HackMD - Collaborative Markdown Knowledge Base

# GKR Seoul stay - PSE ## Goal: See if GKR can be the next big thing and whether it will only be useful to make some protocols better or can actually mean a change in paradigm in the ecosystem. The expected outcome of the stay would be to have answers to the questions & topics below: ## Things to explore: - GKR aggregation perf/complexity - Lev - Soowon(GKR full recursion impl using circom / observed that proof size linear to the recursions) - I think it is because of an overhead of compilation of circom circuit (R1CS) to layered arithmetic circuit. So it can be improved by implementation of native layered arithmetic circuit - Soowon - GKR verification inside of a KZG Proof - reducing the sumcheck verification cost can be beneficial for the proving time for the final wrapper circuit - Possible components to check GKR MVP: - BigInt arithmetic - LogUp Improved with GKR for multi-column lookups - Layer complexity for circuits in GKR - How to merge to intermediate steps? - How to encode a VM trace into a GKR circuit? - Which arithmetisation should we use? CCS, Plonkish, R1CS, AIR? - Alternatives to non-determinism in witness for ZKEVM? - Interaction between circuit layers. Is it needed? - Start from ZKEVM project to see where it can be useful there. - ZKML would benefit from that? - Is the SIMD paradigm the only one that we can extract from GKR? Where else is GKR useful in the design? - Any GKR-ways to improve the state of the art of folding schemes? - Can we map GKR to any real use-case thing (tangible) so that we can see how they solve their biggest counterparts? :::info Please, Feel free to add anything that you think would be interesting to check during the stay in Seoul down below. ::: - Better GKR style polynomial identity between layers. - What about having mult-only GKR layers and compute Grandproduct? - Primitive GKR circuit will depend on VM design - Should we start with EVM or? - Should we try to design a new VM? - Should we try to use another existing VM? - Or generally LLVM? - Or should we try to design an 'algebra'-friendly VM? - What should be the instructions for the benchmark? - How much GPU acceleration can improve MSM? - LogUp's fractional circuit idea can be used for GKR circuit for ML # Application ideas See note for details https://hackmd.io/uF9thzLvR-qGDWuDEAAMFA?both: - sha256 with lookups - keccak with lookups - floating point with lookups - DSL for "static computation" with focus on lookups - RISC-U implementation using Lasso + halo2 based Jolt design - WIP Lasso + hyperplonk: https://github.com/DoHoonKim8/plonkish - WIP RISC-U with Lasso simulation: https://github.com/ed255/riscu-jolt - Design of a CPU circuit with co-processors / extensions with lookups