zkSNARK Plonk #454
zkSNARK Plonk #454
Conversation
There was a problem hiding this comment.
Thanks for the application. I think in general we are highly interested in this. Are you going to use the Pure Rust implementation by dusk-network? What exactly do you need to do as part of deliverables in order to implement this into substrate? 4 months seems to be a lot for this. Are you also planning to audit the implementation?
|
@Noc2
Thank you.
Exactly.
The dusk-network plonk is compatible with
Okay.
Absolutely! Please feel free to ask any questions. |
|
Thanks for the quick reply. Could you update the application accordingly (concrete deliverables, potentially the audit, etc)? |
|
Hi @Noc2 |
Noc2
added
ready for review
There was a problem hiding this comment.
This is a promising project! There are a few points that I'd like to get clarification on:
modify attributes according to parity-codec and
Rngto be compatible with Substrate environment.
I would like to understand a little bit better what you mean by the above.
allow a developer to build their own circuit
Did I understand correctly that you want to provide the ability to both creating the proofs as well as verifying them from your pallet? As far as I can remember, the other team providing similar functionality (ZeroPool, built for groth16) only had verification on-chain. Please expand on this point as well, to explain how you envision developers building their own circuits.
Lastly, could you provide a list of extrinsics that would be callable via your pallet? This would later allow us to better evaluate your delivery against the original contract.
I would like to kindly ask you to include the requested information in your application.
|
Hi @mmagician
In order for the pallet to work on resource-constrained execution environments like Substrate runtime, attributes should be modified in accordance with the SCALE codec.
Creating the proofs is done off-chain because it needs secret input and it shouldn’t be public, and that process consumes a bunch of computation.
This pallet allows us to do building circuits, creating proofs, and verifying proofs.
I updated accordingly. |
| | 1. | make plonk compatible | The dusk-network plonk is compatible with `no-std` so we are going to modify attributes according to [parity-codec](https://github.com/paritytech/parity-scale-codec) and `Rng` to be compatible with Substrate environment. | | ||
| | 2. | implement zkSNARK plonk pallet | We will create a set of plonk-based zkSNARK libraries that allow a developer to build their own circuit and a user to prove their computation validity. | | ||
| | 1. | make plonk compatible | The dusk-network plonk is compatible with `no-std` so we are going to modify attributes according to [parity-codec](https://github.com/paritytech/parity-scale-codec) and `Rng` to be compatible with Substrate environment. This step allows this pallet to work on resource-constrained execution environments like Substrate runtime, attributes should be modified in accordance with SCALE codec and some versions of Rng can’t be compiled to wasm so we need to research and make it stable as necessary. | | ||
| | 2. | implement zkSNARK plonk pallet | We will create a set of plonk-based zkSNARK libraries that allow a developer to build their own circuit and a user to prove their computation validity. Verifying proofs are done by on-chain. Creating the proofs are done by off-chain. | |
There was a problem hiding this comment.
off chain - meaning off-chain worker? or a separate tool?
There was a problem hiding this comment.
Creating the proofs is done by an off-chain worker.
|
|
||
| This zkSNARK plonk is based on [dusk-network plonk](https://github.com/dusk-network/plonk) library. | ||
| This zkSNARK plonk pallet provides us following function. | ||
| - Building circuits |
There was a problem hiding this comment.
You're planning to build circuits through your pallet? This sounds like you're planning to make it interactive, which doesn't make much sense to me, since circuits needed to be programmed by the user. As far as I'm aware, this involves writing code with the help of some tools (like circom, or dusk-plonk would be the fit here I guess) that is later compiled. Please expand on how your pallet would support building circuits
There was a problem hiding this comment.
Hi @mmagician
Thank you for asking me for details.
You're planning to build circuits through your pallet? This sounds like you're planning to make it interactive, which doesn't make much sense to me, since circuits needed to be programmed by the user.
Yes, the user(Substrate developer) can build their own programmable circuit.
If they want to build a circuit of privacy transfer, following sequence they need.
- Build their own circuit on-chain(Substrate node) that checks the validity of transactions
- Customize off-chain worker library corresponding to the on-chain circuit
- Deploy the Substrate node
- The transactor creates proofs and sends transactions through the off-chain worker.
