arnaucube
/
keccak-chain-sonobe
mirror of https://github.com/arnaucube/keccak-chain-sonobe.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
11 Commits
2 Branches
0 Tags
140 KiB
Tree: 8fea475d67
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '8fea475d67'
${ noResults }
keccak-chain-sonobe/README.md

46 lines
2.9 KiB
Raw Normal View History

add sha256-chain example using arkworks to define the circuit
3 months ago
init
6 months ago
add sha256-chain example using arkworks to define the circuit
3 months ago
update README.md
5 months ago
add sha256-chain example using arkworks to define the circuit
3 months ago
update README.md
5 months ago
init
6 months ago
add poseidon_chain, update to last sonobe dependency version
2 weeks ago
add sha256-chain example using arkworks to define the circuit
3 months ago
update README.md
5 months ago
add poseidon_chain, update to last sonobe dependency version
2 weeks ago
add sha256-chain example using arkworks to define the circuit
3 months ago
init
6 months ago
add sha256-chain example using arkworks to define the circuit
3 months ago
update README.md
5 months ago
add sha256-chain example using arkworks to define the circuit
3 months ago
add poseidon_chain, update to last sonobe dependency version
2 weeks ago
add naive_approach_sha_chain.rs to compare folding to naive approach
3 months ago
add poseidon_chain, update to last sonobe dependency version
2 weeks ago
add naive_approach_sha_chain.rs to compare folding to naive approach
3 months ago
add poseidon_chain, update to last sonobe dependency version
2 weeks ago
  1. # hash-chain-sonobe
  3. Repo showcasing usage of [Sonobe](https://github.com/privacy-scaling-explorations/sonobe) with [Arkworks](https://github.com/arkworks-rs) and [Circom](https://github.com/iden3/circom) circuits.
  5. The main idea is to prove $z_n = H(H(...~H(H(H(z_0)))))$, where $n$ is the number of Keccak256 hashes ($H$) that we compute. Proving this in a 'normal' R1CS circuit for a large $n$ would be too costly, but with folding we can manage to prove it in a reasonable time span.
  7. For more info about Sonobe, check out [Sonobe's docs](https://privacy-scaling-explorations.github.io/sonobe-docs).
  9. <p align="center">
  10. <img src="https://privacy-scaling-explorations.github.io/sonobe-docs/imgs/folding-main-idea-diagram.png" style="width:70%;" />
  11. </p>
  14. ### Usage
  16. ### poseidon_chain.rs (arkworks circuit)
  17. Proves a chain of Poseidon hashes, using the [arkworks/poseidon](https://github.com/arkworks-rs/crypto-primitives/blob/main/crypto-primitives/src/sponge/poseidon/constraints.rs) circuit, with [Nova](https://eprint.iacr.org/2021/370.pdf)+[CycleFold](https://eprint.iacr.org/2023/1192.pdf).
  19. - `cargo test --release poseidon_chain -- --nocapture`
  21. ### sha_chain_offchain.rs (arkworks circuit)
  22. Proves a chain of SHA256 hashes, using the [arkworks/sha256](https://github.com/arkworks-rs/crypto-primitives/blob/main/crypto-primitives/src/crh/sha256/constraints.rs) circuit, with [Nova](https://eprint.iacr.org/2021/370.pdf)+[CycleFold](https://eprint.iacr.org/2023/1192.pdf).
  24. - `cargo test --release sha_chain_offchain -- --nocapture`
  26. ### keccak_chain.rs (circom circuit)
  27. Proves a chain of keccak256 hashes, using the [vocdoni/keccak256-circom](https://github.com/vocdoni/keccak256-circom) circuit, with [Nova](https://eprint.iacr.org/2021/370.pdf)+[CycleFold](https://eprint.iacr.org/2023/1192.pdf).
  29. Assuming rust and circom have been installed:
  30. - `./compile-circuit.sh`
  31. - `cargo test --release keccak_chain -- --nocapture`
  33. Note: the Circom variant currently has a bit of extra overhead since at each folding step it uses Circom witness generation to obtain the witness and then it imports it into the arkworks constraint system.
  35. ### Repo structure
  36. - the Circom circuit (that defines the keccak-chain) to be folded is defined at [./circuit/keccak-chain.circom](https://github.com/arnaucube/hash-chain-sonobe/blob/main/circuit/keccak-chain.circom)
  37. - the logic to fold the circuit using Sonobe is defined at [src/{poseidon_chain, sha_chain_{offchain, onchain}, keccak_chain}.rs](https://github.com/arnaucube/hash-chain-sonobe/blob/main/src)
  41. ## Other
  42. Additionally there is the `src/naive_approach_{poseidon,sha}_chain.rs` file, which mimics the amount of hashes computed by the `src/{poseidon,sha}_chain.rs` file, but instead of folding it does it by building a big circuit that does all the hashes at once, as we would do before folding existed.
  44. To run it:
  45. - `cargo test --release naive_approach_sha_chain -- --nocapture`
  46. - `cargo test --release naive_approach_poseidon_chain -- --nocapture`