Browse Source

add README.md (#39)

* Initialize the README.md with a sketch of the structure

* add warning and draft diagram

* add authors & years to schemes, add a pre-sketch of the 'development' section

* Readme: add link to Carlos talk on folding schemes

* readme: sketch sections: offchain & onchain decider, add todo for references

* readme: add example of FCircuit & folding

* Readme: add lib pipeline diagram, add decider code example

* add cyclefold-nova-diagram.png, decider-onchain-flow-diagram.png

* polish cli descriptions

* small update in the Warning box

* add sonobe naming

* add folding-main-idea-diagram.png

* missing sonobe renaming

* migrate part of the README.md to sonobe-docs

* rm imgs/, load them from sonobe-docs

* tiny update

* chore: start update README

* add acknolwedgments links and text, small polishing of the overall text

* extend folding introduction & sonobe overview

* img text alignment

* chore: update readme

* chore: typos, bits of reformulation, centering images

* chore: remove btc example since can not be used as is

* rm .vscode dir

* readme: merge the duplicated sections into a single one adapting the texts

* add Docs badge with link, update acknowledgments

* add ci & license badges

* fix cli link, add solc mention in solidity-verifiers/readme

* small polishing

* fix img alignment

* rm badges, the reasoning is:

- The License badge is not needed since there are already many links to
  the license both in the readme and in the GitHub UI
- The CI checks badge, already appears in the GitHub UI in the last
  commit preview at the main repo page. Furthermore, after some months
  of inactivity, the badge would be 'gray' as 'inactive'.
- The only badge that I was trying to get there is the 'docs' badge, to
  make it very clear that the docs page exists, but it was a bit to hard
  visually to have a single badge there, and furthermore the docs link
  already appears in the readme twice, and also in the GitHub UI
  right-panel.

---------

Co-authored-by: dmpierre <pdaixmoreux@gmail.com>
main
arnaucube 8 months ago
committed by GitHub
parent
commit
8b233031a6
No known key found for this signature in database GPG Key ID: B5690EEEBB952194
6 changed files with 111 additions and 21 deletions
  1. +89
    -0
      README.md
  2. +10
    -11
      cli/README.md
  3. +5
    -6
      cli/src/settings.rs
  4. +2
    -2
      folding-schemes/src/folding/nova/decider_eth_circuit.rs
  5. +4
    -1
      solidity-verifiers/README.md
  6. +1
    -1
      solidity-verifiers/templates/kzg10_verifier.askama.sol

