arnaucube 9bbdfc5a85 | 8 months ago | |
---|---|---|
.config | 1 year ago | |
.github/workflows | 8 months ago | |
cli | 8 months ago | |
examples | 8 months ago | |
folding-schemes | 8 months ago | |
solidity-verifiers | 8 months ago | |
.gitignore | 8 months ago | |
Cargo.toml | 8 months ago | |
LICENSE | 1 year ago | |
README.md | 8 months ago | |
rust-toolchain | 9 months ago |
Experimental folding schemes library implemented jointly by 0xPARC and PSE.
Sonobe is a modular library to fold arithmetic circuit instances in an Incremental Verifiable computation (IVC) style. It features multiple folding schemes and decider setups, allowing users to pick the scheme which best fit their needs.
Sonobe is conceived as an exploratory effort with the aim to push forward the practical side of folding schemes and advancing towards onchain (EVM) verification.
"The Sonobe module is one of the many units used to build modular origami. The popularity of Sonobe modular origami models derives from the simplicity of folding the modules, the sturdy and easy assembly, and the flexibility of the system."
Warning: experimental code, do not use in production.
The code has not been audited. Several optimizations are also pending. Our focus so far has been on implementing the Nova and CycleFold schemes and achieving onchain (EVM) verification.
Folding schemes implemented:
Work in progress:
Available frontends to define the folded circuit:
Detailed usage and design documentation can be found at Sonobe docs.
Folding schemes efficitently achieve incrementally verifiable computation (IVC), where the prover recursively proves the correct execution of the incremental computations. Once the IVC iterations are completed, the IVC proof is compressed into the Decider proof, a zkSNARK proof which proves that applying $n$ times the $F$ function (the circuit being folded) to the initial state ($z_0$) results in the final state ($z_n$).
Where $w_i$ are the external witnesses used at each iterative step.
In other words, it allows to prove efficiently that $z_n = F(...~F(F(F(F(z_0, w_0), w_1), w_2), ...), w_{n-1})$.
Sonobe is a folding schemes modular library to fold arithmetic circuit instances in an incremental verifiable computation (IVC) style. It also provides the tools required to generate a zkSNARK proof out of an IVC proof and to verify it on Ethereum's EVM.
The development flow using Sonobe looks like:
The folding scheme and decider used can be swapped with a few lines of code (eg. switching from a Decider that uses two Spartan proofs over a cycle of curves, to a Decider that uses a single Groth16 proof over the BN254 to be verified in an Ethereum smart contract).
The Sonobe docs contain more details about the usage and design of the library.
Complete examples can be found at folding-schemes/examples
Sonobe is MIT Licensed.
This project builds on top of multiple arkworks libraries. It uses Espresso system's virtual polynomial abstraction and its SumCheck implementation.
The Solidity templates used in nova_cyclefold_verifier.sol
, use iden3's Groth16 implementation and a KZG10 Solidity template adapted from weijiekoh/libkzg.
In addition to the direct code contributors who make this repository possible, this project has been made possible by many conversations with Srinath Setty, Lev Soukhanov, Matej Penciak, Adrian Hamelink, François Garillot, Daniel Marin, Han Jian, Wyatt Benno, Nikkolas Gailly and Nalin Bhardwaj, to whom we are grateful.