Skip to content

zkSNARK Plonk #454

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Noc2 merged 3 commits into from
Jun 17, 2021
Merged

zkSNARK Plonk #454

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f04b702
create zkSNARK plonk
ashWhiteHat Jun 14, 2021
748cfe7
trusted setup
ashWhiteHat Jun 16, 2021
6b8b559
toxic waste
ashWhiteHat Jun 16, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
119 changes: 119 additions & 0 deletions applications/zk-plonk.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,119 @@
# W3F Open Grant Proposal

* **Project Name:** zk plonk
* **Team Name:** Plasm Network (Shinsaku Ashizawa, Sota Watanabe)
* **Payment Address:** 0xb82EdE43D03fD23dcdb2d066720b3E77F3bedf6d

## Project Overview :page_facing_up:

We have been working on Zk projects and scalability solutions and now we would like to implement Zk plonk pallet.

The plonk is called `universal zkSNARK` because of two reasons. The verification times are constant and original reference string can be used to build proofs with any type of circuit. These features bring significant benefits to both users and developers. For example, the verification time is the same so users don't have to wait so long even when they prove complicated proof, and original reference string can reuse so developers don't have to do trusted setup for each circuit. The plonk will be a core technology in terms of scaling and privacy so we should support.

### Overview

Through this grant, we are going to make a plonk pallet in order for the developer to implement plonk on substrate easily. We are working on scalability solutions but currently, the substrate doesn't support zkSNARK pallet so we think it's a issue to fix. As aforementioned, zkSNARK will be a core technology in blockchain area and especially plonk is cutting edge technology so we are excited to implement this as pallet.

### Project Details

We'd like to implement the plonk library as a pallet in order for developers to customize circuits and use the plonk protocol.

The following diagram is the libraries we are going to implement.

* Polynomial commitment
* Circuit builder
* Generate proof and verify keys
* Verify proof

### Ecosystem Fit

According to Web3 Foundation, there are at least 2 different teams that work on ZK technologies.
- [Zeropool](https://github.com/zeropoolnetwork)
- [Glacier](https://github.com/gbctech)

Glacier is building a Distaff VM for zk-STARK proof generation and verification that are used to make private smart contracts and private credential verifications. The difference between us is that we are making a zkSNARK pallet and they are making a VM which supports STARKs. In terms of Zeropool, they are making private transactions contract pallet using bellman groth16 protocal and we are making zkSNARK libray using plonk.

We believe zkSNARK with plonk will be core technology of next blockchain area. That allows Substrate to protect the privacy and scale on the huge number of transactions without decreasing the security level.

## Team :busts_in_silhouette:

### Team members

* Shinsaku Ashizawa
* Alexsandr Krrupenkin
* Sota Watanabe

### Contact

* **Contact Name:** Shinsaku Ashizawa
* **Contact Email:** shinsaku.ashizawa@artree.co.jp
* **Website:** [Artree](https://artree.co.jp/)

### Legal Structure

* Incorporated in Singapore
* Address: 63 Chulia Street Singapore

### Team's experience
We have been making Plasm Network, a scalable multi-virtual machines smart contract platform on Polkadot supporting cutting edge layer2 solutions. Curretly, another team at Stake techologies is working on the Optimistic Virtual Machine, an unification for all layer2 solutions and a subset of Optimistic Rollup. We have already delivered 4 milestones out of 6. In addition to that, we have already delivered several grants such as Plasma, ECDSA, and ink! playground.

- [Plasma](https://github.com/stakedtechnologies/Plasm)
- [ECDSA](https://github.com/polkadot-js/common/tree/master/packages/util-crypto/src/secp256k1)
- [ink! playground](https://github.com/staketechnologies/ink-playground)

We are also participating in Substrate Builders Program and Substrate Delivery Partners and we have done some PoCs with clients.
- [“Plasm Network” is Adopted as a Blockchain Platform for Payment System by Satsudra HD and DataGateway](https://stake.co.jp/news/20201020english/)
- [Bitpoint and Stake Technologies Collaboration Announcement.](https://stake.co.jp/news/bitpoint_en/)
iously, please list the name of the project and legal entity here.

