Goal

Strategies

1. Direct translation: Translate directly from the Poseidon hashing in one curve to the poseidon hashing in another curve using non native arithmetics.

Pros: A SP can directly take advantage of another proof system, no need for change on current proof system

Cons: costly + translation is only useful for one other proof system/curve, not for all

2. “Curve agnostic hash”: Take the commR in Poseidon, make a translation proof on sha256 / blake2 etc. Then any curve / proof system can directly translate from this hash function to the “snark friendly hash function” they want to use for this proof system.

Pros: Once translation is done for a “curve agnostic” hash function, then it can be re-used for multiple proofs system → multitude of proof systems/curve available at once

Cons: extra cost for SP that needs to do this intermediate step, “2 proofs” instead of 1 per sector now.

3. New Vector Commitment: Changing proof system and curves also allows us to change vector commitment at the same time ! Depending on which VC we use the translation cost may be acceptable !

Challenges:

• Bit Sizes: challenge is to embed the data inside another scalar field of the other curve. We need 255 bits however the major curves out there are 252 or 254 bits !
• Non Native / Common inputs: We need to make sure the same data are input to both proof system , there needs to be a “link” between the two !

Overview

Cost of Poseidon hashing in Filecoin

8-arity Hash = 565 constraints

Field additions  = 5850
Field multiplications  = 5652

// "Width" (or "capacity").
t = arity + 1

// Number of full and partial rounds.
rf, fp = lookup round numbers for `t` in table:
    https://github.com/lurk-lab/neptune/blob/master/parameters/round_numbers.txt

// Total number of rounds.
r = rf + rp

// The number of field operations required to an sbox: x^5 = (x^2)^2 * x.
muls_per_sbox = 3

// Number of sbox field multiplications per full/partial round.
sbox_muls_per_rf = t * muls_per_sbox
sbox_muls_per_rp = muls_per_sbox

// Number of field additions per round for adding round constants into `state`.
rc_adds_per_round = t

// Number of field operations per matrix-vector multiplication (of MDS matrix with `state` vector).
mds_adds_per_round = t^2
mds_muls_per_round = t^2

// Total number of field operation:
total_adds = r * (rc_adds_per_round + mds_adds_per_round)
total_muls = r * mds_muls_per_round + rf * sbox_muls_per_rf + rp * sbox_muls_per_rp

t = arity + 1 = 9
rf, rp = 8, 57
r = rf + rp = 65
sbox_muls_per_rf = 3 * t = 27
sbox_muls_per_rp = 3
rc_adds_per_round = t = 9
mds_mixing_adds_per_round, mds_mixing_muls_per_round = t^2 = 81

