changed a year ago
Linked with GitHub

Mopro: Client-side proving on mobile made easy

@oskarth, ZK Summit 2024

TLDR

  1. We want to make proofs on mobile
  2. Mopro is a toolkit for ZK app dev on mobile
  3. Let's make ZKPs on mobile great together

PART 1

We want to make proofs on mobile

Why client-side proving?

Let's put the "Zero Knowledge" back in ZK.

Note:
A lot of focus on ZK for succinctness in L2 context,
Not enough for many apps where you want privacy or interop.
Let's look at examples

Zupass: Crypto-native identity

kotor-2048x1365

Note:
ZK identity solution: has to be mobile, 95% usage
Zuzalu last year, Devconnect and more this year
Allowed you to catch frogs (ECDSA signatures), need mobile

Aadhaar: Real-world identity

image

Note:
Anon-Aadhaar project to do ZK on this
Take traditional ID thing and permissionlessly use
RSA verification in PDF
Selective disclosure, Gitcoin Passport/PoH
Other similar solutions, proof of passport EU, japan etc
This is a lot more complex in terms of circuits

More examples

zkprivate

Note:
Outside of ZK-Identity, a big one is fungible money
Bitcoin origin, make like cash, private txs
Private finances more generally
Also private social networks
And ZK-ML projects use priv data photos, hackathon
User wants to generate proof on their phone

Client-side proving

  • Secure: User generates claims
  • Fast: Good performance for big circuits
  • Friendly: Easy to use and robust

Note:
What properties we want?
Trust-minimized and secure, user gen proof
Fast: ECDSA/RSA ~1m constraints, much bigger than Semaphore, good UX
Helps with large anonymity sets
Should just work incl on all devices (accessible)
easy, good devex

Browser vs native

  • Security: OS-level security
  • Performance: Native performance
  • Affordances: Better integration with phone
  • Trade-off: Complex to develop and distribute

Note:
When I say mobile, I don’t just mean browsers
Why bother?
OS-level security (secure storage, biometric auth); Isolation - important for secrets like real-world id! Not webview
Native perf; multi threading, GPU; can get on browser but limited
Better integration with camera/sensors/secure enclave/push notif; more native and fluent experience
Tradeoff: no need app ok; poss censorship; platform specific; complex to develop app, esp ZK
Leads us to mopro

PART 2

mopro is a toolkit for ZK app dev on mobile

What is mopro?

  • Toolkit: set of libraries and utils
  • Goals
    • Modularity
    • Developer-friendly
    • Performance
    • Multi-platform
  • Foundry for ZK app dev

Note:
Modularity - easy to add proof systems
Dev friendly fast to get started
Fast proving
Works on many platforms

mopro-cli 1-2-3

# Create a Circom project with iOS and Android support
mopro init --platforms ios, android

# Prepare circuit and artifacts
mopro prepare

# Build for iOS
mopro build --platforms ios

# Also options for testing, exporting bindings, etc

Note:
New, main interface point
Get started in under 5m

Example project

> tree -L 1
.
├── README.md
├── android              # Android project
├── core                 # Circom circuits, Rust wrapper
├── ios                  # iOS project
├── mopro-config.toml    # Project config
├── ptau
└── target

mopro-config.toml

[build]
ios_device_type = "device" # x86_64, simulator, device
android_device_type = "arm64" # x86_64, x86, arm, arm64
build_mode = "release" # debug, release (recommended)

[circuit]
dir = "core/circuits/keccak256"
name = "keccak256_256_test"
ptau = "19"

[dylib]
use_dylib = true   # true, false
name = "keccak256" # Name of the dylib file

Note:
Specify relevant options

Example app (XCode)

image

Note:
Generate some example app with basic proving/verifying
We'll look at more examples later

Architecture

image

Note:
We can think of this flow as multiple layers
Starting with the user, then app, tooling, then towards proving systems and computer science
Let's zoom in
(Skip this slide?)

Architecture

image

Note:
The key idea is separation of concerns, modularity
A user has no brain, they just want to use an app
Circuit dev only cares circuit, and likewise app dev
A lot of things going on: Circom circuits, mopro-core, circom-compat, arkworks, mopro modules, UniFFI bindings, Swift library, iOS app
We take a slice of one thing at each layer (proof system, platform)
How do all of these things fit together?

