Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

On-chain BLS curve cryptography support #7

Open
cygnusv opened this issue Nov 3, 2022 · 6 comments
Open

On-chain BLS curve cryptography support #7

cygnusv opened this issue Nov 3, 2022 · 6 comments
Assignees
@cygnusv @piotr-roslaniec
Labels
blocked 🛑 research 🧑‍🔬

Comments

@cygnusv
Copy link
Member

cygnusv commented Nov 3, 2022

Research support for running BLS curve cryptography methods on-chain, either on the Ethereum EVM (check state of EIP-2537), or other EVM-compatible rollups. The rationale for this is to verify validity of PVSS instances (i.e., DKG rituals metadata) on-chain.
@piotr-roslaniec
Copy link

piotr-roslaniec commented Nov 3, 2022
edited
Loading

ZK-rollup implementations:

Workarounds

Optimizations

@piotr-roslaniec piotr-roslaniec mentioned this issue Nov 4, 2022
Closed
@cygnusv
Copy link
Member Author

cygnusv commented Nov 11, 2022

Still waiting for the state of EIP-2537. It's being discussed for inclusion in the next Shanghai hardfork (see ethereum/pm#343, ethereum/pm#652), but there's still a lot of uncertainty.

Verifying BLS signatures inside a zkSNARK and then verifying that proof on-chain

This is super cool, but it's important to note that all that hard work is to compute a single pairing, while we would need to compute 2 pairings to verify each transcript, so 2*N pairings for a full DKG ritual. Perhaps it could be very useful for an optimistic verification protocol, i.e., all DKG transcripts are assumed correct unless someone posts a fault proof. In such case, the fault proof will be only for an incorrect transcripts, so the zkSNARKs approach could be applicable.

Optimized BLS multisignatures on EVM

Unfortunately, this is for BLS signatures on BN128 curve (which have precompiles on Ethereum), but not for BLS12-381 curve.

@piotr-roslaniec
Copy link

piotr-roslaniec commented Nov 12, 2022
edited
Loading

Perhaps it could be very useful for an optimistic verification protocol

This could present a very interesting design trade-off if we decide to use L1/L2 for verification. On a different note, there is a trend out there where more expressive zk proofs are being used to implement complex algorithms, and then simpler zk constructions are used to "compress" the former. Imagine rolling a STARK into a Groth16 for example. This is firmly in the R&D space thought.

Still waiting for the state of EIP-2537

According to the latest Ethereum Core Devs meeting, we need another few weeks for a final decision to be reached

@cygnusv Any thoughts on this one? NethermindEth/optimized_ecc_cairo

@arjunhassard arjunhassard mentioned this issue Mar 3, 2023
Closed
6 tasks
@piotr-roslaniec
Copy link

We decided to wait for the activation of the EIP-2537, and hence this issue is blocked.

@cygnusv cygnusv mentioned this issue Sep 15, 2023
Open
@cygnusv
Copy link
Member Author

cygnusv commented Feb 17, 2024

According to hearsay, EIP 2537 may be activated in the Pectra soft fork in late 2024.

See https://www.galaxy.com/insights/research/ethereum-all-core-developers-execution-call-181/

@piotr-roslaniec
Copy link

Confirmed to be a part of Pectra: https://eips.ethereum.org/EIPS/eip-7600

@cygnusv cygnusv mentioned this issue Jul 25, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cygnusv cygnusv

@piotr-roslaniec piotr-roslaniec

Labels
blocked 🛑 research 🧑‍🔬
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cygnusv @piotr-roslaniec