### Team Code Repos

* https://github.com/PlasmNetwork

### Team LinkedIn Profiles

* https://www.linkedin.com/in/sota-watanabe-b962b3110/

## Development Roadmap :nut_and_bolt:

### Summary
We plan to provide a `plonk` pallet that allows Substrate-based blockchain to execute plonk-based zkSNARK.

### Overview

* **Total Estimated Duration:** 3 months
* **Full-Time Equivalent (FTE):** 1 FTE
* **Total Costs:** 30000 DAI

### Milestone 1 Example — Implement Substrate Modules

* **Estimated Duration:** 3 months
* **FTE:** 1
* **Costs:** 30000 DAI

| Number | Deliverable | Specification |
| -----: | ----------- | ------------- |
| 0a. | License | Apache 2.0 / MIT / Unlicense |
| 0b. | Documentation | We will provide both inline documentation of the code and a basic tutorial that explains how a developer builds a circuit and a user prove their computation through the circuit. |
| 0c. | Testing Guide | Core functions will be fully covered by unit tests and audit to ensure functionality and robustness. In the guide, we will describe how to run these tests. |
| 0d. | Article/Tutorial | We will publish an article/tutorial/workshop that explains
| 1. | make plonk compatible | The dusk-network plonk is compatible with `no-std` so we are going to modify attributes according to [parity-codec](https://github.com/paritytech/parity-scale-codec) and `Rng` to be compatible with Substrate environment. This step allows this pallet to work on resource-constrained execution environments like Substrate runtime, attributes should be modified in accordance with SCALE codec and some versions of Rng can’t be compiled to wasm so we need to research and make it stable as necessary. |
| 2. | implement zkSNARK plonk pallet | We will create a set of plonk-based zkSNARK libraries that allow a developer to build their own circuit and a user to prove their computation validity. Verifying proofs are done by on-chain. Creating the proofs are done by off-chain. |
Copy link
Copy Markdown
Contributor

@mmagician mmagician Jun 16, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

off chain - meaning off-chain worker? or a separate tool?

Copy link
Copy Markdown
Contributor Author

@ashWhiteHat ashWhiteHat Jun 17, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Creating the proofs is done by an off-chain worker.


This zkSNARK plonk is based on [dusk-network plonk](https://github.com/dusk-network/plonk) library.
This zkSNARK plonk pallet provides us following function.
- Building circuits
Copy link
Copy Markdown
Contributor

@mmagician mmagician Jun 16, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You're planning to build circuits through your pallet? This sounds like you're planning to make it interactive, which doesn't make much sense to me, since circuits needed to be programmed by the user. As far as I'm aware, this involves writing code with the help of some tools (like circom, or dusk-plonk would be the fit here I guess) that is later compiled. Please expand on how your pallet would support building circuits

Copy link
Copy Markdown
Contributor Author

@ashWhiteHat ashWhiteHat Jun 17, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @mmagician
Thank you for asking me for details.

You're planning to build circuits through your pallet? This sounds like you're planning to make it interactive, which doesn't make much sense to me, since circuits needed to be programmed by the user.

Yes, the user(Substrate developer) can build their own programmable circuit.

If they want to build a circuit of privacy transfer, following sequence they need.

  1. Build their own circuit on-chain(Substrate node) that checks the validity of transactions
  2. Customize off-chain worker library corresponding to the on-chain circuit
  3. Deploy the Substrate node
  4. The transactor creates proofs and sends transactions through the off-chain worker.

It's a similar structure with circom which deploys verifier contract and this is the verify pallet of this project.
The circom creates proof using the off-chain library and this is the create proof off-chain worker of this project.

