arnaucube
commented
9 months ago Unsure why do we add the MNT curves here. To avoid Foreign Field ops in-circuit? If not can you explain?
Ideally I would have avoided the use of the MNT curves, and would have used directly BN254 - Grumpkin cycle, but at the latest release of arkworks (v0.4.0) the BN254 does not have the constraints implemented, which was added recently (by you here hehe), so once we migrate to the new arkworks version (which is not yet released) we can enjoy the BN254 R1CS constraints. But for the moment for this test needed a cycle of curves with pairings, so used the MNT cycle for the test.
Regarding arkworks versions, there have been substantial improvements and fixes on many arkworks crates over this past year (since v0.4.0) release, just sent a msg in arkworks chat asking if there are plans to do a new release with all those changes that we would benefit from (eg. the mentioned bn254 constraints, some fixes, and maybe also the new configurable nonnativefield gadgets).
CPerezz
Nova onchain decider: (compressed SNARK / final proof), in order to later verify the Nova+CycleFold proofs onchain (in Ethereum’s EVM).
As a sidenote info, these past days I've been benchmarking the decider circuit, and next thing I'll do is to work on the step 6 of the decider circuit (src/folding/nova/decider_eth_circuit.rs#L418) because the current approach takes too many constraints.