# PSE Spartan-WHIR Latest progress in transparent SNARKs improved their performance enough so they can be considered as an option for end-user applications that run on commodity hardware. However, there currently is a gap between the application developer skillset and the requirements to use the implementations of these SOTA schemes. Lowering this entry-level barrier and removing trusted setup requirements can make the development of zero-knowledge applications simpler, boosting the explorations on new privacy related applications. ## Background | CSP ZKP Stack | Needs setup? | Is PQ-Secure? | Is verifiable on-chain? | DevEx | | -------------- | ------------ | ------------- | ----------------------- | ----- | | Circom/Groth16 | Yes, trusted | No | Yes | 🙂 | | Halo2 | Yes, universal | No | Yes | 😱 | | Noir/BB | Yes, universal | No | Yes | 🙂 | | **Spartan+WHIR** | **No** | **Yes** | **Yes** | 🙂 | Trusted setups are currently a barrier to enable local proving for low-bandwidth and limited storage environtments like smartphones. Current options to develop applications that don't need trusted setups are: - zkVMs (SP1, powdr) - Rust-based toolkits (Plonky2/3, Stwo) The first group of solutions is out of reach for CSP [according to our benchmarks](https://hackmd.io/eVHUX5tuSAqAqQb5i-8YHA) due to substantial RAM requirements. The second group also has high RAM requirements, doesn't have a developer experience focus and targets users who are cryptography engineers, requiring studying specific APIs. Enabling transparent SNARKs development with more widely adopted frontend languages like Circom or friendlier like Noir. ## Goal The primary goal of this project is to create an accessible (dev-friendly), robust, and community-maintained client-side proving library that offers simultaneous transparency (eliminating trusted setups), post-quantum security, and Ethereum-compatible onchain verification. ## Objectives ### Core objectives - Direct support for Circom R1CS for backwards compatibility with all existing Circom code - On-chain verification gas benchmarks - RAM and prover time benchmarks against other CSP projects, building on our previous work ### Secondary Objectives - Developer CLI for Noir and Circom conversion and compilation - Templated verifier smart contract generator in the CLI - ***mopro*** integration ## Scope - Benchmarking against existing popular client-side proof schemes (Groth16 and Noir/BB) ### Out of scope - nn ## Milestones **Milestone 1**: - RAM and prover time benchmarks against other CSP projects, building on our previous work - Direct support for Circom R1CS for backwards compatibility with all existing Circom code - Expected Delivery date: **Milestone 2**: - Developer CLI for Noir and Circom conversion and compilation - On-chain verification gas benchmarks - Expected Delivery date: **Milestone 3**: - Templated verifier smart contract generator in the CLI - ***mopro*** integration - Expected Delivery date: ## Why Now? - ***CSP will inevitably benchmark Spartan-WHIR for the "Quarterly Report on the State of CSP"*** - There is demand for WHIR (World's ProveKit, Ceno) - There is demand for client-side proving - There is demand for post-quantum proof schemes - The new popular proof stacks like Noir/BB are suffering from old shortcomings (still needs setup, still not PQ-secure) ## Why PSE? - Transitions a valuable solution from proprietary, limited-circuit implementations controlled by a profit-driven entity to an open, community-driven resource. - PSE has implemented the [WHIR on-chain verifier](https://ethresear.ch/t/on-the-gas-efficiency-of-the-whir-polynomial-commitment-scheme/21301) and is in touch with WHIR authors - PSE heavily relies on legacy (7+ years old) stacks like Circom/Groth16 for various projects. For example, ***mopro*** has traditionally promoted Circom/Groth16 at hackathons and only recently has started switching to Noir ## Resources and Team Structure ### Team Members - Alex Kuzmin (lead, 50% allocation) - Brechy (100% allocation) ### External Collaboration - ***mopro*** helps to popularize the solution promoting it at hackathons/workshops ### Resource Requirements - None ## Evaluation Criteria ### Success Metrics - Spartan-WHIR having acceptable RAM footprint for "80%" of the popular client-side proving circuits (Anon Aadhaar, zkEmail, hashing) - Spartan-WHIR being feasible to verify on-chain for "80%" of the said circuits - Spartan-WHIR prover time beating "80%" of the popular client-side proof schemes - Spartan-WHIR gaining adoption by the ecosystem ## Appendices * https://ethresear.ch/t/on-the-gas-efficiency-of-the-whir-polynomial-commitment-scheme/21301 * https://github.com/privacy-scaling-explorations/sol-whir * https://github.com/worldfnd/ProveKit ## References