Browse Source

update folding-sonobe slides

folding-slides
arnaucube 7 months ago
parent
commit
1e0e798a4f
2 changed files with 34 additions and 8 deletions
  1. BIN
      slides_sonobe-zkbarcelona.pdf
  2. +34
    -8
      slides_sonobe-zkbarcelona.tex

BIN
slides_sonobe-zkbarcelona.pdf


+ 34
- 8
slides_sonobe-zkbarcelona.tex

@ -89,17 +89,16 @@
\end{frame} \end{frame}
\section[Preliminaries]{Preliminaries}
\begin{frame}{Homomorphic commitments}
[TODO] Homomorphic commitment definition
\section[Folding]{Folding}
\begin{frame}{Homomorphic commitments and RLC}
We rely on homomorphic commitments\\
ie. Pedersen commitments\\ ie. Pedersen commitments\\
Let $g \in \mathbb{G}^n,~ v \in \mathbb{F}_r^n$,\\ Let $g \in \mathbb{G}^n,~ v \in \mathbb{F}_r^n$,\\
$$Com(v) = \langle g, v \rangle =g_1 \cdot v_1 + g_2 \cdot v_2 + \ldots + g_n \cdot v_n$$ $$Com(v) = \langle g, v \rangle =g_1 \cdot v_1 + g_2 \cdot v_2 + \ldots + g_n \cdot v_n$$
% \pause % \pause
RLC\\
RLC:\\
Let $v_1, v_2 \in \mathbb{F}_r^n$, set $cm_1 = Com(v_1),~ cm_2=Com(v_2)$. Let $v_1, v_2 \in \mathbb{F}_r^n$, set $cm_1 = Com(v_1),~ cm_2=Com(v_2)$.
\\then, \\then,
\begin{align*} \begin{align*}
@ -111,7 +110,6 @@
\end{frame} \end{frame}
\section[Folding]{Folding}
\begin{frame}{Relaxed R1CS} \begin{frame}{Relaxed R1CS}
R1CS instance: $(\{A, B, C\} \in \mathbb{F}^{n \times n},~ io,~ n,~ l)$, such that for $z=(io \in \mathbb{F}^l, 1, w \in \mathbb{F}^{n-l-1}) \in \mathbb{F}^n$, R1CS instance: $(\{A, B, C\} \in \mathbb{F}^{n \times n},~ io,~ n,~ l)$, such that for $z=(io \in \mathbb{F}^l, 1, w \in \mathbb{F}^{n-l-1}) \in \mathbb{F}^n$,
@ -130,13 +128,16 @@ for $u \in \mathbb{F},~~ E \in \mathbb{F}^n$.
Committed Relaxed R1CS instance: $CI = (\overline{E}, u, \overline{W}, x)$\\ Committed Relaxed R1CS instance: $CI = (\overline{E}, u, \overline{W}, x)$\\
Witness of the instance: $WI=(E, W)$ Witness of the instance: $WI=(E, W)$
\vspace{0.5cm}
\footnotesize{(We don't have time for it now, but there is a simple reasoning for the RelaxedR1CS usage explained in Nova paper)}
\end{frame} \end{frame}
\begin{frame}{NIFS - Non Interactive Folding Scheme} \begin{frame}{NIFS - Non Interactive Folding Scheme}
\scriptsize{ \scriptsize{
\begin{align*} \begin{align*}
CI_1 &=(\overline{E}_1, u_1, \overline{W}_1, x_1) ~~~~~~WI_1=(E_1, W_1)\\
CI_1 &=(\overline{E}_1 \in \mathbb{G}, u_1 \in \mathbb{F}, \overline{W}_1 \in \mathbb{G}, x_1 \in \mathbb{F}^n) ~~~~~~WI_1=(E_1 \in \mathbb{F}^n, W_1 \in \mathbb{F}^n)\\
CI_2 &=(\overline{E}_2, u_2, \overline{W}_2, x_2) ~~~~~~WI_2=(E_2, W_2) CI_2 &=(\overline{E}_2, u_2, \overline{W}_2, x_2) ~~~~~~WI_2=(E_2, W_2)
\end{align*} \end{align*}
where $\overline{V}=Com(V)$ where $\overline{V}=Com(V)$
@ -186,7 +187,7 @@ New folded witness: $(E, W)$
\small{ \small{
F':\\ F':\\
i) execute a step of the incremental computation, $z_i+1 = F(z_i)$\\
i) execute a step of the incremental computation, $z_{i+1} = F(z_i)$\\
ii) invoke the NIFS.V to fold $U_i, u_i$ into $U_{i+1}$\\ ii) invoke the NIFS.V to fold $U_i, u_i$ into $U_{i+1}$\\
iii) other checks to ensure that the IVC is done properly iii) other checks to ensure that the IVC is done properly
} }
@ -288,6 +289,29 @@ New folded witness: $(E, W)$
\end{frame} \end{frame}
\begin{frame}{Code example} \begin{frame}{Code example}
[show code with a live demo]
\vspace{0.5cm}
Some numbers (still optimizations pending):
\begin{itemize}
\item AugmentedFCircuit: $\sim 80k$ R1CS constraints
\item DeciderEthCircuit: $\sim 9.6M$ R1CS constraints
\begin{itemize}
\item $<3$ minutes in a 32GB RAM 16 core laptop
\end{itemize}
\item gas costs (DeciderEthCircuit proof): $\sim 800k$ gas
\begin{itemize}
\item mostly from G16, KZG10, public inputs processing
\item will be reduced by hashing the public inputs
\item expect to get it down to $< 600k$ gas.
\end{itemize}
\end{itemize}
\vspace{0.3cm}
Recall, this proof is proving that applying $n$ times the function $F$ (the circuit that we're folding) to an initial state $z_0$ results in the state $z_n$.
\\In Srinath Setty words, you can prove practically unbounded computation onchain by 800k gas (and soon $< 600k$).
\end{frame} \end{frame}
@ -299,7 +323,9 @@ New folded witness: $(E, W)$
\item \href{https://privacy-scaling-explorations.github.io/sonobe-docs/}{https://privacy-scaling-explorations.github.io/sonobe-docs/} \item \href{https://privacy-scaling-explorations.github.io/sonobe-docs/}{https://privacy-scaling-explorations.github.io/sonobe-docs/}
\end{itemize} \end{itemize}
\begin{center}
\includegraphics[width=4cm]{qr-sonobe-repo-link} \includegraphics[width=4cm]{qr-sonobe-repo-link}
\end{center}
\tiny{ \tiny{
$$\text{2024-04-22}$$ $$\text{2024-04-22}$$

Loading…
Cancel
Save