+ 89
- 0
README.md

@ -0,0 +1,89 @@
# sonobe
Experimental folding schemes library implemented jointly by [0xPARC](https://0xparc.org/) and [PSE](https://pse.dev).
<img align="right" style="width:30%;min-width:250px;margin-bottom:20px;" src="https://privacy-scaling-explorations.github.io/sonobe-docs/imgs/sonobe.png">
<b>Sonobe</b> is a modular library to fold arithmetic circuit instances in an Incremental Verifiable computation (IVC) style. It features multiple folding schemes and decider setups, allowing users to pick the scheme which best fit their needs.
<br><br>
Sonobe is conceived as an exploratory effort with the aim to push forward the practical side of folding schemes and advancing towards onchain (EVM) verification.
<br><br>
<i>"The <a href="https://en.wikipedia.org/wiki/Sonobe">Sonobe module</a> is one of the many units used to build modular origami. The popularity of Sonobe modular origami models derives from the simplicity of folding the modules, the sturdy and easy assembly, and the flexibility of the system."</i>
<br>
> **Warning**: experimental code, do not use in production.<br>
> The code has not been audited. Several optimizations are also pending. Our focus so far has been on implementing the Nova and CycleFold schemes and achieving onchain (EVM) verification.
## Schemes implemented
Folding schemes implemented:
- [Nova: Recursive Zero-Knowledge Arguments from Folding Schemes](https://eprint.iacr.org/2021/370.pdf), Abhiram Kothapalli, Srinath Setty, Ioanna Tzialla. 2021
- [CycleFold: Folding-scheme-based recursive arguments over a cycle of elliptic curves](https://eprint.iacr.org/2023/1192.pdf), Abhiram Kothapalli, Srinath Setty. 2023
Work in progress:
- [HyperNova: Recursive arguments for customizable constraint systems](https://eprint.iacr.org/2023/573.pdf), Abhiram Kothapalli, Srinath Setty. 2023
- [ProtoGalaxy: Efficient ProtoStar-style folding of multiple instances](https://eprint.iacr.org/2023/1106.pdf), Liam Eagen, Ariel Gabizon. 2023
## Available frontends
Available frontends to define the folded circuit:
- [arkworks](https://github.com/arkworks-rs), arkworks contributors
- [Circom](https://github.com/iden3/circom), iden3, 0Kims Association
## Usage
### Docs
Detailed usage and design documentation can be found at [Sonobe docs](https://privacy-scaling-explorations.github.io/sonobe-docs/).
### Folding Schemes introduction
Folding schemes efficitently achieve incrementally verifiable computation (IVC), where the prover recursively proves the correct execution of the incremental computations.
Once the IVC iterations are completed, the IVC proof is compressed into the Decider proof, a zkSNARK proof which proves that applying $n$ times the $F$ function (the circuit being folded) to the initial state ($z_0$) results in the final state ($z_n$).
<p align="center">
<img src="https://privacy-scaling-explorations.github.io/sonobe-docs/imgs/folding-main-idea-diagram.png" style="width:70%;" />
</p>
Where $w_i$ are the external witnesses used at each iterative step.
In other words, it allows to prove efficiently that $z_n = F(...~F(F(F(F(z_0, w_0), w_1), w_2), ...), w_{n-1})$.
### Overview of sonobe
Sonobe is a folding schemes modular library to fold arithmetic circuit instances in an incremental verifiable computation (IVC) style. It also provides the tools required to generate a zkSNARK proof out of an IVC proof and to verify it on Ethereum's EVM.
The development flow using Sonobe looks like:
1. Define a circuit to be folded
2. Set which folding scheme to be used (eg. Nova with CycleFold)
3. Set a final decider to generate the final proof (eg. Spartan over Pasta curves)
4. Generate the the decider verifier
<p align="center">
<img src="https://privacy-scaling-explorations.github.io/sonobe-docs/imgs/sonobe-lib-pipeline.png"/>
</p>
The folding scheme and decider used can be swapped with a few lines of code (eg. switching from a Decider that uses two Spartan proofs over a cycle of curves, to a Decider that uses a single Groth16 proof over the BN254 to be verified in an Ethereum smart contract).
The [Sonobe docs](https://privacy-scaling-explorations.github.io/sonobe-docs/) contain more details about the usage and design of the library.
Complete examples can be found at [folding-schemes/examples](https://github.com/privacy-scaling-explorations/sonobe/tree/main/folding-schemes/examples)
## License
Sonobe is [MIT Licensed](https://github.com/privacy-scaling-explorations/sonobe/blob/main/LICENSE).
## Acknowledgments
This project builds on top of multiple [arkworks](https://github.com/arkworks-rs) libraries. It uses Espresso system's [virtual polynomial](https://github.com/EspressoSystems/hyperplonk/blob/main/arithmetic/src/virtual_polynomial.rs) abstraction and its [SumCheck](https://github.com/EspressoSystems/hyperplonk/tree/main/subroutines/src/poly_iop/sum_check) implementation.
The Solidity templates used in `nova_cyclefold_verifier.sol`, use [iden3](https://github.com/iden3/snarkjs/blob/master/templates/verifier_groth16.sol.ejs)'s Groth16 implementation and a KZG10 Solidity template adapted from [weijiekoh/libkzg](https://github.com/weijiekoh/libkzg).
In addition to the direct code contributors who make this repository possible, this project has been made possible by many conversations with [Srinath Setty](https://github.com/srinathsetty), [Lev Soukhanov](https://github.com/levs57), [Matej Penciak](https://github.com/mpenciak), [Adrian Hamelink](https://github.com/adr1anh), [François Garillot](https://github.com/huitseeker), [Daniel Marin](https://github.com/danielmarinq), [Han Jian](https://github.com/han0110), [Wyatt Benno](https://github.com/wyattbenno777), [Nikkolas Gailly](https://github.com/nikkolasg) and [Nalin Bhardwaj](https://github.com/nalinbhardwaj), to whom we are grateful.

