# Action Plan for 1st Phase of Benchmarks ## Work scope We would benchmark 3 main categories, necessary for zkID project. 1. Hashing We would benchmark 3 popular hash functions - Keccak(256), SHA256 and Poseidon2. Also, we would set the input data as variance - 512bytes, 1kB, 2kB, 4kB and 8kB of random string. The reason behind variant input data is that we want to obtain the data necessary for client side proving, e.g., what is maximal input for hash function proving in mobile device/web browser. - Keccak(256) - [groth16/circom](https://github.com/Electron-Labs/keccak-circom) or [this one](https://github.com/vocdoni/keccak256-circom) - [binius(wasm)](https://github.com/Divide-By-0/wasm-binius) - [STWO(cairo-lang)](https://github.com/starkware-libs/cairo-lang/blob/master/src/starkware/cairo/common/keccak.cairo) - [expander-keccak](https://proofarena.org/problems/2) or [official example](https://github.com/PolyhedraZK/ExpanderCompilerCollection/blob/master/expander_compiler/tests/keccak_gf2_full.rs) - [gnark-keccak](https://proofarena.org/problems/2) - [pcbin-plonky3-keccak](https://proofarena.org/problems/2) or [official example](https://github.com/Plonky3/Plonky3/tree/main/keccak) - Poseidon2 - [plonky3(Mersenne 31) prover](https://proofarena.org/problems/4) - [STWO(Mersenne 31) prover](https://proofarena.org/problems/4) - SHA256 - Spartan-WHIR - GKR-WHIR(Ceno) 2. Signature schemes We would cover the current popular signature schemes - ECDSA, EdDSA and RSA. - ECDSA - [circom](https://github.com/0xPARC/circom-ecdsa) - [spartan](https://github.com/personaelabs/spartan-ecdsa) - [noir](https://github.com/worldfnd/ProveKit/tree/main/noir-examples/p256_std) - [ecdsa-pop(spartan)](https://github.com/microsoft/crescent-credentials/tree/main/ecdsa-pop) - [rarimo(circom)](https://github.com/rarimo/passport-zk-circuits/tree/main/circuits/ecdsa/secp256r1) - EdDSA - [gnark official example](https://docs.gnark.consensys.io/Tutorials/eddsa) - [circom Ed25519](https://github.com/Electron-Labs/ed25519-circom) - RSA - [circom-rsa-verify](https://github.com/zkp-application/circom-rsa-verify) - [halo2-rsa](https://hackmd.io/@SoraSuegami/By0JRu7zi) - [rarimo(circom)](https://github.com/rarimo/passport-zk-circuits/tree/main/circuits/rsa) 3. Data Parsing We target 1 scheme for this category - JWT parsing. - JWT parse - [zk-blind(circom/snarkjs)](https://github.com/emmaguo13/zk-blind) - [zkjson(circom)](https://github.com/weavedb/zkjson) ## ETA We estimate we can complete the benchmarking in 6 weeks. In the first 4 weeks, we'll try to cover the circuits/schemes and proving systems which are specified in the work scope. In the next 2 weeks, we would add the benchmarks of extra proving systems that we think are important. ## Output - Report similar to zkID-benchmark one - Github repo containing all benchmarking codes ## Spec of machine for benchmarking We would do the benchmarking on ordinary machine(laptop or cloud machine), with simulation of low resource(e.g. 4gb RAM like mobile device/wasm). We believe benchmarking on ordinary device is enough for the 1st phase. The reasons are: - it would create huge overhead if we want to do benchmarking on mobile device - the main goal is to get the comprehensive view of existing systems, not accurate numbers ## Reference ### Existing benchmarks/circuits - keccak256 - [zkmopro](https://zkmopro.org/docs/performance/): Circom, Halo2, Noir - [proof arena](https://proofarena.org/problems/2): expander, halo2, gnark, plonky3 - NOTE: Proof arena has own rules which do not meet our goal - 2kB input data. - Poseidon2 - [proof arena](https://proofarena.org/problems/4): Plonky3, STWO - NOTE: Proof arena has own rules which do not meet our goal - 2kB input data. - ECDSA(verify) - [circom-ecdsa](https://github.com/0xPARC/circom-ecdsa): circom - [efficient-zk-ecdsa](https://github.com/personaelabs/efficient-zk-ecdsa): circom - [spartan-ecdsa](https://github.com/personaelabs/spartan-ecdsa): spartan - [Benchmarking ZK-Circuits in Circom(paper)](https://eprint.iacr.org/2023/681.pdf) - [efficient-secp256r1](https://github.com/myBraavos/efficient-secp256r1): cairo - NOTE: This code needs starkware runtime. - RSA - [zk-kyc(circom)](https://github.com/novus677/zk-kyc/blob/main/circuits/helpers/rsa.circom) - JSON or JWT parsing - [zkLogin](https://arxiv.org/html/2401.11735v2) -