HaRoLd

The big thing holding me back at the moment is Ethereum compatibility, Ethereum doesn't have pairing operations available for any curve other than (alt)bn128. I have come to the realisation...

@amakerofbonnetsandhoods a chain of pairing-friendly curves is good enough. Even one sub-level would allow for aggregate anonymous transactions, where each transaction is a zkSNARK proof using a pairing friendly sub-curve,...

zexe implements in-circuit pairing operations at: * https://github.com/scipr-lab/zexe/blob/master/snark-gadgets/src/pairing/bls12/mod.rs * https://github.com/scipr-lab/zexe/blob/master/snark-gadgets/src/groups/curves/short_weierstrass/bls12/mod.rs * https://github.com/scipr-lab/zexe/blob/master/dpc/src/gadgets/verifier/gm17.rs etc.

For merkle-tree with SHA256, see an example at: https://github.com/barryWhiteHat/miximus/blob/master/src/main.cpp#L84 This uses the two gadgets from libsnark: * merkle_authentication_path_variable * merkle_tree_check_read_gadget These can be used in-conjunction with the SHA256 gadgets from...

There is a programming style that could be used with Ethsnarks to make implementation easier: ```c++ auto m = pb.module("example"); const auto sig = m( EdDSA_Signature() ); auto verify =...

> Encoding to/from json automatically would be a good feature, reducing the need to create custom serialisation functions for each type, e.g. using https://github.com/xyz347/x2struct or Qt slots would make the...

Going to avoid using Boost, as it's a huge dependency and makes it difficult to build for WASM, iOS, Android etc. There are some things which could be easier: ------------...

Things which need to be easily supported, but to be implemented cleanly would require us to extend libsnark Interface improvements: * Arrays of variables * Slices of arrays of variables...

After some testing it seems the disk load of the proving key is nearly instant, however when using the standard `ostream` and `istream` serialisation it takes a significant amount of...

So: * `alt_bn128_q_limbs` is `(alt_bn128_q_bitcoin+GMP_NUMB_BITS-1)/GMP_NUMB_BITS` * `bigint` has `mp_limb_t data[n]` * `Fp_model` has `bigint mont_repr` where `n` is `alt_bn128_q_limbs` (for alt_bn128) * `alt_bn128_Fq` is `Fp_model` * `alt_bn128_g1` has `X`, `Y`...