| Amit Kumar |
New York University |
Proof Carrying Data from folding GKR with protostar |
Present Interactive Verifiable Computation (IVC) frameworks encounter obstacles with the Witness-Multi-Scalar Multiplication (Witness-MSM) barrier, constraining efficiency. We suggest utilizing the Goldwasser-Kalai-Rothblum (GKR) accumulation method to significantly decrease the witness size, surmounting these hurdles. With the Protostar compiler, we shall fold the GKR protocol, boosting computational efficiency. Additionally, we aspire to extend IVC into a Proof Carrying Data architecture, enabling parallel folding in a tree configuration to optimize verification workflows and enhance scalability. |
| Pratyush Mishra |
University of Pennsylvania and Stanford University |
Zippel: A language and compiler for constructing proof systems |
We introduce Zippel, an innovative language and compiler for creating correct and effective succinct proof systems. Zippel enables developers to articulate the protocol in a high-level language that closely mirrors its mathematical embodiment while automatically managing low-level aspects such as parallelism, memory usage, custom hardware utilization, etc. The Zippel compiler also features robust and rapid static analyses that assist developers in identifying protocol soundness and zero-knowledge vulnerabilities. Our aspiration is that Zippel will facilitate easier implementation and experimentation with new proof systems without compromising performance. |
| Julian Sutherland |
Nethermind |
Lean Extraction of Circuit Constraints from Halo2 |
The Halo2 library is a well-established ZK infrastructure toolkit that permits the development of prover/verifier pairs using a high-level domain-specific language embedded within Rust. To formally authenticate circuits in this language and guarantee the utmost security, we intend to create a formal verification harness to efficiently extract constraints from a Halo2 circuit and reason about them in the Lean 4 proof assistant. We have already made considerable advancements in this regard and aim to expand it to accommodate the full range of Halo2 functionalities. |
| Jordan Coppard |
Independent |
ZK Benchmarks |
Performance evaluation (prover time, verifier time, proof gate size) for various categories of proving systems as well as the prover/verifier implementations of those proving systems across different computer architectures (x86_64, ARM). The aim is to establish an intelligible (i.e., not solely a dump of test data) and accessible repository of benchmarks related to the ZK ecosystem, enabling developers, project leads, and the general public to make knowledgeable choices concerning their needs, or simply gain insight into the current landscape (e.g., performance fluctuations, new proving systems, etc.). |
| Stanislav Marycev |
zkFold |
ZKFold Symbolic: a Zero-Knowledge Smart Contract Language |
zkFold Symbolic is the programming language designed for composing zero-knowledge smart contracts. It is a high-level functional language, a subset of Haskell. Contracts crafted in zkFold Symbolic are directly compiled into arithmetic circuits that can be utilized with a variety of zero-knowledge protocols. As a high-level language, it significantly lowers the entry barrier as developers are not required to be specialists in ZK cryptography. By equipping smart contract developers with an adequate tool to harness the power of zero-knowledge protocols, it empowers them to create zk-apps and smart contracts that achieve superior performance and user experience. Furthermore, with an increasing number of developers adopting this paradigm, we are minimizing the on-chain data and computational footprint, effectively scaling Ethereum and EVM chains. |
| Jordan Coppard |
Independent |
ZK Treesitter |
Agnostic treesitter grammars for leading zero-knowledge circuit languages Noir (Aztec) and Cairo (Starkware) that are maintained over time. The goal is to enhance developer tooling and broaden access to resources so developers can select what best suits them. – Editor-agnostic treesitter grammars for Noir and Cairo. – Ongoing maintenance of these grammars as the respective languages evolve. – Comprehensive and easily understood documentation allowing anyone to contribute to these grammars upon release or utilize them as well-organized foundations for other treesitter grammars. |
| Sergey Kaunov |
Independent |
Wasm PLUME |
This initiative aims to enhance the secure/cryptographic PLUME scheme implementation’s accessibility in settings outside the Rust ecosystem. The main goal is to boost the scheme’s adoption by decreasing the divergence of the Wasm release from the default target and presenting a downstream-friendly API. The successful uptake of the project will result in better privacy, streamlined identity management, anonymous moderation, proof of solvency, diverse applications, and increased user adoption within the Ethereum ecosystem. |
| Lako Nema |
Independent |
Onboard users to verifiable KYC |
