ZKVM backends, shielded anoma timeline

For the interfece between Anoma/backend/juvix see: https://hackmd.io/Hu6SEI_rS_mbLbR-fEF_7g?view ## Shielded Anoma v1 timeline Things to implement, with : * shielded commitment to the resource. Currently there is the transparent commitment implemented, which is the resource itself. * value balance check. * compliance circuit. * In linear resource consumption model, proofs of membership to the resource commitment tree and nullifier set. * Resource Logic proof. Currently the resource logic proof is the resource logic itself. List of cryptographic primitives we need: * Arithmetic curve operations * Pedersen hash * Hash to curve point (via Pedersen) * Poseidon hash ## zkVM scenarios For consistency over this document let's call: _High-level language_: what Juvix compiles to _Low level language_: the language we use to write the compliance circuit ### Cairo approaches #### Full Cairo (lambdaclass) _High-level language_ : CairoZero _low-level language_: CairoZero Pros: * Existing community of developer we can leverage * Easier to write the cryptographic primitives Cons: * Not efficient implementation of the compliance circuit * Back-end proving systems has to support Cairo (No flexibility) implementation time: 2-3 months #### CairoZero-AIR hybrid _High-level language_ : Cairo (Zero or 1) _low-level language_: AIR Pros: * Existing community of developer we can leverage * Efficient implementation of the compiler circuit * Easier to switch between STARK-based proving system (Flexibility) Cons: * Harder to write the compliance circuit (no experience of writing AIR). Really hard if we do not an implementation of our primitives. implementation time: 6-8 months (might be higher function of what we find already implemented) ### Old compilation stack _High-level language_: VampIR _Low-level language_: Halo2 pros: * Minimal work for the standpoint of cryptography engineering (reuse work done on Taiga) cons: * the Juvix-VampIR zkVM is not competitive implementation time: 1-2 months ### EVM compatibility (Scroll) _High-level language_: Solidity _low-level language_: Halo2 pros: * Massive community of developer we can leverage cons: * Even if the low-level language is Halo2, it is done using different curves and commitment scheme (KZG instead of IPA) implementation time: 6-8 months ---- ### Considerations on function privacy To achieve function privacy we need to have a back-end system that implements recursion. We can implement recursion both on Halo2 and on a STARK prover, if the source code is open source. To implement recursion on a STARK prover might be easier.