sirlensalot
commented
2 years ago I'm confused by the cont support. In crosschain Pact this is needed because defpacts start on one chain and end on another, meaning there needs to be baked-in SPV support. However with L2 there is no need for the external oracle. Or is this to support starting an L2 on one chain and completing it on another?
emilypi
This issue is meant to describe a series of primitives in Pact needed for working generally with zero knowledge (ZK) proofs. The requirements are broken up into two sections: general elliptic curve (EC) arithmetic (initially over bn128), and the backend support for proof verification as provided by a third party API.
Motivation
The rationale for inclusion here follows roughly the rationale described in the following Ethereum EIP's:
As Kadena scales up its work with L2 proof systems like Electron Labs, we'll need to support general EC arithmetic computations, as well as support L2 verification systems as a backend hook in the Pact language.
ECC Arithmetic
The following functions need to be added in order to support pairing curves:
Initially, we want to support the bn128 pairing curve, but in the future we may want to extend this for other backends that require other curves.
Backend Support
In the vein of the SPV support provided in Pact for the Kadena Mainnet chain, Pact needs to have a similar capability exposed for verifying L2 proofs provided as an entry in any
contmsg. The backend support should be as follows:verify-zk, which provides a hook for Pact integrations to implement and provide L2 proof verification support.contmsg format with an entry calledzkProofwhich can be optionally supplied through API request metadata and run through the backend support.