

Y . He, K. C. Kwok, G. Douglas, and I. Razali, “Numerical investigation of bushfire-wind interaction and its impact on building structure,” Fire Saf. Sci, vol. 10, pp. 1449–1462, 2011

work page 2011

[34] [34]

Fire intensity, fire severity and burn severity: a brief review and suggested usage,

J. E. Keeley, “Fire intensity, fire severity and burn severity: a brief review and suggested usage,” International J. wildland fire , vol. 18, no. 1, pp. 116–126, 2009

work page 2009

[35] [35]

Climatic stress increases forest fire severity across the western u nited s tates,

P. J. van Mantgem, J. C. Nesmith, M. Keifer, E. E. Knapp, A. Flint, and L. Flint, “Climatic stress increases forest fire severity across the western u nited s tates,” Ecology letters, vol. 16, no. 9, pp. 1151–1156, 2013

work page 2013

[36] [36]

Digital earth australia notebooks and tools repository,

C. Krause, B. Dunn, and R. Bishop-Taylor, “Digital earth australia notebooks and tools repository,” 2021. [Online]. Available: http: //pid.geoscience.gov.au/dataset/ga/145234

work page 2021

[37] [37]

Dannen, Introducing Ethereum and solidity

C. Dannen, Introducing Ethereum and solidity . Springer, 2017, vol. 1

work page 2017

[38] [38]

Goerli ETH – What is the Goerli Testnet?

Moralis, “Goerli ETH – What is the Goerli Testnet?” Feb 2022. [Online]. Available: https://moralis.io/goerli-eth-what-is-the-goerli-testnet/

work page 2022

[39] [39]

Ethereum price,

CryptoCompare, “Ethereum price,” Feb 2023. [Online]. Available: https://ycharts.com/indicators/ethereum price

work page 2023

[40] [40]

EIP-197: Precompiled contracts for optimal pairing check on the elliptic curve alt bn128,

Ethereum Community, “EIP-197: Precompiled contracts for optimal pairing check on the elliptic curve alt bn128,” 2022. [Online]. Available: https://eips.ethereum.org/EIPS/eip-197

work page 2022

[41] [41]

Cloud-based privacy- preserving collaborative consumption for sharing economy,

L. Lyu, S. C.-K. Chau, N. Wang, and Y . Zheng, “Cloud-based privacy- preserving collaborative consumption for sharing economy,”IEEE Trans. Cloud Computing, vol. 10, no. 3, pp. 1647–1660, 2022

work page 2022

[42] [42]

Blockchain-enabled decentralized privacy- preserving group purchasing for retail energy plans,

S. C.-K. Chau and Y . Zhou, “Blockchain-enabled decentralized privacy- preserving group purchasing for retail energy plans,” in Proc. ACM Intl. Conf. on Future Energy Systems (e-Energy) , 2022, pp. 172–187

work page 2022

[43] [43]

Sharing economy meets energy markets: Group purchasing of energy plans in retail energy markets,

Y . Zhou and S. C.-K. Chau, “Sharing economy meets energy markets: Group purchasing of energy plans in retail energy markets,” in ACM Intl. Conf. on Systems for Energy-Efficient Built Environments (BuildSys) , 2021

work page 2021

[44] [44]

Privacy-preserving energy storage sharing with blockchain,

N. Wang, S. C.-K. Chau, and Y . Zhou, “Privacy-preserving energy storage sharing with blockchain,” in Proc. ACM Intl. Conf. on Future Energy Systems (e-Energy) , 2021, pp. 185–198

work page 2021

[45] [45]

Privacy-preserving energy storage sharing with blockchain and secure multi-party computation,

——, “Privacy-preserving energy storage sharing with blockchain and secure multi-party computation,” ACM SIGEnergy Energy Informatics Review, vol. 1, no. 1, pp. 32–50, 2021

work page 2021

[46] [46]

Integrating IoT-sensing and crowdsensing with privacy: Privacy-preserving hybrid sensing for smart cities,

H. Zhu, S. C.-K. Chau, G. Guarddin, and W. Liang, “Integrating IoT-sensing and crowdsensing with privacy: Privacy-preserving hybrid sensing for smart cities,” ACM Trans. Internet-of-Things , vol. 3, no. 4, Sep 2022

work page 2022

[47] [47]

The algebraic group model and its applications,

G. Fuchsbauer, E. Kiltz, and J. Loss, “The algebraic group model and its applications,” in Annual International Cryptology Conference , 2018, pp. 33–62

work page 2018

[48] [48]

How to prove yourself: Practical solutions to identification and signature problems,

A. Fiat and A. Shamir, “How to prove yourself: Practical solutions to identification and signature problems,” in Advances in Cryptology — CRYPTO’ 86, A. M. Odlyzko, Ed. Berlin, Heidelberg: Springer Berlin Heidelberg, 1987, pp. 186–194. 13 APPENDIX A. Restricted KZG Polynomial Commitment We present a restricted version of KZG polynomial commit- ment scheme...

work page 1987

[49] [49]

The verifier generates a random challenge β $← −Fp

work page

[50] [50]

The verifier receives π1 from the prover

work page

[51] [51]

The verifier generates a random challenge µ $← −Fp

work page

[52] [52]

The verifier receives π2 from the prover

work page

[53] [53]

Let wµ[X] ≜ ℓµ[X] (X−µ)

The verifier checks the following pairing equation: e⟨π2, hαx⟩ ?= e D Θ[µ], h E · e D Φ′[µ], hα E (6) where Ψi[µ] ≜ βi−1 · ZS\Si[µ], Θ[µ] ≜ KY i=1 F Ψi[µ] i , Φ′[µ] ≜ πµ 2 πZS[µ] 1 KY i=1 g−γi[µ]·Ψi[µ] 14 Given a random challenge µ $ ← −Fp from the verifier, define: ˆfµ[X] ≜ KX i=1 βi−1 · ZS\S i[µ] · (fi[X] − γi[µ]) ℓµ[X] ≜ ˆfµ[X] − ˆf[X] It is evident to...