Circom

Most widely used DSL for client-side proving

keccak

Note:
mopro prepare, compile, run trusted setup, gen arkzkey
Bring your own circuit setup

mopro-core

  • Core Rust library with multiple adapters
    • Starting with Circom, easy to add more
    • API for init/prove/verify, serialization etc
  • Circom: Use circom-compat to load circuit
    • Witness gen native or via wasmer
    • Proving done natively with ark-groth16

Note:
Trivial to add new adapters, WIP
.wasm/dylib for witness calc with wasmer, arkzkey
wt

mopro-ffi

  • FFI: Talking across language barriers
  • Bridge between Rust and Swift/Kotlin/Python
  • Wraps Rust API, deals with lowering/lifting
  • UniFFI to generate bindings for languages
  • Support iOS, Android, and React Native

Note:
Foreign function interface
Recently added Android
RN support separate via bridge from Yanis PSE

UniFFI

uniffi2

Note:
How do we build complex cross-platform applications?
What Firefox developed to build complex cross-platform applications
More modern version of cbindgen
Keep business logic in Rust
With native binds can make app

App (Anon-Aadhaar)

aadhaar-both

Note:
In the end you have an app like Anon-Aadhaar
Will get back to later

User

Just wants things to work

user-license-scan

Note:
Users have no brain, just want things to work
This means fast proofs, few actions etc
Create experiences that hide ZK voodoo and integrate seamlessly into app and user’s life

Zooming back out

Making life of app developer easy

image

Note:
Can only focus on so much at a time
UX, App development, Swift libraries, architectures/linking, Rust, ZK, circuits, proving systems, infra
Requires a lot of people, and doing this takes away from focusing on "business problem"
With mopro, we split this up and create tooling to allow developers to focus on their area of expertise
Details not important; make life easy

DevEx: mopro-cli 1-2-3

# Create a Circom project with iOS and Android support
mopro init --platforms ios, android

# Prepare circuit and artifacts
mopro prepare

# Build for iOS
mopro build --platforms ios

# Also options for testing, exporting bindings, etc

Note:
Write your circuit
UniFFI ibindings, can test in isolation
Xcode painful
App dev POV: No Rust/ZK, just another app
Embed Rust lib, hide complexity, linking/architecture, Cocoapods etc

Modularity

  • Platforms: Adding support for e.g. Python trivial
  • Proof systems: Adding new proof systems easy
  • Tooling: Two birds with one stone
    • FFI, serialization, linking, packaging etc
    • Rust core: Schelling point for ZKP
  • Public good: Not tied to specific business
    • Thanks PSE and 0xPARC for grant!

Note:
Modularity as a design goal; Easy to add new platforms; new proof system (wrap Rust API+expose bindings)
Rust fast, secure, flexible, developers
Not tied to some specific proof system, whatever is useful to people, agnostic

Where are we now?

  • Anon-Aadhaar v1 showcase app
    • AA: Constraints up x10 from 160k to 1.6m
    • Also Proof-Of-Passport
  • Performance
    • Understand limits of client-side proving
    • Native witness generation, arkzkey loading
  • Improve DevEx
    • mopro-cli 1-2-3
    • API, React Native support, distribution

Note:
Three main areas of focus
Proof of passport cool, also similar Myna JP
Late last year, increase complexity due to sel disc/nullifier

Client-side proving: How big can circuits be?

image

Note:
Memory biggest bottleneck, up to 4GB OK
Not gonna go into other perf details
10s witness gen, ~20s prover time, load zkey, smalelr zkey arkzkey
Other proof systems and techniques
Next part coming up

PART 3

Let's make ZK on mobile great together

You are nobody

g0v

Contribute

  • Try it out and provide feedback
    • Write ZK apps in it, easy with mopro-cli
  • Community project
    • More platforms
    • More proof systems
    • Performance improvements
    • Docs, API,
  • ZK grants available

Note:
ZK-ML hackathon Oxford Confidenti used
GH user or TG
Foundry for ZK

Contribute (cont)

  • Platforms: React Native, Web?
  • Proof systems: Halo2, Noir,
  • Performance: Native witness gen, GPU

Note:
RN integrate better, desktop/web
Proof systems Kimchi PoC wknd
Halo2/Noir, some interest, Nova, VOLE, binius?
Perf: Native wtns gen, GPU grant WIP, load zkey
Also docs/API

Contributors etc

  • Downstream, upstream and main
  • 0xPARC/PSE, Vivian, Yanis, Moven/Foodchain, Phil/Remco, Aaryamann/Vac, Florent,
  • You?

Note:
Everything from upstream deps, main contributions and downstream

Recap

  1. We want to make proofs on mobile
  2. Mopro is a toolkit for ZK app dev on mobile
  3. Let's make ZKPs on mobile great together

The future is ZK.

The future is mobile.

The future is now.

Thank you

Note:
Qs?

Performance notes

  • Keccak256 (150k constraints): 1.5s
    • ~x10 faster vs comparable circuit in browser
  • Anon-Aadhar 1.6m
    • 10s witness gen (wasm), 20s prover time
    • arkzkey load slow (~1.5m)
    • arkzkey size ~500mb (50% smaller)
  • Bottlenecks: memory, loading zkey, and wasm witness generation
Select a repo