arnaucube
/
keccak-chain-sonobe
mirror of https://github.com/arnaucube/keccak-chain-sonobe.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
2 Branches
0 Tags
92 KiB
 
 
Tree: 9964cf37e9
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9964cf37e9'
${ noResults }
keccak-chain-sonobe/README.md

2.1 KiB
Raw Blame History

hash-chain-sonobe

Repo showcasing usage of Sonobe with Arkworks and Circom circuits.

The main idea is to prove $z_n = H(H(...~H(H(H(z_0)))))$, where $n$ is the number of Keccak256 hashes ($H$) that we compute. Proving this in a 'normal' R1CS circuit for a large $n$ would be too costly, but with folding we can manage to prove it in a reasonable time span.

For more info about Sonobe, check out Sonobe's docs.

Usage

sha_chain.rs (arkworks circuit)

Proves a chain of SHA256 hashes, using the arkworks/sha256 circuit, with Nova+CycleFold.

  • cargo test --release sha_chain -- --nocapture

keccak_chain.rs (circom circuit)

Proves a chain of keccak256 hashes, using the vocdoni/keccak256-circom circuit, with Nova+CycleFold.

Assuming rust and circom have been installed:

  • ./compile-circuit.sh
  • cargo test --release keccak_chain -- --nocapture

Note: the Circom variant currently has a bit of extra overhead since at each folding step it uses Circom witness generation to obtain the witness and then it imports it into the arkworks constraint system.

Repo structure