work page

[54] [54]

Given srs ← SetuprKZGb(λ, α, x), A outputs a set of commitments (Fi)K i=1, such that each Fi =QN t=1 srsat,i t

work page

[55] [55]

Extractor EA, given access to A’s internal states, extract polynomials (fi[X])K i=1

work page

[56] [56]

A provides (Si)K i=1, {γi[X]}K i=1

work page

[57] [57]

The verifier generates a random challenge β $ ← −Fp

work page

[58] [58]

The verifier generates a random challenge µ $ ← −Fp

work page

[59] [59]

real pairing check

A wins if proof (π1, π2) passes BatchVerifyrKZGb, but there exists j ∈ {1, ..., K}, z ∈ S j, such that fj[z] ̸= γj[z]. We follow a similar argument in [19]. Let us assume that such a winning A exists. Note that fj[z] ̸= γj[z] is equivalent to (fj[X] − γj[X]) being indivisible by ZSj[X]. Since EA has access to A’s internal states, when A ouputs Fi =Qd i=−d...

work page

[60] [60]

Setup: // Only store necessary srs elements on chain // or store SRS by an oracle and retrieve from it when needed srs ← SetuprKZGb(λ), srsj ← SetuprKZGb(λ)

work page

[61] [61]

Dataj ⇒ Prover: (Dj , γDj ) ← CommitrKZGb(srsj , dj[X]), σ j ← Sign(skj , Dj)

work page

[62] [62]

Verifier ⇒ Prover: y $← −Fp, β $← −Fp // (Fiat-Shamir): y ← Hash(D1|, ..., |DJ), β ← Hash′(D1|, ..., |DJ)

work page

[63] [63]

Prover ⇒ Verifier: //SX , ˆk, ˆs, ˆs1, ˆs2 computing is outsourced to prover: (Dj , γDj , σj)J j=1 (SY , γSy ) ← CommitrKZGb(srs, ˆs[1, Y ]) (K, γK) ← CommitrKZGb(srs, ˆk[Y ]) (R, γR) ← CommitrKZGb(srs, r[X, 1]) (S, γS) ← CommitrKZGb(srs, t[X, y]) ( ˜R, γ ˜R) ← CommitrKZGb(srs, ˜r[X, 1]) (SX , γsx) ← CommitrKZGb(srs, ˆs[X, y])

work page

[64] [64]

Verifier ⇒ Prover: z $← −Fp // (Fiat-Shamir): z ← Hash(D1|, ..., |DJ |SY |K|R|S| ˜R|SX)

work page

[65] [65]

Prover ⇒ Verifier: (π1, π2) ← BatchOpenrKZGb srs, {fi[X]}K i=1 = n {dj[X]}J j=1, ˜r[X, 1], r[X, 1], t[X, y], ˆk[Y ], ˆs[X, y], ˆs[1, Y ] o , {γi[X]}K i=1 = n {γDj }J j=1, γ ˜R, γR, γS , γK , γsx , γSy o r1 ← r[z, 1], t ← t[z, y], ˜r ← ˜r[z, 1], r2 ← r[zy, 1], dj ← dj[z], ∀j ˆs ← ˆs[z, y], k ← ˆk[y], ˆs1 ← ˆs[1, y], ˆs2 ← ˆs[1, y]

work page

[66] [66]

Row 5n + 1 to row 6n verifies i is binary and row 6n + 1 to 6n + (n + 2)k verifies e, θd, G are a non-negative

Verifier checks: VJ j=1 VerifySign(pkj , Dj , σj) ∧VJ j=1 Verify(srsj , Dj , z, dj , πdj )∧ r1 ?= ˜r +PJ j=1 dj zN+PJ−1 j=1 mj ∧ t ?= r1(r2 + ˆs) − k ∧ (ˆs1 ?= ˆs2)∧ BatchVerifyrKZGb srs, F K i = {Dj }J j=1, ˜R, R, S, K, SX , SY , SK i = {z}, {z}, {z, zy}, {z}, {y}, {z, 1}, {y} , {γi[X]}K i=1 = [VJ j=1 γDj , γ ˜R, γR, γS , γK , γsx , γSy ], (π1, π2) which...

work page

[67] [67]

Completeness Assume the restricted KZG is used as the commitment scheme. Given public input λ, ˆs[X, Y ], ˆk[Y ], (pkj)J j=1, and public data from J data sources dj[X] (each of length mj), The honest prover inputs r[X, Y ] and follows the protocol from step 1 to 7 correctly. As a result, the prover generates 6+ J commit- ments SY , K, R, ˜R, T, SX, and Dj...

work page

[68] [68]

It chooses random vectors a, b from Fp of length n and sets c = a · b

Perfects Honest-Verifier Zero Knowledge Assume an arbitrary polynomial-time simulator Sim who can access all the public input of the protocol and the SRS strings from the J data providers. It chooses random vectors a, b from Fp of length n and sets c = a · b. It then chooses J random vectors d1, ..., dJ, of length mj for j ∈ 1, ..., J. Then the simulator ...

work page

[69] [69]

We made two modifications to orig- inal Sonic: (1) new batch verification of the restricted KZG and (2) validation of input sources

Knowledge Soundness: We argue the knowledge sound- ness of the original Sonic protocol is preserved in the enhanced protocol. We made two modifications to orig- inal Sonic: (1) new batch verification of the restricted KZG and (2) validation of input sources. First, we have proved the knowledge soundness of the new batch verification of restricted KZG in T...

work page