Proof of concept implementation of ProtoGalaxy

Overview

protogalaxy-poc Test

Proof of concept implementation of ProtoGalaxy (https://eprint.iacr.org/2023/1106.pdf) using arkworks.

Experimental code, do not use in production.

Thanks to Liam Eagen and Ariel Gabizon for their kind explanations.

This code has been done in the context of the research on folding schemes in 0xPARC.

protogalaxy img from Wikipedia

(img: protogalaxies colliding, from Wikipedia)

Details

Implementation of ProtoGalaxy's scheme described in section 4 of the paper.

Current version implements the folding on prover & verifier and it works for k-to-1 instances and with multiple iterations, but it is not optimized. Next steps in terms of implementation include: F(X) O(n) construction following Claim 4.4, compute K(X) in O(kd log(kd)M + ndkC) as described in Claim 4.5, add tests folding in multiple iterations and also in a tree approach, add the decider and integrate with some existing R1CS tooling for the R1CS & witness generation.

Usage

Example of folding k+1 instances:

// assume we have:
// an R1CS instance 'r1cs'
// a valid witness 'w' from our running instance
// k valid 'witnesses' to be fold

// compute the committed instance for our running witness
let phi = Pedersen::<G1Projective>::commit(&pedersen_params, &witness.w, &witness.r_w);
let instance = CommittedInstance::<G1Projective> {
    phi,
    betas: betas.clone(),
    e: Fr::zero(),
};

// compute the k committed instances to be fold
let mut instances: Vec<CommittedInstance<G1Projective>> = Vec::new();
for i in 0..k {
    let phi_i =
	Pedersen::<G1Projective>::commit(&pedersen_params, &witnesses[i].w, &witnesses[i].r_w);
    let instance_i = CommittedInstance::<G1Projective> {
	phi: phi_i,
	betas: betas.clone(),
	e: Fr::zero(),
    };
    instances.push(instance_i);
}

// set the initial random betas
let beta = Fr::rand(&mut rng);
let betas = powers_of_beta(beta, t);

// Prover folds the instances and witnesses
let (F_coeffs, K_coeffs, folded_instance, folded_witness) = Folding::<G1Projective>::prover(
    &mut transcript_p,
    &r1cs,
    // running instance
    instance.clone(),
    witness,
    // incomming instances
    instances.clone(),
    witnesses,
);

// verifier folds the instances
let folded_instance_v = Folding::<G1Projective>::verifier(
    &mut transcript_v,
    &r1cs,
    instance, // running instance
    instances, // incomming instances
    F_coeffs,
    K_coeffs,
);

// check that the folded instance satisfies the relation
assert!(check_instance(&r2cs, folded_instance, folded_witness));

// now, the folded instance & witness can be folded again with k other instances.

(see the actual code for more details)

You might also like...
OpenZKP - pure Rust implementations of Zero-Knowledge Proof systems.

OpenZKP OpenZKP - pure Rust implementations of Zero-Knowledge Proof systems. Overview Project current implements 🐺 the Stark protocol (see its readme

Selendra is a multichains interoperable nominated Proof-of-Stake network for developing and running Substrate-based and EVM compatible blockchain applications.

Selendra An interoperable nominated Proof-of-Stake network for developing and running Substrate-based and EVM compatible blockchain applications. Read

Proost - A small proof assistant written in Rust
Proost - A small proof assistant written in Rust

A simple proof assistant written in Rust. The specification of the project may be found here, and the user manual here. The API documentation c

DAPOL+ Proof of Liabilities using Bulletproofs and Sparse Merkle trees

DAPOL+ implementation Implementation of the DAPOL+ protocol introduced in the "Generalized Proof of Liabilities" by Yan Ji and Konstantinos Chalkias A

Alternative Mizar proof checker written in Rust

Mizar proof checker This is a (still experimental) proof checker for the Mizar language. To compile the project, get Rust 1.67 or later (https://rustu

A fast zero-knowledge proof friendly Move language runtime environment.
A fast zero-knowledge proof friendly Move language runtime environment.

zkMove Lite zkMove Lite is a lightweight zero-knowledge proof friendly Move language virtual machine. Move bytecode is automatically "compiled" into c

Uses Plonky2 proof system to build recursive circuits for Merkle Trees.

ProvableMerkleTrees Introduction This repo provides Rust code to build Merkle Trees, equipped with a Provable interface to generate Zero Knowledge pro

Minimal implementation of the Mimblewimble protocol.

Grin Grin is an in-progress implementation of the Mimblewimble protocol. Many characteristics are still undefined but the following constitutes a firs

IBC modules and relayer - Formal specifications and Rust implementation

ibc-rs Rust implementation of the Inter-Blockchain Communication (IBC) protocol. This project comprises primarily four crates: The ibc crate defines t

Owner
https://arnaucube.com/blog/
null
OGC API & STAC - Proof of Concept

OAPI - POC Proof of concept (POC) to ingest geospatial datasets from MeteoSuisse into a SpatioTemporal Asset Catalog (STAC), expose as OGC API Feature

Camptocamp 32 Dec 1, 2022
JS Runtime proof-of-concept for interactions with AvdanOS

Important: we are migrating to a new Discord server .gg/avdanos What is this ? This repo aims to be a JavaScript environment where AvdanOS extensions

AvdanOS 4 Nov 26, 2022
Proof-of-concept Typst webapp alternative

Proof-of-Concept Typst Webapp Alternative With the following features: Collaborative editing (using operational-transform and referenced from ekzhang/

Matt Fellenz 3 Nov 7, 2023
Hiisi is a proof of concept libSQL written in Rust following TigerBeetle-style with deterministic simulation testing.

Hiisi Proof of concept libSQL server written in Rust with deterministic simulation testing. Why Hiisi? SQLite is a versatile database, but serverless

Pekka Enberg 83 Oct 23, 2024
gRPC client/server for zero-knowledge proof authentication Chaum Pederson Zero-Knowledge Proof in Rust

gRPC client/server for zero-knowledge proof authentication Chaum Pederson Zero-Knowledge Proof in Rust. Chaum Pederson is a zero-knowledge proof proto

Advaita Saha 4 Jun 12, 2023
Implementation of Proof of Existence consensus using Substrate Framework, Frame, Pallets, RUST

Substrate Node Template A fresh FRAME-based Substrate node, ready for hacking ?? Getting Started Follow the steps below to get started with the Node T

Vijayendra Gaur 1 Jun 8, 2022
Rust implementation of Namada, a sovereign proof-of-stake blockchain that enables asset-agnostic private transfers

Namada Overview Namada is a sovereign proof-of-stake blockchain, using Tendermint BFT consensus, that enables multi-asset private transfers for any na

anoma 144 Jan 2, 2023
Implementation of zero-knowledge proof circuits for Tendermint.

Tendermint X Implementation of zero-knowledge proof circuits for Tendermint. Overview Tendermint X's core contract is TendermintX, which stores the he

Succinct 3 Nov 8, 2023
Simple automated proof assistant.

Esther is a work-in-progress, proof-of-concept automated theorem proof assistant based on Homotopy Type Theory. Acknowledgements Arend, Lean, Coq and

Aodhnait Étaín 5 Sep 14, 2021
Composable proof transcripts for public-coin arguments of knowledge

Merlin: composable proof transcripts for public-coin arguments of knowledge Merlin is a STROBE-based transcript construction for zero-knowledge proofs

dalek cryptography 99 Dec 22, 2022