Targets:
List below is not ordered in any manner such as priority or difficulty
Target: RU, VP
Currently linearization technique is not implemented in halo2. So it is required to to send all even fixed column evaluations to the prover. In order to reduce size of proof as well as verifier group operations. This can be done with two ways. We can customize prover after our circuits are finalized. And second is we can implement auto linearisation that would work with all any circuit.
Target: RU, VP
For VP Why it is better to have pairing based proof system where we can use halo2 as is?
For RU: BLS12 support will even eventually arrive at EVM and we will probably have cheaper group and pairing operaitions than we have with BN256. However until then we are good with BN256.
https://hackmd.io/@tompocock/shplonk
https://zcash.github.io/halo2/design/proving-system/multipoint-opening.html
Target: RU, VP
For RU: In BN setting we try to avoid G2 operations so batch opening technique that takes place in plonk paper is probably the best. But there is a cool trick to validate G2 operations using pairing and G1 add and mul precompiles. We should calculate the trade off between adding few pairing terms and g1 operations to use Z(X) and multiopening without G2 operations.
Target: RU
Target: RU
After we our state and execution circuits are finalized we need to implement EVM verifier under KZG and BN254 setup. This would be probably much more specialized verifier than generic one in halo2 library.
Target: VP
Explain why?
Target: VP, RU
We have added KZG multiopen to halo2 library that currently only supports BN256 curve.
https://github.com/kilic/halo2/tree/kzg
It needs to be merged with new updates in halo2 library.
Target: VP, RU
I have just made up the term semi-recursive that defines a system where we verify some part of proof in a circuit and defer pairing out of the circuit to L1 for example. I think this is what aztec applies in their proof system.
Also Stark verifier approach is intoruced by Hermez https://youtu.be/17d5DG6L2nw?t=1764
If applied, we can reconsider Z(X) Based Multiopen Strategy for RU since G2 ops are moved to the circuit.
Figure out how to feed public inputs in verifier side.
There are two ways:
First is the how it is done in halo2 library:
Prover:
Verifier:
This is efficient in recursion context (I think only for two layer) to avoid hashing many things in the circuit
And second way is closer to the plonk paper:
Prover:
Verifier:
For second method see experimental PR in halo2 repo and see how to calculate public input evals with halo2 tooling.
This is efficient when we want to avoid group operations in verifier side
or
or
By clicking below, you agree to our terms of service.
Sign in with Wallet
New to HackMD? Sign up
| Syntax | Example | Reference | |
|---|---|---|---|
| # Header | Header | 基本排版 | |
| - Unordered List |
|
||
| 1. Ordered List |
|
||
| - [ ] Todo List |
|
||
| > Blockquote | Blockquote |
||
| **Bold font** | Bold font | ||
| *Italics font* | Italics font | ||
| ~~Strikethrough~~ | |||
| 19^th^ | 19th | ||
| H~2~O | H2O | ||
| ++Inserted text++ | Inserted text | ||
| ==Marked text== | Marked text | ||
| [link text](https:// "title") | Link | ||
|  | Image | ||
| `Code` | Code |
在筆記中貼入程式碼 | |
| ```javascript var i = 0; ``` |
|
||
| :smile: |  |
Emoji list | |
| {%youtube youtube_id %} | Externals | ||
| $L^aT_eX$ | LaTeX | ||
| :::info This is a alert area. ::: |
This is a alert area. |
On a scale of 0-10, how likely is it that you would recommend HackMD to your friends, family or business associates?
Please give us some advice and help us improve HackMD.
Syncing
-
Any changes
Be notified of any changes
-
Mention me
Be notified of mention me
-
Unsubscribe
Subscribe