README.md

draconifors

Milestones

• milestone M1:

  • Poseidon hash in Solidity
    • Implements Poseidon hash in Solidity
    • gas cost of the implementation
  • Experiments with Poseidon hash in Circom with examples
  • Experiments with KimLeeOh Snarkjs implementation with examples
  • Implements Radish circuits in Circom with Poseidon hash and KimLeeOh protocol
  • Creates docker containers for Circom and Snarkjs and architectures draconifors
    • Docker build process clean-up
    • Run setup and compile as a part of watch process
    • Update readme for adding new circuits
    • Add routes for proof generation
    • Add routes for verifier contract generation
  • Compares Poseidon hash to SHA256 used in Radish now (number of constraints and gas gos)
    • Explanation doc of Poseidon hash
    • Number of R1CS comparison
    • Gas cost comparison
  • Compares KimLeeOh to GM17 used in Radish now (proof generation time, proof size, verification time, (updatable) setup size)
    • proof generation time: GM17 vs KimLeeOh
      • numbers of operations (theory)
      • timing of snarkjs poseidon circuit proving (implementation)
      • timing of snarkjs Radish circuit proving (implementation)
    • proof size: GM17 vs KimLeeOh
    • verification time: GM17 vs KimLeeOh
      • numbers of operations (theory)
      • timing of snarkjs verification (implementation)
    • setup size: GM17 vs KimLeeOh
      • numbers of operations (theory)
      • snarkjs poseidon circuit setup size (implementation)
      • snarkjs Radish setup size (implementation)
      • updatable setup
        • explanation and use in Radish
        • implementation

• milestone M2:

  • Implements BLS12-377 curve in Snarkjs
    • implement and test fields algebra
    • implement and test curve algebra
    • implement and test pairing computation
    • test to compile, setup, prove verify a proof with KimLeeOh
  • Implements a mapping tool from Snarkjs to zexey
    • map snarkjs proof to zexey input
    • map snarkjs verification key to zexey input
  • Implements a multiple proof composition in Zexe (n proofs on BLS12-377 --> 1 proof on SW6)
  • Implements a verifier smart contract for SW6 proof
    • template
    • automatic script connected to zexey
  • Tests SW6 with EIP1962 and Geth/Parity integration
    • EIP1962 test
    • Geth integration
    • Parity integration

• milestone M3:

  • Implements HG6 curve
    • implement in C++ zk-swap-libff
    • implement in Rust zexey
  • Adapts M2 to HG6
    • multiple proof composition
    • verifier smart contract
    • Modify EIP1962 and tests

• milestone M4:

  • implement MPC trusted setup for Radish34 (HG6/KimLeeOh)
    • implement code for MPC powers of tau on HG6 curve
    • implement code for MPC Radish34 KimLeeOh polynomials on HG6 curve

Prerequisites

1. Install Docker for Mac

2. Install and start dotdocker

   dotdocker start

Development/Test environment

1. Run docker-compose up -d to run the draconifors containers. Alternately, run docker-compose up to watch the logs of the draconifors-api and draconifors-api-watch containers

2. All circom circuits in draconifors-api/circuits/*.circom are auto-compiled and auto setup using the circom npm library and setup using "Kimleeoh" proving scheme. Corresponding outputs are captured as draconifors-api/artifacts/*.json files. The circuits are auto-compiled, setup and verifier solidity contracts are generated during watch process in draconifors-api-watch container

3. To re-run the circuit compilation process, add a circuit to draconifors-api/circuits/. Then run docker-compose restart && docker-compose logs -f draconifors-api-watch to get the logs of the build process. For development convenience, the test circuits from the circom repo have been added to draconifors-api/circuits/

4. To exec/attach to a running container, run docker-compose exec [SERVICE_NAME] /bin/sh

5. To reset the process, run make duke-nukem at the root of the directory

How to use draconifors-Api

1. Run make test-api on root, to run tests against the routes available on draconifors-Api

2. Following routes are available:

• Healthcheck: Returns status of the koa service. Example: curl -X GET http://localhost:3001/healthcheck

• Poseidon hashing: Returns poseidon hash based on the input data arguments. Example: curl -d '{"t":6, "nRoundsF":8, "nRoundsP":57, "seed":"poseidon", "element":[1,2]}' -X POST http://localhost:3001/poseidon

• Proof generation: Returns generated proof, public signals, off chain verification of proof based on the input data arguments. Example: curl -d '{"circuitName":"multiplier", "witnessInputs": {"a": "2", "b": "4"}}' -X POST http://localhost:3001/generate-proof

Troubleshooting

1. If reset doesn't work, run docker-compose system prune -f && docker-compose build --no-cache && docker-compose up -d

References

• Poseidon hash circuit and contract on circomlib
• KimLeeOh protocol on snarkjs
• BLS12-377 curve implementations in Rust and C++.
• Zexe G16 implementation (Nearly identical to KimLeeOh proof and vk formats)
• Template example of KimLeeOh verifier contract on alt-bn128 curve.
• EIP1962 implementations in Rust and C++
• Tests of EIP1962 on Parity+Waffle and Geth+Truffle.
• HG6 curve paper.
• MPC trusted setup paper and code (Rust, C++)
• Snarkjs Cli for verifier solidity contract