+ 10
- 11
cli/README.md

@ -1,4 +1,4 @@
# Solidity Verifier
# Solidity Verifiers CLI
_____ ______ ______ ______ ______ ______ ______ _____ ______ ______ ______ ______ ______ ______
| |__| || |__| || |__| || |__| || |__| || |__| || |__| | | |__| || |__| || |__| || |__| || |__| || |__| || |__| |
| () || () || () || () || () || () || () | | () || () || () || () || () || () || () |
@ -20,9 +20,9 @@
| () || () || () || () || () || () || () | | () || () || () || () || () || () || () |
|______||______||______||______||______||______||______| |______||______||______||______||______||______||______|
Welcome to Solidity Verifier, a powerful Command-Line Interface (CLI) tool designed to simplify the generation of Solidity smart contracts that verify proofs of Zero Knowledge cryptographic protocols. This tool is developed by the collaborative efforts of the PSE (Privacy & Scaling Explorations) and 0XPARC teams.
Welcome to Solidity Verifiers CLI, a Command-Line Interface (CLI) tool designed to simplify the generation of Solidity smart contracts that verify proofs of Zero Knowledge cryptographic protocols. This tool is developed by the collaborative efforts of the PSE (Privacy & Scaling Explorations) and 0XPARC teams.
As an open-source project, Solidity Verifier is released under the GPL3 license.
Solidity Verifiers CLI is released under the MIT license, but notice that the Solidity template for the Groth16 verification has GPL-3.0 license, hence the generated Solidity verifiers that use the Groth16 template will have that license too.
## Supported Protocols ## Supported Protocols
@ -37,36 +37,35 @@ Solidity Verifier currently supports the generation of Solidity smart contracts
- Example credit: [weijiekoh - KZG10 Verifier Contract](https://github.com/weijiekoh/libkzg/blob/master/sol/KZGVerifier.sol) - Example credit: [weijiekoh - KZG10 Verifier Contract](https://github.com/weijiekoh/libkzg/blob/master/sol/KZGVerifier.sol)
- **Nova + CycleFold Decider:** - **Nova + CycleFold Decider:**
- Implements the decider circuit verification for the Nova zero-knowledge proof system in conjunction with the CycleFold protocol optimization.
- Implements the decider circuit verification for the Nova proof system in conjunction with the CycleFold protocol optimization.
- Template inspiration and setup credit: [Han - revm/Solidity Contract Testing Functions](https://github.com/privacy-scaling-explorations/halo2-solidity-verifier/tree/main) - Template inspiration and setup credit: [Han - revm/Solidity Contract Testing Functions](https://github.com/privacy-scaling-explorations/halo2-solidity-verifier/tree/main)
## Usage ## Usage
```bash ```bash
solidity-verifier [OPTIONS] -p <PROTOCOL> -pd <PROTOCOL_DATA> -o <OUTPUT_PATH>
solidity-verifiers-cli [OPTIONS] -p <PROTOCOL> -d <PROTOCOL_DATA> -o <OUTPUT_PATH>
``` ```
A real use case (which was used to test the tool itself): A real use case (which was used to test the tool itself):
`solidity-verifier -p groth16 -pd ./folding-verifier-solidity/assets/G16_test_vk_data`
`solidity-verifiers-cli -p groth16 -d ./solidity-verifiers/assets/G16_test_vk_data`
This would generate a Groth16 verifier contract for the given G16 data (which consists on the G16_Vkey only) and store this contract in `$pwd`. This would generate a Groth16 verifier contract for the given G16 data (which consists on the G16_Vkey only) and store this contract in `$pwd`.
### Options: ### Options:
-v, --verbose: Increase logging verbosity -v, --verbose: Increase logging verbosity
-q, --quiet: Decrease logging verbosity -q, --quiet: Decrease logging verbosity
-p, --protocol <PROTOCOL>: Selects the protocol for which to generate the Decider circuit Solidity Verifier (possible values: groth16, kzg, nova-cyclefold) -p, --protocol <PROTOCOL>: Selects the protocol for which to generate the Decider circuit Solidity Verifier (possible values: groth16, kzg, nova-cyclefold)
-o, --out <OUT>: Sets the output path for all generated artifacts (default: /home/kr0/Desktop/HDD/ethereum/folding-schemes/verifier.sol)
-o, --out <OUT>: Sets the output path for all generated artifacts
-d, --protocol-data <PROTOCOL_DATA>: Sets the input path for the file containing all the data required by the chosen protocol for verification contract generation -d, --protocol-data <PROTOCOL_DATA>: Sets the input path for the file containing all the data required by the chosen protocol for verification contract generation
--pragma <PRAGMA>: Selects the Solidity compiler version to be set in the Solidity Verifier contract artifact --pragma <PRAGMA>: Selects the Solidity compiler version to be set in the Solidity Verifier contract artifact
-h, --help: Print help (see a summary with '-h') -h, --help: Print help (see a summary with '-h')
-V, --version: Print version -V, --version: Print version
## License ## License
Solidity Verifier is released under the GPL3 license for any of the protocols that include `Groth16`. See the LICENSE file in the project repository for more details.
For the rest of contracts/protocols and the CLI itself, this tooling is released under MIT/Apache license.
Solidity Verifier CLI is released under the MIT license, but notice that the Solidity template for the Groth16 verification has GPL-3.0 license, hence the generated Solidity verifiers will have that license too.
## Contributing ## Contributing
Feel free to explore, use, and contribute to Solidity Verifier as we strive to enhance privacy and scalability in the blockchain space!
We welcome contributions to Solidity Verifier! If you encounter any issues, have feature requests, or want to contribute to the codebase, please check out the GitHub repository and follow the guidelines outlined in the contributing documentation.
Feel free to explore, use, and contribute to Solidity Verifiers CLI as we strive to enhance privacy and scalability in the blockchain space!
We welcome contributions to Solidity Verifiers CLI! If you encounter any issues, have feature requests, or want to contribute to the codebase, please check out the GitHub repository and follow the guidelines outlined in the contributing documentation.

