arnaucube
/
keccak-chain-sonobe
mirror of https://github.com/arnaucube/keccak-chain-sonobe.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8 Commits
2 Branches
0 Tags
92 KiB
Tree: 559b34b5c5
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '559b34b5c5'
${ noResults }
keccak-chain-sonobe/README.md

39 lines
2.4 KiB
Raw Normal View History

add sha256-chain example using arkworks to define the circuit
2 months ago
init
5 months ago
add sha256-chain example using arkworks to define the circuit
2 months ago
update README.md
4 months ago
add sha256-chain example using arkworks to define the circuit
2 months ago
update README.md
4 months ago
init
5 months ago
add sha256-chain example using arkworks to define the circuit
2 months ago
update README.md
4 months ago
add sha256-chain example using arkworks to define the circuit
2 months ago
init
5 months ago
add sha256-chain example using arkworks to define the circuit
2 months ago
update README.md
4 months ago
add sha256-chain example using arkworks to define the circuit
2 months ago
add naive_approach_sha_chain.rs to compare folding to naive approach
2 months ago
  1. # hash-chain-sonobe
  3. Repo showcasing usage of [Sonobe](https://github.com/privacy-scaling-explorations/sonobe) with [Arkworks](https://github.com/arkworks-rs) and [Circom](https://github.com/iden3/circom) circuits.
  5. The main idea is to prove $z_n = H(H(...~H(H(H(z_0)))))$, where $n$ is the number of Keccak256 hashes ($H$) that we compute. Proving this in a 'normal' R1CS circuit for a large $n$ would be too costly, but with folding we can manage to prove it in a reasonable time span.
  7. For more info about Sonobe, check out [Sonobe's docs](https://privacy-scaling-explorations.github.io/sonobe-docs).
  9. <p align="center">
  10. <img src="https://privacy-scaling-explorations.github.io/sonobe-docs/imgs/folding-main-idea-diagram.png" style="width:70%;" />
  11. </p>
  14. ### Usage
  16. ### sha_chain.rs (arkworks circuit)
  17. Proves a chain of SHA256 hashes, using the [arkworks/sha256](https://github.com/arkworks-rs/crypto-primitives/blob/main/crypto-primitives/src/crh/sha256/constraints.rs) circuit, with [Nova](https://eprint.iacr.org/2021/370.pdf)+[CycleFold](https://eprint.iacr.org/2023/1192.pdf).
  19. - `cargo test --release sha_chain -- --nocapture`
  21. ### keccak_chain.rs (circom circuit)
  22. Proves a chain of keccak256 hashes, using the [vocdoni/keccak256-circom](https://github.com/vocdoni/keccak256-circom) circuit, with [Nova](https://eprint.iacr.org/2021/370.pdf)+[CycleFold](https://eprint.iacr.org/2023/1192.pdf).
  24. Assuming rust and circom have been installed:
  25. - `./compile-circuit.sh`
  26. - `cargo test --release keccak_chain -- --nocapture`
  28. Note: the Circom variant currently has a bit of extra overhead since at each folding step it uses Circom witness generation to obtain the witness and then it imports it into the arkworks constraint system.
  30. ### Repo structure
  31. - the Circom circuit (that defines the keccak-chain) to be folded is defined at [./circuit/keccak-chain.circom](https://github.com/arnaucube/hash-chain-sonobe/blob/main/circuit/keccak-chain.circom)
  32. - the logic to fold the circuit using Sonobe is defined at [src/{sha_chain, keccak_chain}.rs](https://github.com/arnaucube/hash-chain-sonobe/blob/main/src)
  36. ## Other
  37. Additionally there is the `src/naive_approach_sha_chain.rs` file, which mimics the amount of hashes computed by the `src/sha_chain.rs` file, but instead of folding it does it by building a big circuit that does all the hashes at once, as we would do before folding existed.
  39. To run it: `cargo test --release naive_approach_sha_chain -- --nocapture`