Our objective is to attract developers to ZK by demonstrating how the usual tools operate together. ZK enthusiastswant to address two inquiries prior to developing an application: what issue can we remedy with it? and what are the steps to create such an application? Our initiative aims to respond to both queries by establishing an open-source end-to-end application focused on verifiable KYC. We believe that private KYC is essential for the extensive adoption of blockchains. Additionally, we want to demonstrate how ZK can facilitate this. Our goal is to construct a straightforward yet robust template for verifiable KYC, utilizing the Noir language. We intend to develop a complete application, enabling proving and verifying on-chain as well as on the client side. Our aim is to enable any new developer to initiate the app with a single command. We will consider the project successful if developers fork and modify it as they seek to deepen their understanding of ZK. We also plan to create blog articles and onboarding documentation to increase the project’s visibility. |
| Albert Garreta |
Nethermind |
LatticeFold execution and folding methods for FRI-based SNARKs |
This grant proposal intends to create and execute a Proof of Concept (PoC) for the LatticeFold folding method [BC24], benchmarking it against current methods like HyperNova. Furthermore, we aim to explore approaches to establish a “STARK-friendly” folding methodology based on LatticeFold. This would enable the application of folding techniques within the context of FRI-based SNARKs (e.g., ethSTARK, Plonky2/3, Risc Zero, Boojum, etc.) Professors Dan Boneh and Binyi Chen, the writers of the LatticeFold paper, have agreed to support our team throughout the project duration. |
| Albert Garreta |
Nethermind |
SNARKs for non-prime arithmetic |
This grant proposal aims to design a SNARK specifically for substantiating statements over rings in the form Z/nZ, where Z is the set of integers and n is an arbitrary integer. This diverges from the traditional framework where statements are articulated over a prime field F_p=Z/pZ for p being a prime number. We plan to concentrate on scenarios where n is a power of 2 or a product of two large primes. This would enable the native proof of statements involving calculations like: RSA-based cryptography operations, CPU processes, floating-point arithmetic (necessary for, e.g., machine learning), non-algebraic hash functions, etc. By “natively,” we refer to every one of these calculations being expressed over Z/nZ, where n is a suitable integer, rather than over a finite field. It is acknowledged that the latter “non-native” arithmetization can result in significant overheads in terms of circuit/R1CS/AIR size. |
| Stefanos Chaliasos |
Independent |
Reproducible ZK Vulnerabilities to Enhance Ecosystem’s Security |
Zero-knowledge proofs (ZKPs), especially SNARKs (Succinct Non-Interactive Argument of Knowledge), have evolved from theoretical constructs to tangible, real-world applications, providing privacy and verifiability. However, the intricacies of crafting and implementing ZKP applications present numerous vulnerabilities. Recent evaluations have highlighted the distinct challenges and vulnerabilities at both the circuit and integration levels within the SNARK architecture, posing considerable risks to ZK systems. Despite progress in automated security measures, their efficacy remains largely untested on extensive, real-world datasets. Moreover, the lack of reproducible examples diminishes the ability of practitioners and researchers to effectively comprehend and alleviate ZK vulnerabilities. This initiative seeks to build upon our prior work on ZK security by creating a comprehensive dataset and framework showcasing reproducible ZK exploits. This resource will act as both an educational tool for newcomers and a detailed study base for specialists. Additionally, we will assess the effectiveness of current security tools against this dataset to identify areas requiring enhancement, ultimately contributing to the development of more robust detection mechanisms. |
| Stefanos Chaliasos |
Independent |
Identifying Private Information Leakage in Zero-Knowledge Applications |
The practical implementation of Zero-Knowledge proofs has become achievable due to the progress in privacy-preserving projects like Zcash. Importantly, in recent years, many SNARK-enabled projects have centered on verifiable computation, with zk-rollups being a significant application. Traditionally, developing ZKP applications has presented a considerable challenge, requiring deep knowledge of libsnark and low-level programming. The advent of more intuitive DSLs such as Circom and arkworks, while alleviating some complexities, still permits critical flaws, including under-constrained vulnerabilities [3]. Recent advancements in ZK programming languages, like Noir and Leo, aim to streamline ZK application development and minimize possible vulnerabilities, attracting a wider developer audience potentially lacking knowledge of cryptographic principles. A common challenge in these higher-level languages, which is also prevalent in lower-level ones, is the exposure of private variable data. For instance, this exposure occurs when a ZK program publicly reveals the sum (z) of a private and a public variable (x and y, respectively). Knowledge of the public input x and the public output z allows one to infer the value of the private variable y. In contrast, hashing the sum of x and y into a public variable z does not expose the value of the private variable y, assuming the security of the hash function. This project proposes the development and implementation of a static analysis framework augmented with taint tracking, input generation, and SMT solving to detect and validate occurrences of private variable information leakage. Our strategy involves generating (1) alerts for potential leaks, (2) errors for confirmed leaks, and (3) visual diagrams tracing private value transfer to public outputs for debugging purposes. Our intent is to apply our method to Noir and subsequently to other ZK DSLs like Leo. |