total_adds = 65 * (9 + 81) = 5850
total_muls = 65 * 81 + 8 * 27 + 57 * 3 = 5652

Cost of translation proof

Milestones and roadmap

🚩

Milestones

‣

📖 Research Enablers

Name	Status	Quarter	DRI	Date	OKR	🎒 Team backlog ㊙️
Testudo is audited	Not started	2023Q4		August 31, 2023
Testudo is launched into Filecoin	Not started	2023Q4		September 30, 2023
Filecoin Proofs are written for Testudo	Not started			May 31, 2023
FIP for adding support to Testudo Proofs	Not started			May 31, 2023
Paper is public	Not started			May 31, 2023
New proofs are live in Filecoin Testnet	Not started			June 30, 2023
Add Ability to support circuits	Not started	2023Q1		March 31, 2023
Verification circuit for Testudo	Not started	2023Q1		March 31, 2023
More optimizations if needed	Not started	2023Q2		April 30, 2023
Aggregation feature implemented	Not started	2023Q2		June 30, 2023
Trusted setup is finalized	Not started	2023Q2		May 31, 2023
Make portions of the Filecoin state proof friendly ❓	Not started	2023Q4
Efficient data updatability inside sectors ❓	Not started	2023Q4
Replace Merkle trees with VC in Filecoin PoRep ❓	Not started	2023Q4
The new doc needs feedback https://drive.google.com/file/d/1cuOeos7MT7ZAJWtPB3OS8us0v25fsHdp/view?usp=sharing	⚪️	2022Q3	Nicola
Small universal trusted setup	🔵	2023Q1		January 31, 2023
Efficient SNARKs over Vector Committed data	🔵	2023Q2
Solve BDSC for Plonk with Caulk/Muppets/Baloo	🔵	2022Q4	Anca Nitulescu
Solve BDSC for Groth16(+Testudo) with Caulk	🔵	2022Q4
Pebbling PoS: SDR and NSE improvements and tighter analysis	🔵	2023Q3	Matteo Campanelli	April 1, 2023 → June 30, 2023	KR2: A new team is assembled to propose a formal model, gather requirements and ship an early design for a new Proof of Space to de-risk SDR aging
🔭 🛠️ New Proof of Space Constructions	🔵	2023Q3	Matteo Campanelli	March 1, 2023 → September 30, 2023	KR2: A new team is assembled to propose a formal model, gather requirements and ship an early design for a new Proof of Space to de-risk SDR aging
🔭 Proof of Space: educational material	🔵	2023Q3	Anca Nitulescu	April 17, 2023 → May 26, 2023	KR4: A new proof of space website with educational material attracts 10 different groups
⚖️ Translations Proofs	🔵	2023Q2	nikkolasg g	March 24, 2023 → May 30, 2023	KR12: Demo of verifiable computation over Filecoin data
🛠️ Enabling Filecoin Client Data Usage	🔵	2023Q2	nikkolasg g	May 20, 2023 → June 30, 2023	KR12: Demo of verifiable computation over Filecoin data
Radical New PoS (and new space-hardness assumptions)	🔵	2023Q2	Matteo Campanelli	May 15, 2023 → July 31, 2023
PoS page needs feedback and more material	🔵
Proof of Space primer	🔵	2023Q2	Matteo Campanelli	April 1, 2023 → June 30, 2023	KR2: A new team is assembled to propose a formal model, gather requirements and ship an early design for a new Proof of Space to de-risk SDR aging
Onboarding devs on Testudo	🔵	2023Q2	nikkolasg g
Paper	🔵	2023Q2	Rosario Gennaro	March 27, 2023 → May 31, 2023
Outreach And Collaboration	🔵	2023Q2	Max	March 26, 2023 → April 7, 2023
Code documentation	🔵	2023Q1	Mara Mihali	February 17, 2023
Testudo81 v1: Ready for writing proofs	🟡	2023Q2	nikkolasg g
Testudo81 Filecoin Proofs live on testnet	🟡	2023Q2	nikkolasg g
Testudo81 Filecoin Proofs live on mainnet	🟡	2023Q3	nikkolasg g
	🟡	2023Q1	Anca Nitulescu
🛡️ Testudo	🟡	2023Q4	nikkolasg g
Testudo77: Implementation: Batching + Aggregation	🟡	2023Q2
Have 5 Network Grants	✅	2022Q4	Rosario Gennaro
Testudo77 v0.1: Initial performance prediction	✅	2022Q4	nikkolasg g
Testudo77 v0.2: Basic research done	✅	2022Q4	nikkolasg g
Testudo81 v0.3: De-risking Filecoin deployment	✅	2023Q1	nikkolasg g
Can we design a Trusted Setup for Testudo?	✅	2023Q1		February 28, 2023
Backward compatible solution BLS12-381 designed	✅	2023Q1		February 28, 2023
Can Bellperson speed ups make Testudo 4x faster than Groth16? (blst+GPU) (low risk)	✅	2023Q2	nikkolasg g	February 28, 2023
Establish if the protocol can be used to replace current FIL proofs	✅	2022Q4
Compare protocol to other SNARKS with universal trusted setup	✅	2022Q4
Design of foundational Vector Commitment schemes	✅	2022Q3	Anca Nitulescu
PoS: new page for educational material	✅	2023Q2	Anca Nitulescu	May 8, 2023 → May 26, 2023	KR4: A new proof of space website with educational material attracts 10 different groups
Network Grants Program paused	✅	2023Q3	Rosario Gennaro
Linear-map VC: unify all the great properties of different VC	✅	2022Q2	Anca Nitulescu
Caulk: Vector commitments that can have linkability property	✅	2022Q2	Anca Nitulescu
Muppets: Vector commitment that has trade-offs between computation and space	✅	2022Q3	Anca Nitulescu
Blog post on Testudo	✅	2023Q1	Rosario Gennaro	February 27, 2023 → March 27, 2023
➿ Curve Agnostic Hash Translation	✅	2023Q2	nikkolasg g	April 24, 2023 → May 10, 2023	KR12: Demo of verifiable computation over Filecoin data
➰ Direct Translation Exploration	✅	2023Q2	nikkolasg g	April 24, 2023 → May 10, 2023	KR12: Demo of verifiable computation over Filecoin data
New formal Research Statement	✅	2022Q3	Anca Nitulescu
Theory: Computational commitment de-risked	✅	2023Q1	Matteo Campanelli	February 24, 2023
Theory: Aggregation protocol	✅	2023Q2	Rosario Gennaro
Have 5 more Network Grants and 1 External Event	🔴	2023Q1	Rosario Gennaro
Have 5 more Network Grants and 1 more External Event	🔴	2023Q2	Rosario Gennaro
Have 5 more Network Grants	🔴	2023Q3	Rosario Gennaro
Will the final proof size and verification time be acceptable for Filecoin?	🔴	2023Q2	nikkolasg g	March 31, 2023
Implementation of the Lookup Table	🔴	2023Q2	Anca Nitulescu
Vector Commitments for Proof of Space and Merkle Trees	🔴	2023Q4	Anca Nitulescu
🔍 Lookup SNARK (for SHA)	🔴	2023Q4	Anca Nitulescu
Privacy-Preserving Content Routing	🔴	2022Q4	Anca Nitulescu
🖇️ New Vector Commitment	🔴		nikkolasg g
Create open problem page to open the problem to the community	🔴	2023Q1	Matteo Campanelli	March 13, 2023 → March 13, 2023

