Skip to content

Ginger-lib is a general purpose zk-SNARK library that supports recursive proof composition

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT
Notifications You must be signed in to change notification settings

HorizenOfficial/ginger-lib

 
 

Repository files navigation

ginger-lib: a RUST library for recursive SNARKs using Darlin

Ginger-lib (in Italian zen-zero) is a high-performance library for building succinct zero-knowledge arguments by means of the Darlin protocol suite. The core piece of the protocol suite is the Darlin argument system, a recursion-friendly variant of the Marlin zk-SNARK for rank-1 constraint systems (R1CS). Darlin relies on the dlog polynomial commitment scheme and uses an aggregation technique similar to Halo for amortizing the computational costs of both prover and verifier over time. The scheme requires no trusted setup and allows ordinary sized elliptic curves. See our reference paper HGB for details.

The library is based on a fork from arkworks, and is adapted to the specific needs of the Darlin protocol suite.

Overview

The full protocol suite comes with a variety of proof systems to support a wide range of applications. These are

  • Coboundary Marlin for simple non-recursive proofs,
  • Darlin for recursion, including a standard set of circuits for proof composition,
  • Rainbow Marlin, yet another Marlin variant, which transforms Darlin proofs into ordinary Coboundary Marlin proofs.

A detailed specification of Coboundary Marlin and Darlin, including security proofs are given in HGB. In short, Coboundary Marlin is an optimization of Marlin. It uses a simpler "sumcheck" argument, and applies a different matrix arithmetization based on the normalized Lagrange kernel. Darlin is Coboundary Marlin turned into a recursive argument (or, accumulator SNARK) which aggregates both the dlog hard parts as well as Marlin's inner sumchecks over "time". Inner sumcheck aggregation is done across circuits, and a Darlin proof includes an inner sumcheck aggregator (or, Rainbow Accumulator) which supports a given pre-defined family of circuits.

Rainbow Marlin is used to verify a previous Darlin proof by running a cross-circuit inner sumcheck argument for its Rainbow Accumulator, overall transforming Darlin proofs into simple Marlin proofs.

The library comes with a collection of circuits, manually optimized for a lower R1CS density whenever needed.

Directory structure

The high-level structure of the repository is as follows:

  • algebra: implements the mathematical base components: large integers, finite fields, elliptic curves, and fast Fourier transform.
  • primitives: serves basic cryptographic primitives (such as hash functions and Merkle trees, signature schemes, verifiable random functions).
  • proof-systems: This is the main crate for the Darlin protocol suite. It provides the traits and structs for proof carrying data and the above mentioned proof systems. Groth16 and GM17 proving systems have been kept too for backward compatibility.
  • r1cs-core: Defines core functionalities for rank-1 constraint systems (the circuit synthesizer).
  • r1cs-std: This crate contains elementary "standard" circuits (or, "gadgets"): Boolean operations, native field and elliptic curve arithmetics.
  • r1cs-crypto: Provides the circuits for various cryptographic primitives, such as the Poseidon hash, signature schemes, and SNARK verifiers.

In addition, there is a bench-utils crate which contains an infrastructure for benchmarking, including macros for timing code segments.

Release Note

However, it does not yet serve proof composition. The proof-systems subcrate darlin prepares for the full Darlin protocol suite by providing the traits and structs necessary for proof carrying data, and puts simple Coboundary Marlin proofs from marlin into this framework. It further contains additional tools for scaling verification:

  • A batch verifier for Darlin/Marlin proofs, and
  • a post-processor for batches of Darlin/Marlin proofs, which aggregates their dlog hard parts into a single one.

Build instructions

The library compiles on the 1.51.0 stable toolchain of the Rust compiler.

git clone https://github.com/HorizenOfficial/ginger-lib.git
cd ginger-lib
cargo build --release

Run tests using

cargo test --all-features 

More detailed information can be found in our build guide.

About

Ginger-lib is a general purpose zk-SNARK library that supports recursive proof composition

Resources

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Rust 94.5%
  • Sage 5.0%
  • Other 0.5%