| Patrick Stiles |
“`html
Independent |
Metal Backend for Icicle MSM |
Facilitating Apple’s M series GPU in Icicle by developing a Metal Shader Language backend for Icicle MSM would unveil GPU performance advantages to all programmers within the zk ecosystem possessing an Apple device equipped with an M series chip. Individuals using only a Macbook would gain comparable GPU performance benefits without the necessity for access to Nvidia GPU devices. These performance enhancements would also significantly influence projects whose data is isolated or cannot exit the host device like client-side proving applications. |
| Gaylord Warner |
ZK Hack |
ZK Whiteboard Sessions Season 2 |
ZK Whiteboard Sessions is an informative video series emphasizing the foundational elements of ZK. It adopts the format of a mini-course, followed by video discussions with leading zk-practitioners, learning collaboratively and sharing insights on a whiteboard. Season 1 was launched in 2022, crafted by ZK Hack in partnership with Polygon. It comprises 19 videos and featured speakers including Dan Boneh from Stanford University, Justin Drake, Mary Maller, Barry Whitehat from Ethereum Foundation, among others. The hosts were Brendan Farmer from Polygon Zero and Bobbin Threadbare from Polygon Miden. ZK Whiteboard Sessions Season 2 will delve deeper into the foundational components of ZK, providing contemporary foundational knowledge for researchers and innovators who are new to ZK, along with 8 new modules, produced by ZK Hack once more. |
| Wenhao Wang |
Yale University |
Cirrus: Efficient and Reliable Distributed SNARK Generation via Computation Delegation |
We propose to create and innovate Cirrus, a fresh protocol for efficient and reliable distributed SNARK proof generation utilizing the concept of computation delegation. The potential applications are widespread, including ZK-Rollups, zkVMs, and diverse ZK applications that involve large circuits. Although current distributed SNARK proof generation methods enhance efficiency and scalability by distributing the workload across various machines, they encounter suboptimal prover time, communication costs, proof size, and verifier duration. Furthermore, they are vulnerable to attacks when malicious nodes participate in the distributed SNARK generation process. Our protocol promises substantial enhancements, achieving linear prover time, constant communication costs per prover, and robustness against rogue provers, thereby addressing existing system bottlenecks. |
| Sergio Chouhy |
Eryx & Manas |
Plonky2 backend for ACIR |
We will broaden the Arithmetic Circuit Intermediate Representation (ACIR) ecosystem by constructing an open-source Arithmetic Circuit Virtual Machine (ACVM) backend for the Plonky2 prover. This initiative will enable users of ACIR-compatible DSLs to leverage the advantages of Plonky2; additionally, it will permit Plonky2 circuit creators to benefit from DSL abstraction & tools (e.g., Noir debugger). We anticipate that throughout development, valuable insights regarding ACIR’s viability as a prevalent standard – and even possible enhancements to it – will materialize. |
| Paul Yu |
Independent |
Lookups comparison table (speed, memory, preprocessing): univariate + multilinear |
We intend to formulate a thorough comparison table that emphasizes the performance (including speed, memory utilization, and preprocessing requirements) of diverse lookup arguments like pylookup, Caulk, Baloo, CQ, Lasso, and LogUP+GKR. This table will assess both univariate and multilinear polynomial commitment-based lookup arguments. The main goal of this project is to benchmark these lookup arguments to aid developers in selecting the most appropriate solutions for production contexts. This involves implementing the aforementioned lookup arguments, generating a benchmark table, and drafting a comprehensive blog post that underscores the primary distinctions and performance metrics of these lookup arguments. The results of this endeavor are crucial for the Ethereum ecosystem, enhancing decision-making for Layer 2 solutions by providing detailed comparisons of lookup arguments, facilitating the conversion of theoretical protocols into production-ready code, and serving as an informative asset for emerging researchers. The project team consists of Harry Liu, Yu-Ming Hsu, Jing-Jie Wang, and Paul Yu, each dedicating significant hours monthly to the initiative. The project will be executed in stages, using a methodology that includes the implementation of lookup arguments using Python, optimization of these arguments according to the original papers, and benchmarking their speed and memory usage. The team will present a table and diagram to accurately compare these metrics across uniform hardware conditions. Polynomial commitment schemes will be implemented as outlined in the original papers or based on educational assumptions in instances where the original research lacks comprehensive protocol specifications. |
| Igor Gulamov |
ZeroPool |
Minimal fully recursive zkDA rollup with sharded storage |
