Logo

    CryptoNet is a Protocol Labs initiative.

    🖇️

    New Vector Commitment

    Status
    đź”´
    DRI
    D
    Deleted User
    Team
    đź“– Research Enablers
    Date
    Goal
    ⚖️Translations Proofs
    Quarter

    Goal

    Given we can use a new proof system, we have the opportunity to consider a new vector commitment which is either

    • Cheaper to compute on its own
    • More adapted to the the new proof system

    This section explores multiple options on these fronts

    Using Verkle Trees

    As a concrete example:

    • We build a Verkle Tree using BLS12-377 as the base curve
    • Arity is 256
    • That means there are four layers in the Verkle Tree

    A “inclusion proof” contains the following:

    1. All the C_i (2) that goes from the root to the leaf (minus root)
2. All inclusion proofs (or one batched proof in practice)

    Verifying a “path” means the following roughly:

    Start from the leaf and go upward:
 1. Verify the inclusion proof of the current node in the next C_i
 2. node = H(C_i)
    ‣
    Verifying KZG proofs in circuits

    To verify a KZG proofs the verifier needs to do:

    1. 1 G1 scalarMul
    2. 1 G2 scalarMul
    3. 1 “sub” on G1
    4. 1 “sub” on G2
    5. 2 pairings or 1 pairing “check”

    For our current application that would mean in practice:

    1. Hashing: 3000 (# inclusion proof) * 565 (cost of hashing) * 3 = 5M
2. Opening Proofs:see below

    Verify an opening proof in circuit

    1. Verify a pairing check:
    bls12-381 over bls12-381 : 2.6M constraint
    1. G1 scalar mul