‣

🔮 Protocol Opportunities

Name	Status	Quarter	DRI	Date	OKR	🎒 Team backlog ㊙️
Planning session to understand timeline	Not started	2023Q1	Kubuxu
Model the qap pricing and characterise where Filecoin consensus security comes from;	⚪️	2023Q2	Irene	May 8, 2023 → June 10, 2023	KR3: An updated security model for Proof of Space and QAP pricing security is published
Design & analysis for consensus changes for interop	Not started	2023Q3	Alex North		KR10: Concrete proposal to enable Export Filecoin into other chains
Storage fees	Not started	2023Q3	Alex North
New miner APIs for onboarding (w/ Free CommD)	Not started	2023Q3	Alex North
Report about consensus security	Not started	2023Q2	Irene	May 28, 2023 → June 10, 2023
Documentation	Not started	2023Q2	Kubuxu
Deploy PoRep safety mechanism to Filecoin	Not started	2023Q2	Alex North		KR3: An updated security model for Proof of Space and QAP pricing security is published KR1: No known unaddressed high severity protocol and cryptography issues (including Cron safety)
Verifiable Off-chain Data Aggregation	🔵	2023Q2	Kubuxu		KR11: 3 players using verifiable off-chain data aggregation and market for subpieces
Replacement Sealing Forcing Function & PoRep Security Policy (FIP-47prime)	🔵	2023Q2	Kubuxu	October 1, 2022 → June 19, 2023	KR1: No known unaddressed high severity protocol and cryptography issues (including Cron safety) KR3: An updated security model for Proof of Space and QAP pricing security is published
🦿 Synthetic PoRep	🔵	2023Q2	Irene	March 24, 2023 → June 30, 2023
🏦 Pledge Collateral Shortfall	🔵	2023Q2	Alex North	March 17, 2023 → June 30, 2023	KR6: Short-term liquidity issue addressed (pledge shortfall)
(security) Filecoin Protocol Review	🔵	2023Q2	Irene	March 6, 2023 → June 10, 2023	KR7: Leverage CC-Sector upgrade pipeline to onboard XXX storage (via SaaS, Snapdealv2, etc)
↗️ [2023Q2] CC Sector Upgrade: Guidelines and Modeling	🔵	2023Q2	Luca	March 20, 2023 → June 12, 2023	KR7: Leverage CC-Sector upgrade pipeline to onboard XXX storage (via SaaS, Snapdealv2, etc)
Report about model and findings	🔵	2023Q2	Luca	May 1, 2023 → June 12, 2023	KR7: Leverage CC-Sector upgrade pipeline to onboard XXX storage (via SaaS, Snapdealv2, etc)
Data on-boarding pipeline	🔵	2023Q2	Irene	February 1, 2023 → June 14, 2023	KR5: Launch Cryptonet Intelligence and publish 3 reports on Filecoin to align opportunities in the network
Identify opportunities	🔵	2023Q1	Irene	February 1, 2023 → March 31, 2023
Enabling programmable storage applications	🔵	2023Q2	Alex North
On-chain Aggregator	🔵	2023Q3	Kubuxu	May 15, 2023 → June 29, 2023
DagHouse integration	🔵	2023Q2	Kubuxu	March 15, 2023 → June 15, 2023
(ex)Estuary integration	🔵	2023Q2	Kubuxu	May 29, 2023 → June 2, 2023
Data collateral without the built-in market	🔵	2023Q2	Alex North
Technical Report - “Proof of Useful Space in Filecoin”	🔵	2023Q2	Irene	June 25, 2023
Scaling FIL+ VC Allocation	🔵	2023Q3	nikkolasg g
Deal Aggregators Market (L2 Deals)	🔵	2023Q4	Kubuxu	May 8, 2023 → October 31, 2023	KR9: Remove the top bottleneck for data onboarding via ready to deploy FIPs by reducing costs and reduce complexity (we will decide based on prioritization: e.g. early deal activation, separation of deals from sectors)
Synthetic PoRep is ready to be deployed	🔵	2023Q2	Irene	May 8, 2023 → June 30, 2023
Publish FIP-0047 replacement	🔵	2023Q2	Kubuxu	April 10, 2023 → June 19, 2023	KR3: An updated security model for Proof of Space and QAP pricing security is published KR1: No known unaddressed high severity protocol and cryptography issues (including Cron safety)
FRC merged (waiting on Kaitlyn to assign number and merge)	🔵		Kubuxu	February 27, 2023 → March 3, 2023
🤝 Filecoin cross-chain interoperability	🟡	2023Q4	Alex North		KR10: Concrete proposal to enable Export Filecoin into other chains