Present rollups publish blocks entirely on Layer 1, which incurs high costs, restricts scalability, and inhibits true recursion. Publishing a rollup’s blocks on another rollup is ineffective, as the data will inevitably rise to Layer 1. We propose a groundbreaking rollup architecture that employs zero-knowledge proofs for data availability, sharded storage, and execution. All proofs are aggregated into a single succinct proof, allowing for efficient verification and enabling unlimited recursion – rollups can be established atop other rollups without restrictions. This innovative design facilitates the transformation of Web2 into Web3, achieving the ultimate scalability goal. Despite their advantages in security and scalability, zk rollups currently trail behind optimistic rollups in recognition due to historical factors. This methodology is not applicable to optimistic rollups, as they cannot produce succinct universal proofs. Our method permits ZK rollups to surpass their rivals. |
| Artem Grigor |
Independent |
ZK-ML-IOS Integration |
This initiative aspires to enhance the existing iOS toolkit for Zero-Knowledge Proofs (ZKP) development. Specifically, the project seeks to add support to the mopro library for a very common proving system – Halo2
“`. Moreover, the initiative will leverage the integration achieved to adapt the cutting-edge Zero-Knowledge Machine Learning (ZKML) library, EZKL, for iOS platforms. Both integrations would serve a broader community and open up more advanced ZKML applications directly on mobile devices, thus broadening the opportunities for data privacy and secure computing on edge gadgets. |
| Chao Ma |
Snarkify |
Sirius |
This project integrates CycleFold into Sirius, the open-source Plonkish Folding Framework designed for Incrementally Verifiable Computation (IVC). CycleFold presents a novel methodology for instantiating folding-scheme-based recursive arguments over a cycle of elliptic curves, introduced in August 2023. CycleFold holds the promise of enhancing folding efficiency by roughly 3x by alleviating the duties of the secondary circuit and minimizing BigInt operations. Notably, Sirius had previously established its primary and secondary IVC circuits symmetrically; with CycleFold, the primary circuit assumes the core functionality, while ECC operations are allocated to the secondary circuit. |
| Hanze Guo |
DLT Science Foundation |
Benchmarking ZK-circuits Across Various SNARKs/STARKs Development Frameworks |
ZKPs, characterized by ZK Layer 2 in contemporary cryptographic applications, present a diverse technical stack, particularly with SNARK and STARKs. Nevertheless, due to the ongoing emergence of new tools and libraries for development, alongside the inherent variety and intricacy, establishing an intuitive and all-encompassing benchmark framework for assessing and analyzing the advantages and disadvantages of different methods remains problematic. Although ongoing research covers extensive benchmarks across multi-layered ZKP environments – including arithmetic, elliptic curve, and circuit levels – there are still gaps in two areas: (1) Incorporation of the newest and most comprehensive ZKP development frameworks (2) Diverse, reusable, standard testing circuits. Consequently, our objectives are to: (1) thoroughly gather and organize the development tools utilized in prominent ZK Layer 2 projects (2) modularly assemble and integrate common algorithms within the cryptography field, encompassing various hash functions, digital signatures, etc., to establish testing circuits across different development platforms (3) leveraging the previously discussed unit testing circuits to comprehensively assess popular ZKP development tools across varied parameters such as curves, hardware, etc., including execution time, proof size, RAM (4) create integrated testing circuits to further evaluate relevant metrics of complex systems and the anticipated cost implications for deployment on specific blockchain networks. |
| Yu Guo |
SECBIT Labs. and The Hong Kong Polytechnic University |
Comparison of Multilinear Polynomial Commitment Schemes |
A polynomial commitment scheme is a potent cryptographic instrument that allows a prover to commit a polynomial to a succinct value and subsequently enables a verifier to validate asserted evaluations of the committed polynomial. Multilinear polynomial commitment schemes are crucial in numerous applications, such as SNARKs (succinct non-interactive argument of knowledge) and lookup arguments. Various constructions of multilinear polynomial commitments exhibit remarkable performance across several dimensions. However, benchmark comparisons for these approaches are deficient. In this initiative, we seek to deliver a thorough comparison of distinct multilinear polynomial commitment schemes, assessing their efficiency, security assumptions, expenses for sustaining zero-knowledge features, batching efficiency, etc. Our findings will provide clear direction to developers in selecting the suitable multilinear polynomial commitment for varying scenarios. |
| Mirror Tang |
Salus |
A Security framework for zkSNARKs development and analysis |
This project aims to create a comprehensive zkSNARKs security framework for the Ethereum community, culminating in a research publication. It emphasizes examining zk security vulnerabilities, such as Layer 2 scalability and blockchain compression, with the objective of forming an open-source vulnerability repository. The framework will equip developers with theoretical backing and practical insights, encompassing circuit implementation, protocol design, and cryptographic primitives. Expected outcomes include the formulation of an open-source security framework, dissemination of technical documentation and tutorials, and improvements to the security architecture and applications of zkSNARK technology, ultimately enhancing the robustness and security standards of the Ethereum ecosystem. |
