constantine
constantine copied to clipboard
mratsim
Constantine: modular, high-performance, zero-dependency cryptography stack for proof systems and blockchain protocols.
Eth2 phase 1 is currently exploring Kate Polynomial Commitment at: - https://dankradfeist.de/ethereum/2020/06/16/kate-polynomial-commitments.html - https://github.com/protolambda/go-kate We could use constantine as an alternate implementation to get an idea of the overhead involved...
Currently we have a `precompute` file which reimplements runtime algorithms to workaround either VM limitations (`when nimvm` is a bit restricted, it cannot used `elif` though that can be worked...
Fuzzing
See https://github.com/status-im/nim-blscurve/pull/53/files for fuzzing with libFuzzer and AFL. Regarding corpus creation, Klee might be interesting to look into: https://klee.github.io/, https://srg.doc.ic.ac.uk/klee18/talks/Zmyslowski-Feeding-the-Fuzzers-with-KLEE.pdf Also OSS-Fuzz is running ecc-diff-fuzzer: https://github.com/google/oss-fuzz/pull/3408, https://github.com/catenacyber/elliptic-curve-differential-fuzzer Though there doesn't...
#108 laid out pairings for BW6-761 but there are still investigation to do on why they don't pass a simple bilinearity test. ## Naive Miller loop The naive Miller Loop...
The following EIPs require support for new curves - EIP 1895 - https://eips.ethereum.org/EIPS/eip-1895 - EIP 1962 - https://eips.ethereum.org/EIPS/eip-1962 - EIP 2539 - https://eips.ethereum.org/EIPS/eip-2539 - EIP 3026 - https://eips.ethereum.org/EIPS/eip-3026 Reference implementation/documentation:...
The embedding curves for Snarks proof composition like BW6-761 have a large number of limbs (2x the embedded curve) by necessity. This makes the n² of schoolbook multiplication quite costly....
The current assembly backend is restricted to up to 384-bit primes (6 limbs) as otherwise it requires register spilling. https://github.com/mratsim/constantine/blob/7f0f5117607707f3698ba14a151039c9ccee7c0b/constantine/arithmetic/limbs_montgomery.nim#L302-L311 For Zero-Knowledge one-layer proof composition, a curve needs to be...
There is currently a growing interest in WASM Snarks for zero-knowledge proofs in the browser: - https://community.zkproof.org/t/zksnarks-in-webassembly-running-demo-and-discussion/30 - https://github.com/iden3/wasmsnark - https://github.com/arnaucube/go-snark/tree/master/wasm For this we have a couple of hurdles to...
Zero Knowledge Proofs work by handling constraints circuits with millions of gates corresponding to field operations. Those can be executed in parallel and the full constant-time design with no branch...
The paper - Avoiding Full Extension Field Arithmetic inPairing Computations\ Craig Costello, Colin Boyd, Juan Manuel Gonz alez Nieto, and Kenneth Koon-Ho Wong, 2010\ https://eprint.iacr.org/2010/104.pdf Proposes quadruple-and-add and octuple-and-add to...