Copy link
Copy Markdown
Contributor

@mmagician mmagician Jun 17, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you don't mind I'll lean on the example from circom again. From this tutorial section 2.1, a user needs to write code in order to build their circuit.

So what you're saying is that if a developer wants to build their own circuit, they need to have a separate pallet with the logic for their own circuit? Because, as far as I understand, each circuit will be customised for the developer's own purpose and it's difficult to make it generic.

I could imagine that if there is a common interface, an off-chain worker could be called to build the circuit from whatever code the user has written. Could it be generic enough?

Well if that's the case and I understood your last comment, then the building of the circuit will not happen in your pallet, but rather each developer has to do it independently. And then they can call your pallet's create proof method (assuming there is some standard interface in place) to take whatever circuit they built, supply the secret inputs, and compute the proof. Is my understanding correct?

Copy link
Copy Markdown
Contributor Author

@ashWhiteHat ashWhiteHat Jun 17, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the questions.

If you don't mind I'll lean on the example from circom again. From this tutorial section 2.1, a user needs to write code in order to build their circuit.

This plonk pallet provides a circuit template library.
A user writes code on the provided circuit template library so it doesn't have to have a separate library by itself in the same way as a circom user doesn't need to implement any kind of library just defining constraint.

they need to have a separate pallet with the logic for their own circuit?

No, because this plonk pallet provides a circuit template library.

each circuit will be customised for the developer's own purpose and it's difficult to make it generic.

Each circuit will be customized using a circuit template library and a user define the constraint themselves.

I could imagine that if there is a common interface, an off-chain worker could be called to build the circuit from whatever code the user has written.

Sorry I couldn't understand this.
The circuit can't be added after a developer deploys the Substrate node.

the building of the circuit will not happen in your pallet

The building of the circuit will happen in this plonk pallet using a circuit template library.
A user defines the circuit as following through the plonk pallet.

impl Circuit for TestCircuit {
    const CIRCUIT_ID: [u8; 32] = [0xff; 32];
    fn gadget(
        &mut self,
        composer: &mut StandardComposer,
    ) -> Result<(), Error> {
        let a = composer.add_input(self.a);
        let b = composer.add_input(self.b);
        // Make first constraint a + b = c
        composer.poly_gate(
            a,
            b,
            composer.zero_var(),
            BlsScalar::zero(),
            BlsScalar::one(),
            BlsScalar::one(),
            BlsScalar::zero(),
            BlsScalar::zero(),
            Some(-self.c),
        );
        // Check that a and b are in range
        composer.range_gate(a, 1 << 6);
        composer.range_gate(b, 1 << 5);
        // Make second constraint a * b = d
        composer.poly_gate(
            a,
            b,
            composer.zero_var(),
            BlsScalar::one(),
            BlsScalar::zero(),
            BlsScalar::zero(),
            BlsScalar::one(),
            BlsScalar::zero(),
            Some(-self.d),
        );

        let e = composer.add_input(self.e.into());
        let scalar_mul_result = composer
            .fixed_base_scalar_mul(e, dusk_jubjub::GENERATOR_EXTENDED);
        // Apply the constrain
        composer.assert_equal_public_point(scalar_mul_result, self.f);
        Ok(())
    }
    fn padded_circuit_size(&self) -> usize {
        1 << 11
    }
}

A user circuit is TestCircuit and the Circuit struct is from this pallet.
A user can build a circuit by extending provided Circuit struct and this is a generic circuit template library.
And from the next line, a user defines the constraint.
I hope this example helps you to understand well.
Sorry that was such a long comment 🙇‍♂️

- Creating proofs
- Verifying proofs

## Future Plans

* Zk Rollup implementation
* private transfer protocol

## Additional Information :heavy_plus_sign:
- [web site](https://www.plasmnet.io/)
- [document](https://docs.plasmnet.io/)
- [Twitter](https://twitter.com/Plasm_Network)
- [Medium](https://medium.com/stake-technologies)
- [GitHub](https://github.com/PlasmNetwork)