Open yagnadeepxo opened 4 months ago
enricobottazzi
commented
4 months ago Thanks for the proposal! I believe that this can be useful to improve the readability and auditability of Summa V1.
It would be interesting to know if this comes with a performance cost. Can you provide any benchmarks ?
The main cost in our V1 circuit is the Poseidon hasher so it would be interesting to know more about the hardware acceleration for that
enricobottazzi
commented
4 months ago Also I didn't get the IVC part, can you elaborate on that ?
yagnadeepxo
commented
4 months ago Also I didn't get the IVC part, can you elaborate on that ?
IVC part I was talking about how IVC is used in summa right now to increase the trust of custodian. I was skeptical about why Nova is chosen
yagnadeepxo
commented
4 months ago Thanks for the proposal! I believe that this can be useful to improve the readability and auditability of Summa V1.
It would be interesting to know if this comes with a performance cost. Can you provide any benchmarks ?
The main cost in our V1 circuit is the Poseidon hasher so it would be interesting to know more about the hardware acceleration for that
True, i currently don't have the benchmarks, i will look into it
yagnadeepxo
commented
4 months ago @enricobottazzi Poseidon hash function implemented in CUDA running on GPU would be faster than poseidon implemented in halo2, we can reduce the cost with this, ingonyama icicle already has support for the same. I currently don't have the benchmarks
New Architecture
The previous architecture of summa solvency uses PSE fork of halo2 which uses KZG commitment scheme so the proof can be verified on ethereum mainnet(L1). This new architecture uses succinct labs SP1 which is a zkVM to prove arbitrary rust programs and the proofs can be verified faster on Aligned layer which rents security from Eigen layer. Eigen Layer also allows us to inherit Ethereum’s security and censorship resistance by building a new Actively Validated Service (AVS).
Why
1) Using Rust for writing proofs and generating them with zkVM offers greater flexibility and efficiency compared to halo2, enabling more direct control over proof logic and optimisation for faster and more reliable zero-knowledge proofs. 2) Ethereum was not originally built to accommodate the latest developments in zero-knowledge (ZK) research. By adopting this new approach, we avoid being limited to specific commitment schemes or similar constraints. 3) Future enhancements and updates to the protocol will be more manageable with the use of SP1.
Architecture
Here the guest code can be summa halo2 implementation of merkle_sum_tree.rs which now can be implemented in rust and be fed into the zkVM. This approach gives us extra control over the verification process of the proof generated by MST (merkle sum tree) rather than depending on halo2 API.
Advantages
1) Leveraging Rust's performance capabilities, the architecture incorporates the Ingonyama Poseidon hasher, enabling hardware acceleration techniques that significantly reduce the time required to generate zero-knowledge proofs, thereby enhancing the system's overall efficiency.
2) The SP1 framework, built on Plonky3 architecture, removes the need for a trusted setup by utilizing the PLONK proof system and Fast Reed-Solomon Interactive Oracle Proofs (FRI), ensuring a higher level of security and trustlessness in proof generation.
3) This architecture might improve proof generation and verification speeds by optimising computational resources and algorithmic efficiency, ensuring that even complex verifiable computations can be conducted swiftly and more economically.
4) Enhanced Developer Experience: By leveraging Rust's safety features and the expressive power of SP1, developers can write more secure and reliable zero-knowledge circuits. This improvement in developer experience can accelerate the adoption and innovation of ZK technologies.
5) Broader Cryptographic Support: The architecture can easily integrate with a wide range of cryptographic primitives and protocols, further expanding its applicability and security assurances across various blockchain and cryptographic applications.
6) Incremental Verifiability and Folding Scheme Optimization: This system enhances the scalability and security of large-scale computations through Incrementally Verifiable Computation (IVC). By segmenting computations into smaller, independently verifiable parts, we significantly boost the verifiability of complex processes. Moving beyond the Nova Scotia adapter for Circom R1CS, we leverage Rust's advanced capabilities to adopt more sophisticated folding schemes like Protogalaxy and Hypernova. This transition enables us to utilize the full potential of Rust's performance and SP1's architectural benefits, providing a more flexible, efficient, and secure framework for zero-knowledge proof generation and verification.
Implementation:
naive implementation of summa-solvency using SP1 by @yagnadeepxo github
References: eigen layer whitepaper aligned layer blog summa-solvency ingonyama poseidon hasher Nova Scotia Nova white paper protogalaxy