You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
George Kadianakis a29fda9758
Merge 89d9528a01 into f87a71f6a6
11 months ago
benches Add basic benchmarks for the prover 11 months ago
src Add basic benchmarks for the prover 11 months ago
.gitignore Add Sigmabus PoC implementation 1 year ago
Cargo.toml Add basic benchmarks for the prover 11 months ago
LICENSE Add Sigmabus PoC implementation 1 year ago
README.md Add Sigmabus PoC implementation 1 year ago

README.md

sigmabus-poc

Proof of concept implementation of Sigmabus https://eprint.iacr.org/2023/1406, a cool idea by George Kadianakis and Mary Maller and Andrija Novakovic.

Experimental code, do not use in production.

This PoC implements Sigmabus to prove & verify that $X = x \cdot G \in \mathbb{G}$ for a public input $X \in \mathbb{G}$ and a private input $x \in \mathbb{F}_r$ ($\mathbb{G}$'s ScalarField), while the circuit is defined on $\mathbb{F}_r$ (note that $\mathbb{G}$ coordinates are on $\mathbb{F}_q$ ($\mathbb{G}$'s BaseField)).

Proving $X = x \cdot G$ with a 'traditional' approach in a zkSNARK circuit, would require non-native arithmetic for computing the scalar multiplication $x \cdot G \in \mathbb{G}$ over $\mathbb{F}_r$, which would take lot of constraints. The number of constraints in the circuit for this Sigmabus instantiation mainly depends on the constraints needed for 2 Poseidon hashes.

Let $\mathbb{G}$ be BN254's $G1$, an example of usage would be:

// generate the trusted setup
let params = Sigmabus::<Bn254>::setup(&mut rng, &poseidon_config);

// compute X = x * G
let x = Fr::rand(&mut rng);
let X = G1Projective::generator().mul(x);

// generate Sigmabus proof for X==x*G
let mut transcript_p = PoseidonTranscript::<G1Projective>::new(&poseidon_config);
let proof = Sigmabus::<Bn254>::prove(&mut rng, &params, &mut transcript_p, x);

// verify Sigmabus proof for X==x*G
let mut transcript_v = PoseidonTranscript::<G1Projective>::new(&poseidon_config);
Sigmabus::<Bn254>::verify(&params, &mut transcript_v, proof, X).unwrap();