search

clearmatics / zecale

General purpose aggregator using recursive composition of SNARKs: https://arxiv.org/abs/2008.05958
https://clearmatics.github.io/zecale
GNU Lesser General Public License v3.0
8 stars 3 forks source link

Hash the primary inputs to save a few scalar mult in the verifier circuit #5

Open AntoineRondelet opened 4 years ago

AntoineRondelet commented 4 years ago

This is necessary to make Zecale generic.

dtebbs commented 3 years ago

Note, it may not be feasible to do this via an algebraic hash (without support for some extra precompiled contracts) since scalar field elements do not fit into single evm words. In the case of verification keys, hashing with Blake2 increased the proving time of the circuit for (2 nested proofs) by an roughly order of magnitude.

AntoineRondelet commented 3 years ago

Note, it may not be feasible to do this via an algebraic hash (without support for some extra precompiled contracts) since scalar field elements do not fit into single evm words. In the case of verification keys, hashing with Blake2 increased the proving time of the circuit for (2 nested proofs) by an roughly order of magnitude.

Yes, we need to make the assumption that the EVM is extended with another set of precompiled contracts (even in its current state, Zecale cannot be deployed on Ethereum mainnet because BW6 arithmetic is not supported)