Currently we use an SRS of size 2^16 (see constants.rs), but it would be nice to support bigger sizes. The only problem is that it's GB of data.
Currently, we also have the rust code fetch it, but it might make sense to make the user of zkbtc fetch it by themselves (with wget or something), and then provide a path to it. The rust code would then just check that the checksum matches before using it. Otherwise it would return an error early.
The question is, can we just get the largest SRS and trim it depending on size of circuit? IIRC in plonk (with KZG) we use whatever prefix of the SRS we need, so trimming is natural. I just don't know if larger SRS from https://github.com/iden3/snarkjs#7-prepare-phase-2 actually builds on top of smaller SRS. This is important as we don't want to have to get all of them, just the largest one and use it to verify a proof that was created using a smaller one.
Currently we use an SRS of size 2^16 (see
constants.rs
), but it would be nice to support bigger sizes. The only problem is that it's GB of data.Currently, we also have the rust code fetch it, but it might make sense to make the user of
zkbtc
fetch it by themselves (withwget
or something), and then provide a path to it. The rust code would then just check that the checksum matches before using it. Otherwise it would return an error early.The question is, can we just get the largest SRS and trim it depending on size of circuit? IIRC in plonk (with KZG) we use whatever prefix of the SRS we need, so trimming is natural. I just don't know if larger SRS from https://github.com/iden3/snarkjs#7-prepare-phase-2 actually builds on top of smaller SRS. This is important as we don't want to have to get all of them, just the largest one and use it to verify a proof that was created using a smaller one.