Background research on consensus/snapshot/finality options	🟡	2023Q2	Alex North		KR10: Concrete proposal to enable Export Filecoin into other chains
Create the FIP for SnapDeal v2	🟡	2023Q2	Luca	April 2, 2023
Implement it (MVP)	✅	2023Q1	Kubuxu	February 20, 2023 → February 24, 2023
Integration with existing libraries	✅	2023Q2	Kubuxu
User Friendly API	✅	2023Q1	Kubuxu	February 27, 2023 → March 10, 2023
First prototype for inclusion proofs during computation of CommP	✅	2023Q1	Kubuxu	February 20, 2023 → February 24, 2023
Kuba will complete the two sections (security and design reasoning)	✅		Kubuxu
Commitment Scheme format agreement	✅	2022Q4	Kubuxu	March 19, 2023 → March 19, 2023
Software for generation of data segments inclusion proof	✅	2023Q2	Kubuxu	February 12, 2023 → March 24, 2023
Support for verifying data segment inclusion proofs on-chain	✅	2023Q1	Kubuxu	February 12, 2023 → March 17, 2023
Built-in actors API for user-programmed actors	✅	2022Q4	Kubuxu
(security) Short term fix for Cron	✅	2023Q1	Alex North		KR1: No known unaddressed high severity protocol and cryptography issues (including Cron safety)
FIP for Synthetic PoRep	✅	2023Q1	Irene	March 31, 2023 → April 7, 2023
Draft ideas to make SnapDeal cheaper	✅	2023Q1	Luca	February 10, 2023
FIP-0047 and code are ready	✅	2022Q4	Kubuxu	October 1, 2022 → December 22, 2022	KR1: No known unaddressed high severity protocol and cryptography issues (including Cron safety)
Create the model for cost/profit to compare CC sector upgrade with deal sector strategy	✅	2023Q1	Luca	March 20, 2023 → April 1, 2023	KR7: Leverage CC-Sector upgrade pipeline to onboard XXX storage (via SaaS, Snapdealv2, etc)
Gather initial feedback about the design for deals larger than sectors	✅	2023Q2	Irene	April 3, 2023 → May 1, 2023
	✅	2023Q2	Irene
Publish specs for public discussion	✅	2023Q2	Alex North	April 12, 2023 → May 20, 2023
Implement the model	✅	2023Q2	Luca	April 10, 2023 → May 1, 2023	KR7: Leverage CC-Sector upgrade pipeline to onboard XXX storage (via SaaS, Snapdealv2, etc)
Obtain cost estimation for the different solutions	✅	2023Q2	Luca	April 3, 2023
Figure out design to avoid FIP-0047 after all	✅	2023Q1	Kubuxu	January 10, 2023 → March 15, 2023	KR1: No known unaddressed high severity protocol and cryptography issues (including Cron safety)
Code	✅	2023Q1	Alex North
Gather initial feedback from SPs	✅	2023Q2	Luca	March 31, 2023
	✅	2023Q2	Irene	March 20, 2023 → April 15, 2023
	✅	2023Q2	Irene	March 6, 2023 → March 31, 2023
Short-term FIP is shipped	✅	2023Q1	Alex North
Short-term FIP is in the public	✅	2023Q1	Alex North
Gather initial feedback from SP	✅	2023Q1	Alex North	May 17, 2023 → May 24, 2023
Resolve int overflow TODOs	✅	2023Q2	Kubuxu
Export Format	✅	2023Q2	Kubuxu
Storage Format	✅	2023Q2	Kubuxu	February 27, 2023 → March 10, 2023
Testing	✅	2023Q2	Kubuxu	February 27, 2023 → March 10, 2023
Find parameters and alternative proposals and sync with CEL	✅	2023Q2	Alex North	March 19, 2023 → May 31, 2023
Generate test vectors for solidity implementation	✅	2023Q1	Kubuxu	February 20, 2023 → February 24, 2023
Lib and docs	✅	2023Q1
Decoder for boost	✅	2023Q1	Kubuxu	February 13, 2023 → February 17, 2023
Negative tests and test vectors	✅	2023Q2	Kubuxu
Draft a new concrete proposal w/ analysis of impact	✅	2023Q1	Alex North	March 27, 2023 → April 28, 2023
Synthetic PoRep shipping effort	✅	2023Q2	Irene	March 24, 2023 → March 31, 2023
FRC is reviewed and approved (continuing with minor edits and chasing people)	✅		Kubuxu	February 13, 2023 → February 24, 2023
Data Prepapers API Standard	🔴	2023Q1	Kubuxu
SubPieceCID Registry smart contract with Merkle trees verification	🔴	2023Q2	Kubuxu
FIP for Deal Pre-activation (based on ad-hoc collateral)	🔴	2023Q2	Irene
Repeatedly updatable storage ("Re-snap")	🔴	2023Q2	Kubuxu
🥁 SnapDeal v2	🔴	2023Q2	Luca	March 31, 2023
(advising) 🍝  FilFil: PeSto and Filecoin Archive	🔴	2023Q2	Irene	March 31, 2023

