arnaucube 9a20fc4e08 | 3 days ago | |
---|---|---|
circuit | 6 months ago | |
src | 3 days ago | |
.gitignore | 6 months ago | |
Cargo.toml | 5 days ago | |
README.md | 1 month ago | |
compile-circuit.sh | 7 months ago |
Repo showcasing usage of Sonobe with Arkworks and Circom circuits.
The main idea is to prove $z_n = H(H(...~H(H(H(z_0)))))$, where $n$ is the number of Keccak256 hashes ($H$) that we compute. Proving this in a 'normal' R1CS circuit for a large $n$ would be too costly, but with folding we can manage to prove it in a reasonable time span.
For more info about Sonobe, check out Sonobe's docs.
Proves a chain of Poseidon hashes, using the arkworks/poseidon circuit, with Nova+CycleFold.
cargo test --release poseidon_chain -- --nocapture
Proves a chain of SHA256 hashes, using the arkworks/sha256 circuit, with Nova+CycleFold.
cargo test --release sha_chain_offchain -- --nocapture
Proves a chain of keccak256 hashes, using the vocdoni/keccak256-circom circuit, with Nova+CycleFold.
Assuming rust and circom have been installed:
./compile-circuit.sh
cargo test --release keccak_chain -- --nocapture
Note: the Circom variant currently has a bit of extra overhead since at each folding step it uses Circom witness generation to obtain the witness and then it imports it into the arkworks constraint system.
Additionally there is the src/naive_approach_{poseidon,sha}_chain.rs
file, which mimics the amount of hashes computed by the src/{poseidon,sha}_chain.rs
file, but instead of folding it does it by building a big circuit that does all the hashes at once, as we would do before folding existed.
To run it:
cargo test --release naive_approach_sha_chain -- --nocapture
cargo test --release naive_approach_poseidon_chain -- --nocapture