+ 5
- 6
cli/src/settings.rs

@ -43,7 +43,7 @@ impl Protocol {
} }
} }
const ABOUT: &str = "A powerful Command-Line Interface (CLI) tool designed to simplify the generation of Solidity smart contracts that verify proofs of Zero Knowledge cryptographic protocols.
const ABOUT: &str = "A Command-Line Interface (CLI) tool designed to simplify the generation of Solidity smart contracts that verify proofs of Zero Knowledge cryptographic protocols.
"; ";
const LONG_ABOUT: &str = " const LONG_ABOUT: &str = "
@ -68,10 +68,9 @@ const LONG_ABOUT: &str = "
| () || () || () || () || () || () || () | | () || () || () || () || () || () || () |
|______||______||______||______||______||______||______| |______||______||______||______||______||______||______|
Welcome to Solidity Verifier, a powerful Command-Line Interface (CLI) tool designed to simplify the generation of Solidity smart contracts that verify proofs of Zero Knowledge cryptographic protocols.
for Zero Knowledge protocols. This tool is developed by the collaborative efforts of the PSE (Privacy & Scaling Explorations) and 0XPARC teams.
Welcome to Solidity Verifiers CLI, a Command-Line Interface (CLI) tool designed to simplify the generation of Solidity smart contracts that verify proofs of Zero Knowledge cryptographic protocols. This tool is developed by the collaborative efforts of the PSE (Privacy & Scaling Explorations) and 0XPARC teams.
As an open-source project, Solidity Verifier is released under the GPL3 license.
Solidity Verifiers CLI is released under the MIT license, but notice that the Solidity template for the Groth16 verification has GPL-3.0 license, hence the generated Solidity verifiers that use the Groth16 template will have that license too.
Solidity Verifier currently supports the generation of Solidity smart contracts for the verification of proofs in the following Zero Knowledge protocols: Solidity Verifier currently supports the generation of Solidity smart contracts for the verification of proofs in the following Zero Knowledge protocols:
@ -82,13 +81,13 @@ Solidity Verifier currently supports the generation of Solidity smart contracts
Uses the Kate-Zaverucha-Goldberg polynomial commitment scheme. Uses the Kate-Zaverucha-Goldberg polynomial commitment scheme.
Nova + CycleFold Decider: Nova + CycleFold Decider:
Implements the decider circuit verification for the Nova zero-knowledge proof system in conjunction with the CycleFold protocol optimization.
Implements the decider circuit verification for the Nova proof system in conjunction with the CycleFold protocol optimization.
"; ";
#[derive(Debug, Parser)] #[derive(Debug, Parser)]
#[command(author = "0XPARC & PSE", version, about = ABOUT, long_about = Some(LONG_ABOUT))] #[command(author = "0XPARC & PSE", version, about = ABOUT, long_about = Some(LONG_ABOUT))]
#[command(propagate_version = true)] #[command(propagate_version = true)]
/// A tool to create Solidity Contracts which act as verifiers for the major Folding Schemes implemented /// A tool to create Solidity Contracts which act as verifiers for the major Folding Schemes implemented
/// within the `folding-schemes` repo.
/// within the `sonobe` repo.
pub(crate) struct Cli { pub(crate) struct Cli {
#[command(flatten)] #[command(flatten)]
pub verbosity: clap_verbosity_flag::Verbosity, pub verbosity: clap_verbosity_flag::Verbosity,