‣

🏗️ Product Builders

Name	Status	Quarter	DRI	Date	OKR	🎒 Team backlog ㊙️
Public Decryption (Timelock example) + Randomness Beacon	Not started	2023Q2	nikkolasg g
Permissionless network	Not started	2023Q2	nikkolasg g
Rebrand demo application	Not started
Select partners to run independent nodes	Not started	2023Q2	nikkolasg g
Security audit	Not started	2023Q2	nikkolasg g
Secret Resharing (on pause)	Not started	2023Q2	nikkolasg g
Cryptoeconomic model and implementation	Not started	2023Q2	nikkolasg g
Mainnet ready	Not started	2023Q2	nikkolasg g
New cofounder	🔵	2023Q2	Jonathan Easterman
Applications use Medusa	🔵	2023Q2	nikkolasg g
Medusa v0.1.1: Minor features (gas, revoke, etc)	🔵	2023Q1	nikkolasg g	February 28, 2023 → February 28, 2023
Pitch deck v2 in progress with external feedback	🔵	2023Q1	Max
New website with new production branding	🔵	2023Q1	Max
Improve network ops	🔵	2023Q1	Jonathan Easterman
Launch Retriev	🟡	2023Q2	Max
Derisking	🟡	2023Q2	Max
Deploy a concrete Access Control application	✅	2022Q3	nikkolasg g
Feature complete with all cryptographic proofs	✅	2022Q4	nikkolasg g
Production ready testnet on Filecoin & Arbitrum (TBD)	✅	2023Q1	nikkolasg g
Spin off and real customers	✅	2023Q1	Max
Two storage products reach testnet (Retriev.org, Web3bounty.app)	✅	2022Q4	Irene
Arbitrum testnet deployed	✅	2022Q4	nikkolasg g
Medusa is now on FVM Launch (Announced at Spacewarp)	✅	2023Q1	nikkolasg g
Public Launch Announcements (est. 10 Feb) with Branding + Documentation	✅	2023Q1	nikkolasg g	February 15, 2023 → February 15, 2023
Developers + Project documentation	✅	2023Q1	Jonathan Easterman
Pitch deck v1	✅	2023Q1	Max
Handle RPC outages gracefully	✅
Present a Medusa Workshop to Spacewarp builders	✅
At least 2 people are using Medusa in Spacewarp projects	✅
DKG proofs - testing phase now	✅
“Just” need to merge PR	✅
🐙 Medusa	✅	2023Q1	nikkolasg g
Entity formation	✅
Nucleate Medusa	✅	2023Q2	Max
Onchain.Storage data wallet dashboard	🔴	2022Q4	Max
🗃️ Retriev.org	🔴	2023Q2	Max