It's a similar structure with circom which deploys verifier contract and this is the verify pallet of this project.
The circom creates proof using the off-chain library and this is the create proof off-chain worker of this project.
There was a problem hiding this comment.
If you don't mind I'll lean on the example from circom again. From this tutorial section 2.1, a user needs to write code in order to build their circuit.
So what you're saying is that if a developer wants to build their own circuit, they need to have a separate pallet with the logic for their own circuit? Because, as far as I understand, each circuit will be customised for the developer's own purpose and it's difficult to make it generic.
I could imagine that if there is a common interface, an off-chain worker could be called to build the circuit from whatever code the user has written. Could it be generic enough?
Well if that's the case and I understood your last comment, then the building of the circuit will not happen in your pallet, but rather each developer has to do it independently. And then they can call your pallet's create proof method (assuming there is some standard interface in place) to take whatever circuit they built, supply the secret inputs, and compute the proof. Is my understanding correct?
There was a problem hiding this comment.
Thank you for the questions.
If you don't mind I'll lean on the example from circom again. From this tutorial section 2.1, a user needs to write code in order to build their circuit.
This plonk pallet provides a circuit template library.
A user writes code on the provided circuit template library so it doesn't have to have a separate library by itself in the same way as a circom user doesn't need to implement any kind of library just defining constraint.
they need to have a separate pallet with the logic for their own circuit?
No, because this plonk pallet provides a circuit template library.
each circuit will be customised for the developer's own purpose and it's difficult to make it generic.
Each circuit will be customized using a circuit template library and a user define the constraint themselves.
I could imagine that if there is a common interface, an off-chain worker could be called to build the circuit from whatever code the user has written.
Sorry I couldn't understand this.
The circuit can't be added after a developer deploys the Substrate node.
the building of the circuit will not happen in your pallet
The building of the circuit will happen in this plonk pallet using a circuit template library.
A user defines the circuit as following through the plonk pallet.
impl Circuit for TestCircuit {
const CIRCUIT_ID: [u8; 32] = [0xff; 32];
fn gadget(
&mut self,
composer: &mut StandardComposer,
) -> Result<(), Error> {
let a = composer.add_input(self.a);
let b = composer.add_input(self.b);
// Make first constraint a + b = c
composer.poly_gate(
a,
b,
composer.zero_var(),
BlsScalar::zero(),
BlsScalar::one(),
BlsScalar::one(),
BlsScalar::zero(),
BlsScalar::zero(),
Some(-self.c),
);
// Check that a and b are in range
composer.range_gate(a, 1 << 6);
composer.range_gate(b, 1 << 5);
// Make second constraint a * b = d
composer.poly_gate(
a,
b,
composer.zero_var(),
BlsScalar::one(),
BlsScalar::zero(),
BlsScalar::zero(),
BlsScalar::one(),
BlsScalar::zero(),
Some(-self.d),
);
let e = composer.add_input(self.e.into());
let scalar_mul_result = composer
.fixed_base_scalar_mul(e, dusk_jubjub::GENERATOR_EXTENDED);
// Apply the constrain
composer.assert_equal_public_point(scalar_mul_result, self.f);
Ok(())
}
fn padded_circuit_size(&self) -> usize {
1 << 11
}
}A user circuit is TestCircuit and the Circuit struct is from this pallet.
A user can build a circuit by extending provided Circuit struct and this is a generic circuit template library.
And from the next line, a user defines the constraint.
I hope this example helps you to understand well.
Sorry that was such a long comment 🙇♂️
|
Hi @Noc2
I'd like to know what kind of help you provide about the audit. |
|
Congratulations! As part of the Open Grants Program, we want to help winning teams acknowledge their grants publicly. To that end, we’ve created a badge for projects that successfully delivered their first milestone. Please observe the foundation’s guidelines when making any announcements; in particular, don’t announce the grant publicly before you've completed at least the first milestone of the project. |
We could potentially help you to find a company. It’s currently pretty difficult to find good audit companies. |
* create zkSNARK plonk * trusted setup * toxic waste
|
@noctrlz any updates, are you still interested in working on this? |
|
Hi @alxs |
|
Hi there |
Grant Application Checklist
project_name.md) and updated.