+ 2
- 2
folding-schemes/src/folding/nova/decider_eth_circuit.rs

@ -493,7 +493,7 @@ where
incircuit_c_E.enforce_equal(&kzg_c_E)?; incircuit_c_E.enforce_equal(&kzg_c_E)?;
// Check 7 is temporary disabled due // Check 7 is temporary disabled due
// https://github.com/privacy-scaling-explorations/folding-schemes/issues/80
// https://github.com/privacy-scaling-explorations/sonobe/issues/80
// //
// 7. check eval_W==p_W(c_W) and eval_E==p_E(c_E) // 7. check eval_W==p_W(c_W) and eval_E==p_E(c_E)
// let incircuit_eval_W = evaluate_gadget::<CF1<C1>>(W_i1.W, incircuit_c_W)?; // let incircuit_eval_W = evaluate_gadget::<CF1<C1>>(W_i1.W, incircuit_c_W)?;
@ -874,7 +874,7 @@ pub mod tests {
} }
// The test test_polynomial_interpolation is temporary disabled due // The test test_polynomial_interpolation is temporary disabled due
// https://github.com/privacy-scaling-explorations/folding-schemes/issues/80
// https://github.com/privacy-scaling-explorations/sonobe/issues/80
// for n<=11 it will work, but for n>11 it will fail with stack overflow. // for n<=11 it will work, but for n>11 it will fail with stack overflow.
#[ignore] #[ignore]
#[test] #[test]

+ 4
- 1
solidity-verifiers/README.md

@ -1,3 +1,6 @@
# `solidity-verifiers` # `solidity-verifiers`
This crate implements templating logic to output verifier contracts for `folding-schemes`-generated decider proofs.
This crate implements templating logic to output verifier contracts for `sonobe`-generated decider proofs.
This crate is accompanied with the [cli](https://github.com/privacy-scaling-explorations/sonobe/tree/main/cli) crate, which allows to generate the Solidity contracts from the command line.
To run the tests it needs [solc](https://docs.soliditylang.org/en/latest/installing-solidity.html) installed.

+ 1
- 1
solidity-verifiers/templates/kzg10_verifier.askama.sol

@ -1,7 +1,7 @@
/** /**
* @author Privacy and Scaling Explorations team - pse.dev * @author Privacy and Scaling Explorations team - pse.dev
* @dev Contains utility functions for ops in BN254; in G_1 mostly. * @dev Contains utility functions for ops in BN254; in G_1 mostly.
* @notice Forked from https://github.com/weijiekoh/libkzg/tree/master.
* @notice Forked from https://github.com/weijiekoh/libkzg.
* Among others, a few of the changes we did on this fork were: * Among others, a few of the changes we did on this fork were:
* - Templating the pragma version * - Templating the pragma version
* - Removing type wrappers and use uints instead * - Removing type wrappers and use uints instead

Loading…
Cancel
Save